fix: harden GitHub Actions workflows

1 week ago · 8eebadfaf3
parent 8a5ed14165
commit 8eebadfaf3
2 changed files with 2 additions and 2 deletions
--- a/.github/workflows/generator-generic-ossf-slsa3-publish.yml
+++ b/.github/workflows/generator-generic-ossf-slsa3-publish.yml
@ -60,7 +60,7 @@ jobs:
      actions: read   # To read the workflow path.
      id-token: write # To sign the provenance.
      contents: write # To add assets to a release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@68bad40844440577b33778c9f29077a3388838e9 # v1.4.0
    with:
      base64-subjects: "${{ needs.build.outputs.digests }}"
      upload-assets: true # Optional: Upload to a new release
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@ -8,6 +8,6 @@ jobs:
  lock:
    runs-on: ubuntu-latest
    steps:
-    - uses: OSDKDev/lock-issues@v1.1
+    - uses: OSDKDev/lock-issues@2372e7b39b61a49bb1980dbd3544837d7d40f01d # v1.1
      with:
        repo-token: "${{ secrets.GITHUB_TOKEN }}"