pin and upgrade actions/checkout (#428)

willmurphyscode · web-flow · commit fd74a6fb98a2 · 2023-11-20T08:40:42.000-05:00
Signed-off-by: Will Murphy &lt;will.murphy@anchore.com&gt;
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -17,7 +17,7 @@ jobs:
   build: # make sure build/ci work properly and there is no faked build ncc built scripts
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - run: npm ci
       - run: npm run package
       - run: git status --porcelain
@@ -30,7 +30,7 @@ jobs:
         os: [ubuntu-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           path: ./
 
@@ -60,7 +60,7 @@ jobs:
         ports:
           - 5000:5000
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Build images
         run: |
           for distro in alpine centos debian; do
@@ -73,7 +73,7 @@ jobs:
   test-as-action: # make sure the action works on a clean machine without building
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           path: ./
 
diff --git a/.github/workflows/update-snapshots.yml b/.github/workflows/update-snapshots.yml
@@ -40,7 +40,7 @@ jobs:
           comment-id: ${{ github.event.comment.id }}
           reactions: eyes
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           token: ${{ steps.generate-token.outputs.token }}
           repository: ${{ fromJSON(steps.get-pr.outputs.result).head.repo.full_name }}
diff --git a/.github/workflows/update-syft-release.yml b/.github/workflows/update-syft-release.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'anchore/sbom-action'
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Get latest Syft version
         id: latest-version
         env:
