fix: pin GitHub Actions to commit SHAs (INT-326) (#33)

Xeboc · web-flow · commit 8dc20b2863e2 · 2026-04-08T14:54:25.000+03:00
## Info - Pins all `uses:` references in GitHub Actions workflows to full commit SHAs. ## References - https://docs.github.com/en/actions/reference/security/secure-use#using-third-party-actions
diff --git a/.github/workflows/trunk-upgrade.yaml b/.github/workflows/trunk-upgrade.yaml
@@ -20,7 +20,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Run Trunk Upgrade
-        uses: masterpointio/github-action-trunk-upgrade@fix/admin-permissions
+        uses: masterpointio/github-action-trunk-upgrade@a79fd65d524d92031fe167daee411d2f25d4a999 # v0.1.0
         with:
           app-id: ${{ secrets.MP_BOT_APP_ID }}
           app-private-key: ${{ secrets.MP_BOT_APP_PRIVATE_KEY }}
diff --git a/action.yaml b/action.yaml
@@ -63,7 +63,7 @@ runs:
 
     - name: Configure AWS Credentials
       if: ${{ inputs.aws_role_arn != '' || env.TF_TEST_AWS_ROLE_ARN != '' }}
-      uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
+      uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
       with:
         role-to-assume: ${{ inputs.aws_role_arn || env.TF_TEST_AWS_ROLE_ARN }}
         role-session-name: ${{ inputs.role_session_name }}
