From cbe93cfa630baf57cdd216eabd9eb86ea10cdd86 Mon Sep 17 00:00:00 2001
From: Garrett Beatty <gcbeatty@amazon.com>
Date: Fri, 4 Apr 2025 13:02:25 -0400
Subject: [PATCH 1/2] Update GitHub Actions

---
 .github/workflows/aws-ci.yml                   |  4 ++--
 .github/workflows/change-file-in-pr.yml        |  2 +-
 .github/workflows/closed-issue-message.yml     |  2 +-
 .github/workflows/create-release-pr.yml        |  8 ++++----
 .github/workflows/handle-stale-discussions.yml |  2 +-
 .github/workflows/issue-regression-labeler.yml |  2 +-
 .github/workflows/stale_issues.yml             |  2 +-
 .github/workflows/sync-main-dev.yml            | 12 ++++++------
 8 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/aws-ci.yml b/.github/workflows/aws-ci.yml
index 05bc99c..99b84b6 100644
--- a/.github/workflows/aws-ci.yml
+++ b/.github/workflows/aws-ci.yml
@@ -36,11 +36,11 @@ jobs:
           aws-region: us-west-2
       - name: Run Tests on AWS
         id: codebuild
-        uses: aws-actions/aws-codebuild-run-build@v1
+        uses: aws-actions/aws-codebuild-run-build@4d15a47425739ac2296ba5e7eee3bdd4bfbdd767 #v1.0.18
         with:
           project-name: ${{ secrets.CI_TESTING_CODE_BUILD_PROJECT_NAME }}
       - name: CodeBuild Link
         shell: pwsh
         run: |
           $buildId = "${{ steps.codebuild.outputs.aws-build-id }}"
-          echo $buildId
\ No newline at end of file
+          echo $buildId
diff --git a/.github/workflows/change-file-in-pr.yml b/.github/workflows/change-file-in-pr.yml
index 25839d6..43d1f29 100644
--- a/.github/workflows/change-file-in-pr.yml
+++ b/.github/workflows/change-file-in-pr.yml
@@ -12,7 +12,7 @@ jobs:
 
     steps:
       - name: Checkout PR code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 #v3.6.0
 
