Skip to content

Commit 32a8744

Browse files
committed
ci: pin build-kits workflow actions to commit SHAs
Fix semgrep blocking findings for mutable GitHub Actions tag references.
1 parent 45d9197 commit 32a8744

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

.github/workflows/build-kits.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ jobs:
1414
outputs:
1515
matrix: ${{ steps.set.outputs.matrix }}
1616
steps:
17-
- uses: actions/checkout@v6
17+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
1818
with:
1919
sparse-checkout: kits/matrix.json
2020
sparse-checkout-cone-mode: false
@@ -31,15 +31,15 @@ jobs:
3131
kit: ${{ fromJson(needs.load-matrix.outputs.matrix) }}
3232
steps:
3333
- name: Checkout
34-
uses: actions/checkout@v6
34+
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
3535

3636
- name: Set SDK version
3737
run: |
3838
echo "ORG_GRADLE_PROJECT_VERSION=$(head -n 1 VERSION)" >> $GITHUB_ENV
3939
echo "ORG_GRADLE_PROJECT_version=$(head -n 1 VERSION)" >> $GITHUB_ENV
4040
4141
- name: Install JDK 17
42-
uses: actions/setup-java@v5
42+
uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5
4343
with:
4444
distribution: zulu
4545
java-version: "17"

0 commit comments

Comments
 (0)