Build/Test Tools: Pin full commit SHA for rhysd/actionlint.

desrosj · desrosj · commit a728957ae265 · 2025-03-19T12:16:28.000Z
This is a recommended best practice for hardening workflows that are utilizing 3rd party actions. Follow up to [59679]. Props johnbillion. See #62221. git-svn-id: https://develop.svn.wordpress.org/trunk@60050 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/.github/workflows/reusable-workflow-lint.yml b/.github/workflows/reusable-workflow-lint.yml
@@ -29,6 +29,6 @@ jobs:
       # actionlint is static checker for GitHub Actions workflow files.
       # See https://github.com/rhysd/actionlint.
       - name: Run actionlint
-        uses: docker://rhysd/actionlint:1.7.7
+        uses: docker://rhysd/actionlint@sha256:887a259a5a534f3c4f36cb02dca341673c6089431057242cdc931e9f133147e9 # v1.7.7
         with:
           args: "-color -verbose"
