From 5fecd5c7a5aafd02a4e290b6902dffbcc0149a0a Mon Sep 17 00:00:00 2001
From: Martijn Govers <Martijn.Govers@Alliander.com>
Date: Thu, 16 Apr 2026 09:42:59 +0200
Subject: [PATCH] require github actions to be pinned to commit SHA

Signed-off-by: Martijn Govers <Martijn.Govers@Alliander.com>
---
 .github/workflows/reuse-compliance.yml | 4 ++--
 .github/workflows/test-action.yml      | 2 +-
 action.yml                             | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/reuse-compliance.yml b/.github/workflows/reuse-compliance.yml
index c5071c5..22d3ce6 100644
--- a/.github/workflows/reuse-compliance.yml
+++ b/.github/workflows/reuse-compliance.yml
@@ -27,6 +27,6 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
     - name: checkout
-      uses: actions/checkout@v6
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - name: REUSE Compliance Check
-      uses: fsfe/reuse-action@v6
+      uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6.0.0
diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml
index 99e6bb9..d856c9b 100644
--- a/.github/workflows/test-action.yml
+++ b/.github/workflows/test-action.yml
@@ -22,7 +22,7 @@ jobs:
   test-pgm-version-bump:
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set PyPI Version
         uses: ./
diff --git a/action.yml b/action.yml
index d967558..10a2129 100644
--- a/action.yml
+++ b/action.yml
@@ -14,7 +14,7 @@ runs:
   steps:
     - name: Get Latest Release Tag
       id: fetch_tag
-      uses: pozetroninc/github-action-get-latest-release@v0.8.0
+      uses: pozetroninc/github-action-get-latest-release@2a61c339ea7ef0a336d1daa35ef0cb1418e7676c # v0.8.0
       with:
         repository: ${{ github.repository }}
         excludes: prerelease, draft