Merge pull request #5985 from kingthorin/pin-actions-sha

Pin non-GitHub actions with full sha in workflows
zaproxy · Dec 4, 2024 · 8951dba · 8951dba
2 parents 014b978 + 505d50b
commit 8951dba
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -23,7 +23,7 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: ${{ matrix.java }}
-      - uses: gradle/actions/setup-gradle@v4
+      - uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1
         with:
           gradle-home-cache-includes: |
             caches

diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
@@ -16,7 +16,7 @@ jobs:
     steps:
       - name: "CLA Assistant"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
-        uses: contributor-assistant/github-action@v2.6.1
+        uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PERSONAL_ACCESS_TOKEN: ${{ secrets.ZAP_CLA_PAT }}

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -35,7 +35,7 @@ jobs:
         uses: github/codeql-action/autobuild@v3
 
       - if: matrix.language == 'java'
-        uses: gradle/actions/setup-gradle@v4
+        uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1
         with:
           cache-read-only: true
           gradle-home-cache-includes: |