From 4e1ea14fcfe23f554b98cec7dfdf435378481a83 Mon Sep 17 00:00:00 2001
From: Joshua Li <joshuarli98@gmail.com>
Date: Mon, 23 Mar 2026 23:50:41 -0700
Subject: [PATCH] chore: pin GitHub Actions to full-length commit SHAs

---
 .github/workflows/fast-revert.yml    | 2 +-
 .github/workflows/image.yml          | 2 +-
 .github/workflows/release-client.yml | 2 +-
 .github/workflows/release.yml        | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/fast-revert.yml b/.github/workflows/fast-revert.yml
index d05e6dda..6871bf4b 100644
--- a/.github/workflows/fast-revert.yml
+++ b/.github/workflows/fast-revert.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - name: Get auth token
         id: token
-        uses: getsentry/action-github-app-token@v3.0.0
+        uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0
         with:
           app_id: ${{ vars.FAST_REVERT_BOT_APP_ID }}
           private_key: ${{ secrets.GH_FAST_REVERT_PRIVATE_KEY }}
diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml
index b285516e..0e9f2c32 100644
--- a/.github/workflows/image.yml
+++ b/.github/workflows/image.yml
@@ -99,7 +99,7 @@ jobs:
 
     steps:
       - name: Run Sentry self-hosted e2e CI
-        uses: getsentry/self-hosted@master
+        uses: getsentry/self-hosted@871c182cb0a99dc1fad72cc7ce7889b514b0c5f0 # master
         with:
           project_name: taskbroker
           image_url: ghcr.io/getsentry/taskbroker:${{ github.sha }}
diff --git a/.github/workflows/release-client.yml b/.github/workflows/release-client.yml
index ff28ac51..87435b0c 100644
--- a/.github/workflows/release-client.yml
+++ b/.github/workflows/release-client.yml
@@ -27,7 +27,7 @@ jobs:
           app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
           private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
         with:
           token: ${{ steps.token.outputs.token }}
           fetch-depth: 0
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 15091879..3c488dfa 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -30,7 +30,7 @@ jobs:
         with:
           app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
           private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
         with:
           token: ${{ steps.token.outputs.token }}
           fetch-depth: 0