From 1a31beb4b28992678a0cd013eb738ae274158e80 Mon Sep 17 00:00:00 2001
From: Christoph Hamsen <37963496+xopham@users.noreply.github.com>
Date: Tue, 4 Feb 2025 16:18:07 +0100
Subject: [PATCH 1/2] Add dependabot for github actions

---
 .github/dependabot.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..639926dd40
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,15 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    groups:
+      gh-actions-packages:
+        patterns:
+          - "*"
\ No newline at end of file

From 09475c0e6f7f7ee845691a82b835224db143d6b2 Mon Sep 17 00:00:00 2001
From: Christoph Hamsen <37963496+xopham@users.noreply.github.com>
Date: Tue, 4 Feb 2025 16:18:09 +0100
Subject: [PATCH 2/2] Pin actions by hash

---
 .github/workflows/auto_add_pr_to_miletone.yml | 4 ++--
 .github/workflows/auto_check_snapshots.yml    | 4 ++--
 .github/workflows/auto_label_prs.yml          | 4 ++--
 .github/workflows/prof_asan.yml               | 6 +++---
 .github/workflows/prof_correctness.yml        | 8 ++++----
 .github/workflows/update_latest_versions.yml  | 8 ++++----
 6 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/auto_add_pr_to_miletone.yml b/.github/workflows/auto_add_pr_to_miletone.yml
index 16fbc82021..1c77466a30 100644
--- a/.github/workflows/auto_add_pr_to_miletone.yml
+++ b/.github/workflows/auto_add_pr_to_miletone.yml
@@ -18,9 +18,9 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: actions/setup-dotnet@v4
+      - uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab # v4.3.0
         with:
           dotnet-version: '7.0.101'
 
diff --git a/.github/workflows/auto_check_snapshots.yml b/.github/workflows/auto_check_snapshots.yml
index 3e4028264c..304719a2ee 100644
--- a/.github/workflows/auto_check_snapshots.yml
+++ b/.github/workflows/auto_check_snapshots.yml
@@ -12,11 +12,11 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-dotnet@v4
+      - uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab # v4.3.0
         with:
           dotnet-version: '7.0.101'
 
diff --git a/.github/workflows/auto_label_prs.yml b/.github/workflows/auto_label_prs.yml
index 4e6f37c929..f5fd890043 100644
--- a/.github/workflows/auto_label_prs.yml
+++ b/.github/workflows/auto_label_prs.yml
@@ -14,9 +14,9 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: actions/setup-dotnet@v4
+      - uses: actions/setup-dotnet@3951f0dfe7a07e2313ec93c75700083e2005cbab # v4.3.0
         with:
           dotnet-version: '7.0.101'
 
diff --git a/.github/workflows/prof_asan.yml b/.github/workflows/prof_asan.yml
index 6cd65c27fe..870e96ff01 100644
--- a/.github/workflows/prof_asan.yml
+++ b/.github/workflows/prof_asan.yml
@@ -16,13 +16,13 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 1
           submodules: true
 
       - name: Restore build cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ~/.cargo/bin/
@@ -49,7 +49,7 @@ jobs:
           cp -v "$CARGO_TARGET_DIR/$triplet/release/libdatadog_php_profiling.so" "$(php-config --extension-dir)/datadog-profiling.so"
 
       - name: Cache build dependencies
-        uses: actions/cache/save@v4
+        uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ~/.cargo/bin/
diff --git a/.github/workflows/prof_correctness.yml b/.github/workflows/prof_correctness.yml
index 4ef77039a6..4c1eaf0368 100644
--- a/.github/workflows/prof_correctness.yml
+++ b/.github/workflows/prof_correctness.yml
@@ -18,13 +18,13 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 1
           submodules: true
 
       - name: Setup PHP
-        uses: shivammathur/setup-php@2.32.0
+        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2.32.0
         with:
           php-version: ${{ matrix.php-version }}
           extensions: ${{ matrix.extensions }}
@@ -32,7 +32,7 @@ jobs:
           phpts: ${{ matrix.phpts }}
 
       - name: Restore build cache
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ~/.cargo/bin/
@@ -57,7 +57,7 @@ jobs:
           cargo rustc --features="trigger_time_sample" --release --crate-type=cdylib
 
       - name: Cache build dependencies
-        uses: actions/cache/save@v4
+        uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
         with:
           path: |
             ~/.cargo/bin/
diff --git a/.github/workflows/update_latest_versions.yml b/.github/workflows/update_latest_versions.yml
index 68dcd1f939..11e4c8f6d9 100644
--- a/.github/workflows/update_latest_versions.yml
+++ b/.github/workflows/update_latest_versions.yml
@@ -15,10 +15,10 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install PHP
-        uses: shivammathur/setup-php@2.32.0
+        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2.32.0
         with:
           php-version: '8.3'
 
@@ -38,7 +38,7 @@ jobs:
         run: git diff
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: "chore: update latest versions"
@@ -46,4 +46,4 @@ jobs:
           branch: "update-latest-versions"
           base: "master"
           delete-branch: true
-          body: This PR updates the latest pinned versions of the test dependencies.
\ No newline at end of file
+          body: This PR updates the latest pinned versions of the test dependencies.