ci(gh): Pin action to a hash

Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2026-02-20 00:12:30 -05:00 · 2025-05-23 09:43:37 +02:00 · 2025-05-23 09:43:37 +02:00 · 505d63363c
commit 505d63363c
parent 8b92f695b7
3 changed files with 5 additions and 5 deletions
--- a/.github/workflows/performance.yml
+++ b/.github/workflows/performance.yml
@ -35,7 +35,7 @@ jobs:
          ref: ${{ github.event.pull_request.base.ref }}

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
+        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
        with:
          php-version: ${{ matrix.php-versions }}
          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
@ -49,7 +49,7 @@ jobs:

          php -S localhost:8080 &
      - name: Apply blueprint
-        uses: icewind1991/blueprint@v0.1.2
+        uses: icewind1991/blueprint@00504403f76cb2a09efd0d16793575055e6f63cb # v0.1.2
        with:
          blueprint: tests/blueprints/basic.toml
          ref: ${{ github.event.pull_request.head.ref }}
@ -98,7 +98,7 @@ jobs:
            before.json
            after.json

-      - uses: actions/github-script@v7
+      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
        if: failure() && steps.compare.outcome == 'failure'
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -17,7 +17,7 @@ jobs:
      issues: write

    steps:
-    - uses: actions/stale@v9
+    - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9
      with:
        repo-token: ${{ secrets.COMMAND_BOT_PAT }}
        stale-issue-message: >
--- a/.github/workflows/static-code-analysis.yml
+++ b/.github/workflows/static-code-analysis.yml
@ -80,7 +80,7 @@ jobs:

      - name: Upload Security Analysis results to GitHub
        if: always()
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3
        with:
          sarif_file: results.sarif