       - name: Get List of Changed Files
         id: changed-files
diff --git a/.github/workflows/closed-issue-message.yml b/.github/workflows/closed-issue-message.yml
index 3340afb..57f3f35 100644
--- a/.github/workflows/closed-issue-message.yml
+++ b/.github/workflows/closed-issue-message.yml
@@ -6,7 +6,7 @@ jobs:
     auto_comment:
         runs-on: ubuntu-latest
         steps:
-        - uses: aws-actions/closed-issue-message@v1
+        - uses: aws-actions/closed-issue-message@3f5beaaa9f8095897f6d11d1b2e0234dda310ebf #unknown-version
           with:
             # These inputs are both required
             repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml
index a843c59..c0b24a6 100644
--- a/.github/workflows/create-release-pr.yml
+++ b/.github/workflows/create-release-pr.yml
@@ -31,20 +31,20 @@ jobs:
           aws-region: us-west-2
       # Retrieve the Access Token from Secrets Manager
       - name: Retrieve secret from AWS Secrets Manager
-        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        uses: aws-actions/aws-secretsmanager-get-secrets@b059cd8b8897a9774d09b043dea953a08bf740ea #unknown-version
         with:
           secret-ids: |
             AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }}
           parse-json-secrets: true
       # Checkout a full clone of the repo
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
         with:
           fetch-depth: '0'
           token: ${{ env.AWS_SECRET_TOKEN }}
       # Install .NET8 which is needed for AutoVer
       - name: Setup .NET 8.0
-        uses: actions/setup-dotnet@v4
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 #v4.3.1
         with:
           dotnet-version: 8.0.x
       # Install AutoVer to automate versioning and changelog creation
@@ -98,4 +98,4 @@ jobs:
         run: |
           pr_url="$(gh pr create --title "${{ steps.read-release-name.outputs.VERSION }}" --body "${{ steps.read-changelog.outputs.CHANGELOG }}" --base v4sdk-development --head ${{ steps.create-release-branch.outputs.BRANCH }})"
           gh label create "Release PR" --description "A Release PR that includes versioning and changelog changes" -c "#FF0000" -f
-          gh pr edit $pr_url --add-label "Release PR"
\ No newline at end of file
+          gh pr edit $pr_url --add-label "Release PR"
diff --git a/.github/workflows/handle-stale-discussions.yml b/.github/workflows/handle-stale-discussions.yml
index 8b5bcb1..bfa00bd 100644
--- a/.github/workflows/handle-stale-discussions.yml
+++ b/.github/workflows/handle-stale-discussions.yml
@@ -13,6 +13,6 @@ jobs:
       discussions: write
     steps:
       - name: Stale discussions action
-        uses: aws-github-ops/handle-stale-discussions@v1
+        uses: aws-github-ops/handle-stale-discussions@711a9813957be17629fc6933afcd8bd132c57254 #v1.6
         env:
           GITHUB_TOKEN:  ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/issue-regression-labeler.yml b/.github/workflows/issue-regression-labeler.yml
index bd00071..5dfa730 100644
--- a/.github/workflows/issue-regression-labeler.yml
+++ b/.github/workflows/issue-regression-labeler.yml
@@ -11,7 +11,7 @@ jobs:
     steps:
     - name: Fetch template body
       id: check_regression
-      uses: actions/github-script@v7
+      uses: actions/github-script@5c56fde4671bc2d3592fb0f2c5b5bab9ddae03b1 #unknown-version
       env: 
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         TEMPLATE_BODY: ${{ github.event.issue.body }}
diff --git a/.github/workflows/stale_issues.yml b/.github/workflows/stale_issues.yml
index 76ef673..df5640e 100644
--- a/.github/workflows/stale_issues.yml
+++ b/.github/workflows/stale_issues.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Stale issue job
     steps:
-    - uses: aws-actions/stale-issue-cleanup@v6
+    - uses: aws-actions/stale-issue-cleanup@2790509321bec5e987679ec8d4a021aa2cca0ca1 #unknown-version
       with:
         # Setting messages to an empty string will cause the automation to skip
         # that category
diff --git a/.github/workflows/sync-main-dev.yml b/.github/workflows/sync-main-dev.yml
index 01b054d..396d561 100644
--- a/.github/workflows/sync-main-dev.yml
+++ b/.github/workflows/sync-main-dev.yml
@@ -32,21 +32,21 @@ jobs:
           aws-region: us-west-2
       # Retrieve the Access Token from Secrets Manager
       - name: Retrieve secret from AWS Secrets Manager
-        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        uses: aws-actions/aws-secretsmanager-get-secrets@b059cd8b8897a9774d09b043dea953a08bf740ea #unknown-version
         with:
           secret-ids: |
             AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }}
           parse-json-secrets: true
       # Checkout a full clone of the repo
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
         with:
           ref: v4sdk-development
           fetch-depth: 0
           token: ${{ env.AWS_SECRET_TOKEN }}
       # Install .NET8 which is needed for AutoVer
       - name: Setup .NET 8.0
-        uses: actions/setup-dotnet@v4
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 #v4.3.1
         with:
           dotnet-version: 8.0.x
       # Install AutoVer which is needed to retrieve information about the current release.
@@ -106,13 +106,13 @@ jobs:
     steps:
       # Checkout a full clone of the repo
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
         with:
           ref: releases/next-release
           fetch-depth: 0
       # Install .NET8 which is needed for AutoVer
       - name: Setup .NET 8.0
-        uses: actions/setup-dotnet@v4
+        uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 #v4.3.1
         with:
           dotnet-version: 8.0.x
       # Install AutoVer which is needed to retrieve information about the current release.
@@ -134,4 +134,4 @@ jobs:
         run: |
           git fetch origin
           git push --delete origin ${{ steps.read-tag-name.outputs.TAG }}
-          git push origin --delete releases/next-release
\ No newline at end of file
+          git push origin --delete releases/next-release

