From ad373f082c550c660c93bc20e8fa580813928112 Mon Sep 17 00:00:00 2001 From: Josh Meranda Date: Tue, 31 Mar 2026 15:00:00 -0400 Subject: [PATCH] Pin GH Actions to commit sha (#241) Co-authored-by: joshmeranda --- .github/workflows/fossa.yml | 4 ++-- .github/workflows/renovate-vault.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 86f31f7..a8e052a 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -20,13 +20,13 @@ jobs: # The FOSSA token is shared between all repos in Rancher's GH org. It can be # used directly and there is no need to request specific access to EIO. - name: Read FOSSA token - uses: rancher-eio/read-vault-secrets@main + uses: rancher-eio/read-vault-secrets@0da85151ad1f19ed7986c41587e45aac1ace74b6 # v3 with: secrets: | secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY - name: FOSSA scan - uses: fossas/fossa-action@main + uses: fossas/fossa-action@c414b9ad82eaad041e47a7cf62a4f02411f427a0 # v1.8.0 with: api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }} # Only runs the scan and do not provide/returns any results back to the diff --git a/.github/workflows/renovate-vault.yml b/.github/workflows/renovate-vault.yml index 52f6a5d..73fb9a3 100644 --- a/.github/workflows/renovate-vault.yml +++ b/.github/workflows/renovate-vault.yml @@ -22,7 +22,7 @@ permissions: jobs: call-workflow: - uses: rancher/renovate-config/.github/workflows/renovate-vault.yml@release + uses: rancher/renovate-config/.github/workflows/renovate-vault.yml@c88cbe41a49d02648b9bf83aa5a64902151323fa # release with: logLevel: ${{ inputs.logLevel || 'info' }} overrideSchedule: ${{ github.event.inputs.overrideSchedule == 'true' && '{''schedule'':null}' || '' }}