From ede3437579183972b04c70b3d8fe7f98b403afda Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Mon, 24 Mar 2025 13:10:21 +0100
Subject: [PATCH] Pin GH actions

---
 .github/workflows/continuous-integration.yml | 26 ++++++++++----------
 .github/workflows/lint.yml                   |  4 +--
 .github/workflows/phpstan.yml                |  6 ++---
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
index ddf67714..ea119297 100644
--- a/.github/workflows/continuous-integration.yml
+++ b/.github/workflows/continuous-integration.yml
@@ -43,21 +43,21 @@ jobs:
             composer-options: "--ignore-platform-req=php+"
 
     steps:
-      - uses: "actions/checkout@v4"
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Run CouchDB
         timeout-minutes: 3
         continue-on-error: true
-        uses: "cobot/couchdb-action@master"
+        uses: cobot/couchdb-action@7474dc7782b9f8a84d10579dd91339820b2e6b7e # master
         with:
           couchdb version: '2.3.1'
 
       - name: Run MongoDB
-        uses: supercharge/mongodb-github-action@1.12.0
+        uses: supercharge/mongodb-github-action@90004df786821b6308fb02299e5835d0dae05d0d # 1.12.0
         with:
           mongodb-version: 5.0
 
-      - uses: "shivammathur/setup-php@v2"
+      - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # 2.32.0
         with:
           coverage: "none"
           php-version: "${{ matrix.php-version }}"
@@ -72,7 +72,7 @@ jobs:
         run: |
           composer require --no-update --no-interaction --dev elasticsearch/elasticsearch:^7
 
-      - uses: "ramsey/composer-install@v3"
+      - uses: ramsey/composer-install@a2636af0004d1c0499ffca16ac0b4cc94df70565 # 3.1.0
         with:
           dependency-versions: "${{ matrix.dependencies }}"
           composer-options: "${{ matrix.composer-options }}"
@@ -111,7 +111,7 @@ jobs:
           - "7.17.0"
 
     steps:
-      - uses: "actions/checkout@v4"
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       # required for elasticsearch
       - name: Configure sysctl limits
@@ -123,11 +123,11 @@ jobs:
 
       - name: Run Elasticsearch
         timeout-minutes: 3
-        uses: elastic/elastic-github-actions/elasticsearch@master
+        uses: elastic/elastic-github-actions/elasticsearch@dc110609b1cb3024477ead739ca23ab547b8b9ff # master
         with:
           stack-version: "${{ matrix.es-version }}"
 
-      - uses: "shivammathur/setup-php@v2"
+      - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # 2.32.0
         with:
           coverage: "none"
           php-version: "${{ matrix.php-version }}"
@@ -138,7 +138,7 @@ jobs:
       - name: "Change dependencies"
         run: "composer require --no-update --no-interaction --dev elasticsearch/elasticsearch:^${{ matrix.es-version }}"
 
-      - uses: "ramsey/composer-install@v3"
+      - uses: ramsey/composer-install@a2636af0004d1c0499ffca16ac0b4cc94df70565 # 3.1.0
         with:
           dependency-versions: "${{ matrix.dependencies }}"
 
@@ -180,7 +180,7 @@ jobs:
           - "8.2.0"
 
     steps:
-      - uses: "actions/checkout@v4"
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       # required for elasticsearch
       - name: Configure sysctl limits
@@ -192,11 +192,11 @@ jobs:
 
       - name: Run Elasticsearch
         timeout-minutes: 3
-        uses: elastic/elastic-github-actions/elasticsearch@master
+        uses: elastic/elastic-github-actions/elasticsearch@dc110609b1cb3024477ead739ca23ab547b8b9ff # master
         with:
           stack-version: "${{ matrix.es-version }}"
 
-      - uses: "shivammathur/setup-php@v2"
+      - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # 2.32.0
         with:
           coverage: "none"
           php-version: "${{ matrix.php-version }}"
@@ -209,7 +209,7 @@ jobs:
           composer remove --no-update --dev graylog2/gelf-php ruflin/elastica elasticsearch/elasticsearch rollbar/rollbar
           composer require --no-update --no-interaction --dev elasticsearch/elasticsearch:^8 ruflin/elastica:^8
 
-      - uses: "ramsey/composer-install@v3"
+      - uses: ramsey/composer-install@a2636af0004d1c0499ffca16ac0b4cc94df70565 # 3.1.0
         with:
           dependency-versions: "${{ matrix.dependencies }}"
 
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 8272c533..4f02eed6 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -20,9 +20,9 @@ jobs:
           - "nightly"
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: shivammathur/setup-php@v2
+      - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # 2.32.0
         with:
           php-version: "${{ matrix.php-version }}"
           coverage: none
diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml
index f5dcbc59..fb9ffe50 100644
--- a/.github/workflows/phpstan.yml
+++ b/.github/workflows/phpstan.yml
@@ -23,9 +23,9 @@ jobs:
           - latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: shivammathur/setup-php@v2
+      - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # 2.32.0
         with:
           php-version: "${{ matrix.php-version }}"
           coverage: none
@@ -34,7 +34,7 @@ jobs:
       - name: Add require for mongodb/mongodb to make tests runnable
         run: "composer require ${{ env.COMPOSER_FLAGS }} mongodb/mongodb --dev --no-update"
 
-      - uses: ramsey/composer-install@v3
+      - uses: ramsey/composer-install@a2636af0004d1c0499ffca16ac0b4cc94df70565 # 3.1.0
         with:
           dependency-versions: highest