From 4467b667c2317198888c3ff2fac181c9c0ae8589 Mon Sep 17 00:00:00 2001
From: David Cornu <david@usepatch.com>
Date: Wed, 19 Mar 2025 14:42:18 -0400
Subject: [PATCH] Pin third-party GitHub actions

---
 .github/workflows/health_check.yml | 6 +++---
 .github/workflows/publish.yml      | 4 ++--
 .github/workflows/test.yml         | 8 ++++----
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/health_check.yml b/.github/workflows/health_check.yml
index ffdae2a..a602ac2 100644
--- a/.github/workflows/health_check.yml
+++ b/.github/workflows/health_check.yml
@@ -12,10 +12,10 @@ jobs:
         python: ['3.12']
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
         with:
           python-version: ${{ matrix.python }}
 
@@ -26,7 +26,7 @@ jobs:
 
       - name: Notify slack
         if: failure()
-        uses: kpritam/slack-job-status-action@v1
+        uses: kpritam/slack-job-status-action@54eea0dd141dd572d7fbbe96416e9c5d8ba57976 # v0.1.2
         with:
           job-status: ${{ job.status }}
           slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index e1f839e..e902e3d 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -17,7 +17,7 @@ jobs:
       TARGET_URL: https://pypi.org/project/patch-api/
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - uses: chrnorm/deployment-action@releases/v1
         name: Create GitHub deployment
@@ -28,7 +28,7 @@ jobs:
           environment: production
 
       - name: Setup Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4
         with:
           python-version: "3.6"
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index d28808a..aae6846 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -9,8 +9,8 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-python@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
+      - uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4
       - uses: psf/black@stable
       
   build-and-test:
@@ -24,10 +24,10 @@ jobs:
     name: Python Library tests
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: Setup Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4
         with:
           python-version: '3.6'