From 38d8686fe2527579a372d14cb8fe8971a0bb83d2 Mon Sep 17 00:00:00 2001
From: mickael <contact@mickael-caudrelier.fr>
Date: Thu, 14 Aug 2025 10:58:31 +0200
Subject: [PATCH] ci: pin actions/checkout to its commit hash

---
 .github/workflows/deploy-pr.yml        | 4 ++--
 .github/workflows/docker-build.ecr.yml | 2 +-
 .github/workflows/release-please.yml   | 2 +-
 .github/workflows/scorecard.yml        | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/deploy-pr.yml b/.github/workflows/deploy-pr.yml
index 5fdcf677..fb3400a0 100644
--- a/.github/workflows/deploy-pr.yml
+++ b/.github/workflows/deploy-pr.yml
@@ -32,7 +32,7 @@ jobs:
           repositories: '${{ env.FLUX_REPO }}'
 
       - name: Checkout Flux repo
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           repository: '${{ env.FLUX_OWNER }}/${{ env.FLUX_REPO }}'
           token: '${{ steps.app-token.outputs.token }}'
@@ -120,7 +120,7 @@ jobs:
           repositories: '${{ env.FLUX_REPO }}'
 
       - name: Checkout Flux repo
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           repository: '${{ env.FLUX_OWNER }}/${{ env.FLUX_REPO }}'
           token: '${{ steps.app-token.outputs.token }}'
diff --git a/.github/workflows/docker-build.ecr.yml b/.github/workflows/docker-build.ecr.yml
index 79476d6d..94248379 100644
--- a/.github/workflows/docker-build.ecr.yml
+++ b/.github/workflows/docker-build.ecr.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
 
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index eacc90cd..603a28a5 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -12,7 +12,7 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Create GitHub App token
         uses: actions/create-github-app-token@v2
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index fedd5a93..bb775753 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -27,7 +27,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false