From 6f2b4aef0de06f65271c524bbc44622be9c3e459 Mon Sep 17 00:00:00 2001 From: David Tapiador Date: Wed, 27 May 2026 15:34:37 +0200 Subject: [PATCH] Pin all remaining workflow actions to full commit SHAs Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/approved_status.yml | 2 +- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/labeler.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/static-analysis.datadog.yml | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/approved_status.yml b/.github/workflows/approved_status.yml index 17d631b2b3c..961c10f8618 100644 --- a/.github/workflows/approved_status.yml +++ b/.github/workflows/approved_status.yml @@ -32,7 +32,7 @@ jobs: scope: DataDog/datadog-api-spec policy: datadog-api-client-java.approved_status.post-review-status - name: Post PR review status check - uses: DataDog/github-actions/post-review-status@v2 + uses: DataDog/github-actions/post-review-status@65b4875f33ad773d7ba4b005a2cb5f35020295f3 # v2.3.0 with: github-token: ${{ steps.get_token.outputs.token }} repo: datadog-api-spec diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9bced7c7ee6..84f66241d1a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -26,11 +26,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -44,7 +44,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # v2 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2 diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 6b4b97e6ab0..7aea355e9cd 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -11,6 +11,6 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: DataDog/labeler@glob-all + - uses: DataDog/labeler@5170395583c7f7ec92989fd24faffc5b6154b866 # glob-all with: repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index a72b9f71034..f5394e1dd9c 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -15,7 +15,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: >- diff --git a/.github/workflows/static-analysis.datadog.yml b/.github/workflows/static-analysis.datadog.yml index 0538f718fa3..f77daba2aed 100644 --- a/.github/workflows/static-analysis.datadog.yml +++ b/.github/workflows/static-analysis.datadog.yml @@ -8,10 +8,10 @@ jobs: name: Datadog Static Analyzer steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Check code meets quality standards id: datadog-static-analysis - uses: DataDog/datadog-static-analyzer-github-action@v1 + uses: DataDog/datadog-static-analyzer-github-action@4b0a60943e8263c9d574254bbb206a87a0f75531 # v1 with: dd_api_key: ${{ secrets.DD_API_KEY }} dd_app_key: ${{ secrets.DD_APP_KEY }}