From 257d65e6f5a5dcea4cc4b88a95d1a2443b42e0bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20LUDWIG?= <contact@theoludwig.fr>
Date: Sat, 1 Nov 2025 00:45:19 +0100
Subject: [PATCH] ci: pin GitHub Actions by commit-hash

Ref: https://blog.rafaelgss.dev/why-you-should-pin-actions-by-commit-hash
---
 .github/workflows/lint.yml    | 8 ++++----
 .github/workflows/release.yml | 4 ++--
 .github/workflows/test.yml    | 4 ++--
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 9152403..de99c24 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -10,10 +10,10 @@ jobs:
   lint:
     runs-on: "ubuntu-latest"
     steps:
-      - uses: "actions/checkout@v4.2.2"
+      - uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" # v5.0.0
 
       - name: "Setup Node.js"
-        uses: "actions/setup-node@v4.1.0"
+        uses: "actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903" # v6.0.0
         with:
           node-version: "lts/*"
           cache: "npm"
@@ -30,6 +30,6 @@ jobs:
   commitlint:
     runs-on: "ubuntu-latest"
     steps:
-      - uses: "actions/checkout@v4.2.2"
+      - uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" # v5.0.0
 
-      - uses: "wagoid/commitlint-github-action@v6.2.0"
+      - uses: "wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed" # v6.2.1
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bf3a2ec..6d77e90 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,13 +13,13 @@ jobs:
       pull-requests: "write"
       id-token: "write"
     steps:
-      - uses: "actions/checkout@v4.2.2"
+      - uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" # v5.0.0
         with:
           fetch-depth: 0
           persist-credentials: false
 
       - name: "Setup Node.js"
-        uses: "actions/setup-node@v4.1.0"
+        uses: "actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903" # v6.0.0
         with:
           node-version: "lts/*"
           cache: "npm"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 77a13b9..3f89324 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,10 +17,10 @@ jobs:
           - "macos-latest"
     runs-on: "${{ matrix.runs-on }}"
     steps:
-      - uses: "actions/checkout@v4.2.2"
+      - uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" # v5.0.0
 
       - name: "Setup Node.js"
-        uses: "actions/setup-node@v4.1.0"
+        uses: "actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903" # v6.0.0
         with:
           node-version: "lts/*"
           cache: "npm"