From: Dmitry Misharov <dmitry@openssl.org>
Date: Mon, 31 Mar 2025 15:50:45 +0000 (+0200)
Subject: pin GitHub Actions revisions from untrusted vendors
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2af2a4acd8b3d91ba9a27b76a7e46f8cff313bb4;p=thirdparty%2Fopenssl.git

pin GitHub Actions revisions from untrusted vendors

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27215)
---

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d80b3c915e3..6f536246986 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -114,7 +114,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: config
-      uses: cross-platform-actions/action@v0.26.0
+      uses: cross-platform-actions/action@fe0167d8082ac584754ef3ffb567fded22642c7d #v0.27.0
       with:
         operating_system: freebsd
         version: "13.4"
@@ -123,21 +123,21 @@ jobs:
           sudo pkg install -y gcc perl5
           ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
     - name: config dump
-      uses: cross-platform-actions/action@v0.26.0
+      uses: cross-platform-actions/action@fe0167d8082ac584754ef3ffb567fded22642c7d #v0.27.0
       with:
         operating_system: freebsd
         version: "13.4"
         shutdown_vm: false
         run: ./configdata.pm --dump
     - name: make
-      uses: cross-platform-actions/action@v0.26.0
+      uses: cross-platform-actions/action@fe0167d8082ac584754ef3ffb567fded22642c7d #v0.27.0
       with:
         operating_system: freebsd
         version: "13.4"
         shutdown_vm: false
         run: make -j4
     - name: make test
-      uses: cross-platform-actions/action@v0.26.0
+      uses: cross-platform-actions/action@fe0167d8082ac584754ef3ffb567fded22642c7d #v0.27.0
       with:
         operating_system: freebsd
         version: "13.4"
@@ -388,7 +388,7 @@ jobs:
         sudo apt-get update
         sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
     - name: install cpanm and Test2::V0 for gost_engine testing
-      uses: perl-actions/install-with-cpanm@stable
+      uses: perl-actions/install-with-cpanm@10d60f00b4073f484fc29d45bfbe2f776397ab3d # v1.7
       with:
         install: Test2::V0
     - name: setup hostname workaround
@@ -422,7 +422,7 @@ jobs:
       uses: actions/setup-python@v5.3.0
       with:
         python-version: ${{ matrix.PYTHON }}
-    - uses: dtolnay/rust-toolchain@master
+    - uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4
       with:
         toolchain: ${{ matrix.RUST }}
     - name: test external pyca
diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml
index ae45bb5c66b..eda8f667639 100644
--- a/.github/workflows/coveralls.yml
+++ b/.github/workflows/coveralls.yml
@@ -37,7 +37,7 @@ jobs:
     - name: generate coverage info
       run: lcov -d . -c -o ./lcov.info
     - name: Coveralls upload
-      uses: coverallsapp/github-action@v2.3.2
+      uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b #v2.3.6
       with:
         github-token: ${{ secrets.github_token }}
         path-to-lcov: ./lcov.info
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index d618400986d..8921c8a2175 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -28,14 +28,14 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - uses: actions/checkout@v4
-    - uses: ilammy/msvc-dev-cmd@v1
+    - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 #v1.13.0
       with:
         arch: ${{ matrix.platform.arch }}
     - name: install nasm
       run: |
         choco install nasm ${{ matrix.platform.arch == 'win32' && '--x86' || '' }}
         "C:\Program Files${{ matrix.platform.arch == 'win32' && ' (x86)' || '' }}\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
-    - uses: shogo82148/actions-setup-perl@v1
+    - uses: shogo82148/actions-setup-perl@49c14f24551d2de3bf56fb107a869c3760b1875e #v1.33.0
     - name: prepare the build directory
       run: mkdir _build
     - name: config
@@ -65,8 +65,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - uses: actions/checkout@v4
-    - uses: ilammy/msvc-dev-cmd@v1
-    - uses: shogo82148/actions-setup-perl@v1
+    - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 #v1.13.0
+    - uses: shogo82148/actions-setup-perl@49c14f24551d2de3bf56fb107a869c3760b1875e #v1.33.0
     - name: prepare the build directory
       run: mkdir _build
     - name: config
@@ -89,8 +89,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - uses: actions/checkout@v4
-    - uses: ilammy/msvc-dev-cmd@v1
-    - uses: shogo82148/actions-setup-perl@v1
+    - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 #v1.13.0
+    - uses: shogo82148/actions-setup-perl@49c14f24551d2de3bf56fb107a869c3760b1875e #v1.33.0
     - name: prepare the build directory
       run: mkdir _build
     - name: config