Expensify
diff --git a/‎.github/workflows/README.md‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/README.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/androidBump.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/androidBump.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/authorChecklist.yml‎
Lines changed: 1 addition & 2 deletions b/‎.github/workflows/authorChecklist.yml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎.github/workflows/buildAdHoc.yml‎
Lines changed: 2 additions & 4 deletions b/‎.github/workflows/buildAdHoc.yml‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎.github/workflows/buildAndroid.yml‎
Lines changed: 1 addition & 2 deletions b/‎.github/workflows/buildAndroid.yml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎.github/workflows/buildIOS.yml‎
Lines changed: 1 addition & 2 deletions b/‎.github/workflows/buildIOS.yml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎.github/workflows/buildWeb.yml‎
Lines changed: 1 addition & 2 deletions b/‎.github/workflows/buildWeb.yml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎.github/workflows/checkSVGCompression.yml‎
Lines changed: 1 addition & 2 deletions b/‎.github/workflows/checkSVGCompression.yml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎.github/workflows/cherryPick.yml‎
Lines changed: 1 addition & 3 deletions b/‎.github/workflows/cherryPick.yml‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎.github/workflows/claude-review.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/claude-review.yml‎
Lines changed: 2 additions & 2 deletions
@@ -42,12 +42,12 @@ Due to the large, ever-growing history of this repo, do not do any full-fetches
 
 ```yaml
 # Bad
-- uses: actions/checkout@v4
+- uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
   with:
     fetch-depth: 0
 
 # Good
-- uses: actions/checkout@v4
+- uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
 ```
 
 ```sh
@@ -63,7 +63,7 @@ git fetch origin tag 1.0.1-0 --no-tags --shallow-exclude=1.0.0-0 # This will fet
 
 ## Security Rules 🔐
 1. Do **not** use `pull_request_target` trigger unless an external fork needs access to secrets, or a _write_ `GITHUB_TOKEN`.
-1. Do **not ever** write a `pull_request_target` trigger with an explicit PR checkout, e.g. using `actions/checkout@v4`. This is [discussed further here](https://securitylab.github.com/research/github-actions-preventing-pwn-requests)
+1. Do **not ever** write a `pull_request_target` trigger with an explicit PR checkout, e.g. using `useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121`. This is [discussed further here](https://securitylab.github.com/research/github-actions-preventing-pwn-requests)
 1. **Do use** the `pull_request` trigger as it does not send internal secrets and only grants a _read_ `GITHUB_TOKEN`.
 1. If an untrusted (i.e: not maintained by GitHub) external action needs access to any secret (`GITHUB_TOKEN` or internal secret), use the commit hash of the workflow to prevent a modification of underlying source code at that version. For example:
     1. **Bad:** `hmarr/auto-approve-action@v2.0.0` Relies on the tag
@@ -138,7 +138,7 @@ In order to bundle actions with their dependencies into a single Node.js executa
 ### Important tips about creating GitHub Actions
 
 - When calling your GitHub Action from one of our workflows, you must:
-    - First call `@actions/checkout`.
+    - First call `useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121` (`# v1`).
     - Use the relative path of the action in GitHub from the root of this repo, like so:
       ```yaml
       - name: Generate Version
 
@@ -10,7 +10,7 @@ jobs:
   android_bump:
     runs-on: blacksmith-2vcpu-ubuntu-2404
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
 
       - name: Setup Node
         uses: ./.github/actions/composite/setupNode
 
@@ -27,8 +27,7 @@ jobs:
       && github.actor != 'imgbot[bot]'
     steps:
       - name: Checkout
-        # v6
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
 
       - name: authorChecklist.ts
         uses: ./.github/actions/javascript/authorChecklist
 
@@ -140,8 +140,7 @@ jobs:
     needs: [buildWeb, deployWebAdHoc, buildAndroid, buildIOS]
     steps:
       - name: Checkout
-        # v6
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
         with:
           ref: ${{ inputs.APP_REF }}
 
@@ -181,8 +180,7 @@ jobs:
     needs: [buildWeb, deployWebAdHoc, buildAndroid, buildIOS]
     steps:
       - name: Checkout
-        # v6
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
         with:
           ref: ${{ inputs.APP_REF }}
 
 
@@ -67,8 +67,7 @@ jobs:
       PROGUARD_MAPPING_FILENAME: mapping.txt
     steps:
       - name: Checkout
-        # v6
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
         with:
           submodules: true
           ref: ${{ inputs.ref }}
 
@@ -64,8 +64,7 @@ jobs:
       SOURCEMAP_FILENAME: main.jsbundle.map
     steps:
       - name: Checkout
-        # v6
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
         with:
           submodules: true
           ref: ${{ inputs.ref }}
 
@@ -39,8 +39,7 @@ jobs:
       PULL_REQUEST_NUMBER: ${{ inputs.pull-request-number }}
     steps:
       - name: Checkout
-        # v6
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
         with:
           ref: ${{ inputs.ref }}
 
 
@@ -21,8 +21,7 @@ jobs:
     runs-on: blacksmith-2vcpu-ubuntu-2404
     steps:
       - name: Checkout
-        # v6
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
 
       - name: Setup Node
         uses: ./.github/actions/composite/setupNode
 
@@ -100,10 +100,8 @@ jobs:
         id: getBranchName
         run: echo "CONFLICT_BRANCH_NAME=cherry-pick-${{ inputs.TARGET }}-${{ steps.getPRInfo.outputs.PR_NUMBER }}-${{ github.run_id }}-${{ github.run_attempt }}" >> "$GITHUB_OUTPUT"
 
-        # v4
       - name: Checkout target branch
-        # v6
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
         with:
           ref: ${{ inputs.TARGET }}
           token: ${{ secrets.OS_BOTIFY_TOKEN }}
 
@@ -30,7 +30,7 @@ jobs:
       IS_CPLUS: ${{ steps.check.outputs.IS_CPLUS }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
         with:
           fetch-depth: 1
 
@@ -56,7 +56,7 @@ jobs:
       PR_NUMBER: ${{ github.event.pull_request.number }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
         with:
           fetch-depth: 1