From 8f076533c21b77147292960b362d47182731ba68 Mon Sep 17 00:00:00 2001
From: Julien Doutre <36448022+juliendoutre@users.noreply.github.com>
Date: Mon, 18 Aug 2025 13:43:56 +0200
Subject: [PATCH] Pin GitHub Actions

---
 .github/workflows/deploy-docs.yml | 6 +++---
 .github/workflows/test.yml        | 8 ++++----
 .github/workflows/trigger_pr.yml  | 2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml
index a57bfbcd..bd25bf19 100644
--- a/.github/workflows/deploy-docs.yml
+++ b/.github/workflows/deploy-docs.yml
@@ -12,14 +12,14 @@ jobs:
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - name: Install Rust
         run: rustup update stable
       - name: Generate docs
         working-directory: sds
         run: cargo doc --no-deps
       - name: Upload Rust docs
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
         with:
           path: ./sds/target/doc
   deploy:
@@ -31,4 +31,4 @@ jobs:
 
     steps:
       - name: Deploy to Github pages
-        uses: actions/deploy-pages@v4
\ No newline at end of file
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
\ No newline at end of file
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index fef99cf0..22cef532 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -28,14 +28,14 @@ jobs:
   sds:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: Swatinem/rust-cache@v2
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
       - name: "Rust checks"
         run: bash ./scripts/rust_checks.sh
   sds-go:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - run: source "$HOME/.cargo/env"
       - name: "Build the SDS Go/Rust wrapper"
         run: make build-sds-go
@@ -58,7 +58,7 @@ jobs:
   license-3rdparty:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - name: "Install dd-rust-license-tool"
         run: cargo install dd-rust-license-tool
       - name: "Check LICENSE-3rdparty.csv"
diff --git a/.github/workflows/trigger_pr.yml b/.github/workflows/trigger_pr.yml
index 00e1a108..e7756819 100644
--- a/.github/workflows/trigger_pr.yml
+++ b/.github/workflows/trigger_pr.yml
@@ -29,7 +29,7 @@ jobs:
           echo "COMMIT_AUTHOR=$author" >> "$GITHUB_OUTPUT"
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1.12.0
         with:
           app-id: ${{ vars.TRIGGER_APP_ID }}
           private-key: ${{ secrets.TRIGGER_GITHUB_APP_PRIVATE_KEY }}