pin github actions to a sha

GrantBirki · GrantBirki · commit 9eaa4d985cae · 2022-06-07T10:34:01.000-06:00
diff --git a/.github/workflows/acceptance.yml b/.github/workflows/acceptance.yml
@@ -17,7 +17,7 @@ jobs:
       has_change: ${{ steps.diff.outputs.has_change}}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
 
       - id: fetch-base
         if: github.event_name == 'pull_request'
@@ -45,7 +45,7 @@ jobs:
 
             # If the diff file is not empty, it has changes.
             [ -s diff.txt ] && echo "::set-output name=has_change::true" || echo "::set-output name=has_change::false"
-  
+
       - name: set has_change to true for push to main/master
         if: github.event_name == 'push'
         run: echo "::set-output name=has_change::true"
@@ -67,11 +67,11 @@ jobs:
 
       - name: Check out code
         if: ${{ needs.changes.outputs.has_change == 'true' }}
-        uses: actions/checkout@v2
+        uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
 
       # Use Docker layer caching for 'docker build' and 'docker-compose build' commands.
       # https://github.com/satackey/action-docker-layer-caching/releases/tag/v0.0.11
-      - uses: satackey/action-docker-layer-caching@46d2c640b1d8ef50d185452ad6fb324e6bd1d052
+      - uses: satackey/action-docker-layer-caching@46d2c640b1d8ef50d185452ad6fb324e6bd1d052 # pin@46d2c640b1d8ef50d185452ad6fb324e6bd1d052
         if: ${{ needs.changes.outputs.has_change == 'true' }}
         continue-on-error: true
 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -24,17 +24,17 @@ jobs:
         language: [ 'ruby' ]
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
+      - name: Checkout repository
+        uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # pin@v2
+        with:
+          languages: ${{ matrix.language }}
 
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # pin@v2
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # pin@v2
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -15,9 +15,9 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
 
-      - uses: ruby/setup-ruby@v1.110.0
+      - uses: ruby/setup-ruby@8029ebd6e5bd8f4e0d6f7623ea76a01ec5b1010d # pin@v1.110.0
         with:
           ruby-version: 2.7.5
           bundler-cache: true
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -15,9 +15,9 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2
 
-      - uses: ruby/setup-ruby@v1.110.0
+      - uses: ruby/setup-ruby@8029ebd6e5bd8f4e0d6f7623ea76a01ec5b1010d # pin@v1.110.0
         with:
           ruby-version: 2.7.5
           bundler-cache: true
