Skip to content

Checksum pinning #2222

New issue
New issue
Closed
feature
#2223
Closed
Checksum pinning#2222
feature
#2223
Labels
area: includesChanges related to included taskfiles.area: remoteChanges related to remote taskfiles.
@pd93

Description

@pd93
pd93
opened on Apr 28, 2025

Description

As discussed in #1317 (comment), there is currently no way to pin checksums of included taskfiles. This issues tracks this feature request.

Pinning would allow users to ensure the contents of their Taskfiles are constant and trusted by performing a checksum hash on the file before reading it and comparing it to a given checksum in the include block of the parent Taskfile. For example:

version: '3'

includes:
  included:
    taskfile: https://taskfile.dev
    internal: true
    checksum: c153e97e0b3a998a7ed2e61064c6ddaddd0de0c525feefd6bba8569827d8efe9

tasks:
  default:
    cmds:
      - task: included:default

This example requires the Remote Taskfiles experiments to be enabled. However, this will work for local files too. In this example, we would no longer get prompted to check if we trust the contents of the file as we have already verified its contents by providing a checksum.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: includesChanges related to included taskfiles.area: remoteChanges related to remote taskfiles.

    Type

    feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions