From 269ee4cf096ce0397d2ea9aead3382d935c7c877 Mon Sep 17 00:00:00 2001
From: Divya Madala <divyaasm@amazon.com>
Date: Fri, 22 May 2026 10:31:21 -0700
Subject: [PATCH] Pin GitHub Actions to commit SHAs

Signed-off-by: Divya Madala <divyaasm@amazon.com>
---
 .github/workflows/dco.yml                 | 4 ++--
 .github/workflows/draft-release-notes.yml | 2 +-
 .github/workflows/links.yml               | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/dco.yml b/.github/workflows/dco.yml
index d4c9ff2..f53d404 100644
--- a/.github/workflows/dco.yml
+++ b/.github/workflows/dco.yml
@@ -9,10 +9,10 @@ jobs:
     steps:
     - name: Get PR Commits
       id: 'get-pr-commits'
-      uses: tim-actions/get-pr-commits@v1.1.0
+      uses: tim-actions/get-pr-commits@55b867b9b28954e6f5c1a0fe2f729dc926c306d0 # v1.1.0
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
     - name: DCO Check
-      uses: tim-actions/dco@v1.1.0
+      uses: tim-actions/dco@f2279e6e62d5a7d9115b0cb8e837b777b1b02e21 # v1.1.0
       with:
         commits: ${{ steps.get-pr-commits.outputs.commits }}
\ No newline at end of file
diff --git a/.github/workflows/draft-release-notes.yml b/.github/workflows/draft-release-notes.yml
index 1383b31..1d6778a 100644
--- a/.github/workflows/draft-release-notes.yml
+++ b/.github/workflows/draft-release-notes.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Update draft release notes
-        uses: release-drafter/release-drafter@v5
+        uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5
         with:
           config-name: draft-release-notes-config.yml
           name: Version (set here)
diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml
index 5611bb4..43a3dfa 100644
--- a/.github/workflows/links.yml
+++ b/.github/workflows/links.yml
@@ -11,10 +11,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
       - name: lychee Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@v1.0.8
+        uses: lycheeverse/lychee-action@f56bc7dad9caaeb809ce24d5bdb2beaa425f66bc # v1.0.8
         with:
           args: --accept=200,403,429  "**/*.html" "**/*.md" "**/*.txt" "**/*.json" --exclude-file .lychee.excludes
         env: