Auditor API SDK: SHA Pinning workflow file (#2)

dangitschris · web-flow · commit 6e1face11406 · 2025-03-24T10:58:21.000-07:00
SHA pinning is a way to declare that a certain package is only
accessible for a given commit in the package.

This is to prevent attacks -- for example, a malicious actor could
poison Github and push a bad commit. SHA pinning will pin up to a
version that I've vetted with security.

We have updated our allow list to enable the SHA pinned version but not
the version tagged one so this PR updated that. Once this PR is merged,
then I can start generating packages.
diff --git a/.github/workflows/sdk_generation.yaml b/.github/workflows/sdk_generation.yaml
@@ -19,7 +19,7 @@ permissions:
     - cron: 0 0 * * *
 jobs:
   generate:
-    uses: speakeasy-api/sdk-generation-action/.github/workflows/workflow-executor.yaml@v15
+    uses: speakeasy-api/sdk-generation-action/.github/workflows/workflow-executor.yaml@0cbe94f2ca2c60bde9001577e565644e1c90d4a6
     with:
       force: ${{ github.event.inputs.force }}
       mode: pr
diff --git a/.github/workflows/sdk_publish.yaml b/.github/workflows/sdk_publish.yaml
@@ -14,7 +14,7 @@ permissions:
   workflow_dispatch: {}
 jobs:
   publish:
-    uses: speakeasy-api/sdk-generation-action/.github/workflows/sdk-publish.yaml@v15
+    uses: speakeasy-api/sdk-generation-action/.github/workflows/sdk-publish.yaml@0cbe94f2ca2c60bde9001577e565644e1c90d4a6
     with:
       target: vanta
     secrets:
