From: Emil Velikov <emil.l.velikov@gmail.com>
Date: Fri, 16 Aug 2024 15:19:38 +0000 (+0100)
Subject: ci: use hash-pinned workflow actions, update checkout
X-Git-Tag: v34~504
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=93b7f746b3b6f67ce7b1fe54898408d8c1d2b116;p=thirdparty%2Fkmod.git

ci: use hash-pinned workflow actions, update checkout

The tags are mutable and groups like Google Open Source Security Team
(GOSST) are suggesting use of hash-pinned (alongside the tag as comment)
actions.

The dependabot just introduced, can handle the format automatically.

Ref: https://github.com/libarchive/libarchive/issues/1959
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Link: https://github.com/kmod-project/kmod/pull/76
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 3600600d..16856663 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -10,7 +10,7 @@ jobs:
   spellcheck:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: codespell-project/actions-codespell@v2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: codespell-project/actions-codespell@94259cd8be02ad2903ba34a22d9c13de21a74461 # v2.0
         with:
           ignore_words_file: .codespellignore
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index b4ad5cdd..056005c2 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -27,7 +27,7 @@ jobs:
       image: ${{ matrix.container }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - uses: ./.github/actions/setup-ubuntu
         if: ${{ startsWith(matrix.container, 'ubuntu') }}