Marketplace for trusted AI agent skills

Pin CI workflow actions and images with Ratchet

Skill Detail

Pin CI workflow actions and images with Ratchet

Audit and rewrite CI/CD workflow references so agents can pin mutable actions, containers, and images to immutable versions before changes land.

Security & VerificationMulti-Framework
Security & Verification Multi-Framework Security Reviewed
⭐ 928 GitHub stars
INSTALL WITH ANY AGENT
npx skills add agentskillexchange/skills --skill pin-ci-workflow-actions-and-images-with-ratchet Copy
Works best when you want a reusable capability, not another fragile one-off prompt.
View source
At a glance
Tools required
Ratchet CLI; repository CI YAML files; optional GITHUB_TOKEN for private GitHub resolution
Install & setup
Install with Homebrew (`brew install ratchet`), download a release binary, run the container image, use Nix, or install with `go install github.com/sethvargo/ratchet@latest`; then run `ratchet lint`, `ratchet pin`, `ratchet update`, or `ratchet upgrade` against workflow YAML.
Author
Seth Vargo
Publisher
Open Source
Last updated
May 2, 2026
Quick brief

Use this skill when an agent or release operator needs to harden CI configuration against supply-chain drift. The workflow is to run Ratchet against GitHub Actions, GitLab CI, CircleCI, Cloud Build, Drone, or Tekton YAML; inspect lint findings for mutable references; pin actions/images to immutable commits or digests; and update or unpin intentionally when maintaining the workflow. Invoke it during CI security review, repository onboarding, dependency hardening, or automated pull-request cleanup rather than manually editing workflow YAML. Scope boundary: this is not a generic CI tool listing; the skill is the concrete audit/pin/update loop for immutable CI references with reviewable file diffs.