Build/Test Tools: Pin full commit SHA for rhysd/actionlint.

This is a recommended best practice for hardening workflows that are utilizing 3rd party actions. Follow up to [59679]. Props johnbillion. See #62221. git-svn-id: https://develop.svn.wordpress.org/trunk@60050 602fd350-edb4-49c9-b593-d223f7449a82
2025-03-24 05:49:49 +01:00 · 2025-03-19 12:16:28 +00:00 · 2025-03-19 12:16:28 +00:00 · a728957ae2
commit a728957ae2
parent a18719e7ea
1 changed files with 1 additions and 1 deletions
--- a/.github/workflows/reusable-workflow-lint.yml
+++ b/.github/workflows/reusable-workflow-lint.yml
@ -29,6 +29,6 @@ jobs:
      # actionlint is static checker for GitHub Actions workflow files.
      # See https://github.com/rhysd/actionlint.
      - name: Run actionlint
-        uses: docker://rhysd/actionlint:1.7.7
+        uses: docker://rhysd/actionlint@sha256:887a259a5a534f3c4f36cb02dca341673c6089431057242cdc931e9f133147e9 # v1.7.7
        with:
          args: "-color -verbose"