From 4de4591582720bf1d4019ad67058ef0184eb4e4c Mon Sep 17 00:00:00 2001
From: Garrett Beatty <gcbeatty@amazon.com>
Date: Fri, 4 Apr 2025 13:08:14 -0400
Subject: [PATCH 2/2] Update GitHub Actions

---
 .github/workflows/closed-issue-message.yml     | 2 +-
 .github/workflows/create-release-pr.yml        | 2 +-
 .github/workflows/issue-regression-labeler.yml | 2 +-
 .github/workflows/stale_issues.yml             | 2 +-
 .github/workflows/sync-main-dev.yml            | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/closed-issue-message.yml b/.github/workflows/closed-issue-message.yml
index 57f3f35..1f28d85 100644
--- a/.github/workflows/closed-issue-message.yml
+++ b/.github/workflows/closed-issue-message.yml
@@ -6,7 +6,7 @@ jobs:
     auto_comment:
         runs-on: ubuntu-latest
         steps:
-        - uses: aws-actions/closed-issue-message@3f5beaaa9f8095897f6d11d1b2e0234dda310ebf #unknown-version
+        - uses: aws-actions/closed-issue-message@10aaf6366131b673a7c8b7742f8b3849f1d44f18 #v2
           with:
             # These inputs are both required
             repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml
index c0b24a6..db05a23 100644
--- a/.github/workflows/create-release-pr.yml
+++ b/.github/workflows/create-release-pr.yml
@@ -31,7 +31,7 @@ jobs:
           aws-region: us-west-2
       # Retrieve the Access Token from Secrets Manager
       - name: Retrieve secret from AWS Secrets Manager
-        uses: aws-actions/aws-secretsmanager-get-secrets@b059cd8b8897a9774d09b043dea953a08bf740ea #unknown-version
+        uses: aws-actions/aws-secretsmanager-get-secrets@fbd65ea98e018858715f591f03b251f02b2316cb #v2.0.8
         with:
           secret-ids: |
             AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }}
diff --git a/.github/workflows/issue-regression-labeler.yml b/.github/workflows/issue-regression-labeler.yml
index 5dfa730..3a9d029 100644
--- a/.github/workflows/issue-regression-labeler.yml
+++ b/.github/workflows/issue-regression-labeler.yml
@@ -11,7 +11,7 @@ jobs:
     steps:
     - name: Fetch template body
       id: check_regression
-      uses: actions/github-script@5c56fde4671bc2d3592fb0f2c5b5bab9ddae03b1 #unknown-version
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #v7.0.1
       env: 
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         TEMPLATE_BODY: ${{ github.event.issue.body }}
diff --git a/.github/workflows/stale_issues.yml b/.github/workflows/stale_issues.yml
index df5640e..053188e 100644
--- a/.github/workflows/stale_issues.yml
+++ b/.github/workflows/stale_issues.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Stale issue job
     steps:
-    - uses: aws-actions/stale-issue-cleanup@2790509321bec5e987679ec8d4a021aa2cca0ca1 #unknown-version
+    - uses: aws-actions/stale-issue-cleanup@5650b49bcd757a078f6ca06c373d7807b773f9bc #v7.1.0
       with:
         # Setting messages to an empty string will cause the automation to skip
         # that category
diff --git a/.github/workflows/sync-main-dev.yml b/.github/workflows/sync-main-dev.yml
index 396d561..47298de 100644
--- a/.github/workflows/sync-main-dev.yml
+++ b/.github/workflows/sync-main-dev.yml
@@ -32,7 +32,7 @@ jobs:
           aws-region: us-west-2
       # Retrieve the Access Token from Secrets Manager
       - name: Retrieve secret from AWS Secrets Manager
-        uses: aws-actions/aws-secretsmanager-get-secrets@b059cd8b8897a9774d09b043dea953a08bf740ea #unknown-version
+        uses: aws-actions/aws-secretsmanager-get-secrets@fbd65ea98e018858715f591f03b251f02b2316cb #v2.0.8
         with:
           secret-ids: |
             AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }}