From 4bac5c6d716fcaf2542361e5fb56a4e39586b376 Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Mon, 13 Dec 2021 14:41:24 +0200
Subject: CI: pin GitHub actions to SHAs

Pinning actions to SHAs instead of versions improves the supply chain
security:
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
---
 .github/workflows/profile-checks.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to '.github/workflows/profile-checks.yml')

diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml
index 951a8b8cf..57a978d55 100644
--- a/.github/workflows/profile-checks.yml
+++ b/.github/workflows/profile-checks.yml
@@ -20,7 +20,7 @@ jobs:
   profile-checks:
     runs-on: ubuntu-20.04
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
     - name: sort.py
       run: ./ci/check/profiles/sort.py etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile
     - name: private-etc-always-required.sh
-- 
cgit v1.2.3-70-g09d2