CI: pin GitHub actions to SHAs

Pinning actions to SHAs instead of versions improves the supply chain security: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
author: Topi Miettinen <toiwoton@gmail.com> 2021-12-13 14:41:24 +0200
committer: Topi Miettinen <topimiettinen@users.noreply.github.com> 2021-12-26 21:52:05 +0000
commit: 4bac5c6d716fcaf2542361e5fb56a4e39586b376 (patch)
tree: 38331c4d90f0c1343f6e81b99fbd89317959bf14 /.github/workflows/build-extra.yml
parent: Fix a typo (diff)
download: firejail-4bac5c6d716fcaf2542361e5fb56a4e39586b376.tar.gz
firejail-4bac5c6d716fcaf2542361e5fb56a4e39586b376.tar.zst
firejail-4bac5c6d716fcaf2542361e5fb56a4e39586b376.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml
index fd1f23954..b598c40e3 100644
--- a/.github/workflows/build-extra.yml
+++ b/.github/workflows/build-extra.yml
@@ -30,7 +30,7 @@ jobs:
  build-clang:
    runs-on: ubuntu-20.04
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
    - name: configure
      run: CC=clang-11 ./configure --enable-fatal-warnings
    - name: make
@@ -38,7 +38,7 @@ jobs:
  scan-build:
    runs-on: ubuntu-20.04
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
    - name: install clang-tools-11
      run: sudo apt-get install clang-tools-11
    - name: configure
@@ -48,7 +48,7 @@ jobs:
  cppcheck:
    runs-on: ubuntu-20.04
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
    - name: install cppcheck
      run: sudo apt-get install cppcheck
    - name: cppcheck
author	Topi Miettinen <toiwoton@gmail.com>	2021-12-13 14:41:24 +0200
committer	Topi Miettinen <topimiettinen@users.noreply.github.com>	2021-12-26 21:52:05 +0000
commit	4bac5c6d716fcaf2542361e5fb56a4e39586b376 (patch)
tree	38331c4d90f0c1343f6e81b99fbd89317959bf14 /.github/workflows/build-extra.yml
parent	Fix a typo (diff)
download	firejail-4bac5c6d716fcaf2542361e5fb56a4e39586b376.tar.gz firejail-4bac5c6d716fcaf2542361e5fb56a4e39586b376.tar.zst firejail-4bac5c6d716fcaf2542361e5fb56a4e39586b376.zip

diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index fd1f23954..b598c40e3 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml
@@ -30,7 +30,7 @@ jobs:
30	build-clang:	30	build-clang:
31	runs-on: ubuntu-20.04	31	runs-on: ubuntu-20.04
32	steps:	32	steps:
33	- uses: actions/checkout@v2	33	- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
34	- name: configure	34	- name: configure
35	run: CC=clang-11 ./configure --enable-fatal-warnings	35	run: CC=clang-11 ./configure --enable-fatal-warnings
36	- name: make	36	- name: make
@@ -38,7 +38,7 @@ jobs:
38	scan-build:	38	scan-build:
39	runs-on: ubuntu-20.04	39	runs-on: ubuntu-20.04
40	steps:	40	steps:
41	- uses: actions/checkout@v2	41	- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
42	- name: install clang-tools-11	42	- name: install clang-tools-11
43	run: sudo apt-get install clang-tools-11	43	run: sudo apt-get install clang-tools-11
44	- name: configure	44	- name: configure
@@ -48,7 +48,7 @@ jobs:
48	cppcheck:	48	cppcheck:
49	runs-on: ubuntu-20.04	49	runs-on: ubuntu-20.04
50	steps:	50	steps:
51	- uses: actions/checkout@v2	51	- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
52	- name: install cppcheck	52	- name: install cppcheck
53	run: sudo apt-get install cppcheck	53	run: sudo apt-get install cppcheck
54	- name: cppcheck	54	- name: cppcheck