From 5c557495d06ca5d19d19db674380cf6edf31493a Mon Sep 17 00:00:00 2001
From: Victor Engmark <vengmark@linz.govt.nz>
Date: Thu, 16 Nov 2023 11:57:02 +1300
Subject: [PATCH] feat: Pin actions to hashes

Done with pin-github-action <https://github.com/mheap/pin-github-action>
1.8.0 using `npx pin-github-action .github/workflows/*.yml`, and then
manually bumping the version tag to the relevant number.

This fixes the issue that it is common practice for GitHub Actions
authors to move major tags when releasing new minor versions.

Dependabot supports updating in the same fashion, bumping the version
tag when updating the hash.
---
 .github/workflows/test.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a31337f..e4d5cb0 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,7 +23,7 @@ jobs:
         - macos-13
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Install Nix
       uses: ./
       with:
@@ -44,7 +44,7 @@ jobs:
         - macos-13
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Install Nix
       uses: ./
       with:
@@ -62,7 +62,7 @@ jobs:
         - macos-13
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Install Nix
       uses: ./
       with:
@@ -82,7 +82,7 @@ jobs:
         - macos-13
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Install Nix
       uses: ./
     - run: nix flake show github:NixOS/nixpkgs
@@ -97,7 +97,7 @@ jobs:
         - macos-13
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Install Nix
       uses: ./
       with:
@@ -116,7 +116,7 @@ jobs:
         - macos-13
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Install Nix
       uses: ./
       with:
@@ -130,7 +130,7 @@ jobs:
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - run: curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash
     - run: docker pull ghcr.io/catthehacker/ubuntu:js-20.04
     - run: ./bin/act -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:js-20.04 push -j simple-build