From 1630b084555bad18e6a210d72a1c4c2a56edebf6 Mon Sep 17 00:00:00 2001 From: Drew Roen <102626803+drewroengoogle@users.noreply.github.com> Date: Thu, 28 Apr 2022 14:40:18 -0500 Subject: [PATCH] Pin actions/checkout github action to a hash instead of a version for increased security (#1179) --- .github/workflows/beta.yml | 4 ++-- .github/workflows/gh-pages.yml | 2 +- .github/workflows/verify-web-demos.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/beta.yml b/.github/workflows/beta.yml index c24cdd774..aaf1f255b 100644 --- a/.github/workflows/beta.yml +++ b/.github/workflows/beta.yml @@ -41,7 +41,7 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'flutter/samples' steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf - uses: actions/setup-java@4fe61d24fe5472910b93bdeffb8aad49f979d862 with: distribution: 'zulu' @@ -56,7 +56,7 @@ jobs: runs-on: macos-latest if: github.repository == 'flutter/samples' steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf - uses: actions/setup-java@4fe61d24fe5472910b93bdeffb8aad49f979d862 with: distribution: 'zulu' diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 89a4d813b..5164e6db6 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf with: submodules: true fetch-depth: 0 diff --git a/.github/workflows/verify-web-demos.yml b/.github/workflows/verify-web-demos.yml index e193cc2df..7329aa694 100644 --- a/.github/workflows/verify-web-demos.yml +++ b/.github/workflows/verify-web-demos.yml @@ -10,7 +10,7 @@ jobs: if: github.repository == 'flutter/samples' steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@d171c3b028d844f2bf14e9fdec0c58114451e4bf with: submodules: true fetch-depth: 0