From 2e8171d84c8edbd1620a8578eb7ebb57ab91791d Mon Sep 17 00:00:00 2001 From: Arne Huang <9079232+arnehuang@users.noreply.github.com> Date: Sat, 9 May 2026 09:56:36 -0700 Subject: [PATCH] Pin actions/checkout to a commit SHA Follow-up to #838: actions/checkout was the only third-party action left on a mutable ref (@master). Pin it to v6.0.2's commit SHA, matching the pattern used for docker/setup-qemu-action, docker/setup-buildx-action, and docker/login-action. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/ci.yml | 2 +- .github/workflows/release-dev-version.yml | 2 +- .github/workflows/release-productive-version.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ba197bc..de8aa19 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-24.04 needs: setup steps: - - uses: actions/checkout@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.ref }} - name: Login to Docker Hub diff --git a/.github/workflows/release-dev-version.yml b/.github/workflows/release-dev-version.yml index b2d59cd..82787cc 100644 --- a/.github/workflows/release-dev-version.yml +++ b/.github/workflows/release-dev-version.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-24.04 needs: setup steps: - - uses: actions/checkout@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.ref }} - name: Login to Docker Hub diff --git a/.github/workflows/release-productive-version.yml b/.github/workflows/release-productive-version.yml index dc0a491..800b751 100644 --- a/.github/workflows/release-productive-version.yml +++ b/.github/workflows/release-productive-version.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-24.04 needs: setup steps: - - uses: actions/checkout@master + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.ref }} - name: Login to Docker Hub