From 7fc344960e7dccaf93874a33ab53601a80010c6f Mon Sep 17 00:00:00 2001 From: Grant Birkinbine Date: Fri, 29 May 2026 23:12:05 -0700 Subject: [PATCH 1/4] Pin GitHub Actions to SHAs --- .github/workflows/branch-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/branch-deploy.yml b/.github/workflows/branch-deploy.yml index 5a53f02..a84173c 100644 --- a/.github/workflows/branch-deploy.yml +++ b/.github/workflows/branch-deploy.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: github/branch-deploy@v9.1.1 + - uses: github/branch-deploy@4c2569bad1865c45e0be37b5e06ee5a6b805a93e # pin@v9.1.1 id: branch-deploy with: admins: the-hideout/core-contributors @@ -29,7 +29,7 @@ jobs: - name: checkout if: ${{ steps.branch-deploy.outputs.continue == 'true' }} - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # pin@v4 with: ref: ${{ steps.branch-deploy.outputs.ref }} From 44745bc55b013f13fea37ffd6ef92e8763b80a27 Mon Sep 17 00:00:00 2001 From: Grant Birkinbine Date: Fri, 29 May 2026 23:12:06 -0700 Subject: [PATCH 2/4] Pin GitHub Actions to SHAs --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e6b0c42..33c30d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # pin@v4 - uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # pin@v1 with: From 836c005b9ebbf0eb5af468200ac0d6ecf027be29 Mon Sep 17 00:00:00 2001 From: Grant Birkinbine Date: Fri, 29 May 2026 23:12:07 -0700 Subject: [PATCH 3/4] Pin GitHub Actions to SHAs --- .github/workflows/new-pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/new-pr.yml b/.github/workflows/new-pr.yml index 293e08b..46f0709 100644 --- a/.github/workflows/new-pr.yml +++ b/.github/workflows/new-pr.yml @@ -15,9 +15,9 @@ jobs: steps: # Comment on new PR requests with deployment instructions - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # pin@v4 - name: comment - uses: GrantBirki/comment@v2.0.9 + uses: GrantBirki/comment@d5cdf0243751ca01060946b2cae3722e508b7b16 # pin@v2.0.9 continue-on-error: true with: file: .github/new-pr-comment.md From a885cd10df8b4d4d9a06431156c1cf67155fbafe Mon Sep 17 00:00:00 2001 From: Grant Birkinbine Date: Fri, 29 May 2026 23:12:08 -0700 Subject: [PATCH 4/4] Pin GitHub Actions to SHAs --- .github/workflows/unlock-on-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unlock-on-merge.yml b/.github/workflows/unlock-on-merge.yml index 995acd2..323d617 100644 --- a/.github/workflows/unlock-on-merge.yml +++ b/.github/workflows/unlock-on-merge.yml @@ -14,7 +14,7 @@ jobs: steps: - name: unlock on merge - uses: github/branch-deploy@v9.1.1 + uses: github/branch-deploy@4c2569bad1865c45e0be37b5e06ee5a6b805a93e # pin@v9.1.1 id: unlock-on-merge with: unlock_on_merge_mode: "true" # <-- indicates that this is the "Unlock on Merge Mode" workflow