chore(ci): Pin GitHub Actions to commit SHAs

Pin GitHub Actions references to full commit SHAs instead of version tags to reduce supply chain risk from tag retargeting. Update actions/checkout to v6.0.2, actions/setup-python to v6.2.0, actions/setup-node to v6.3.0, actions/stale to v10.2.0, and dessant/lock-threads to v6.0.0.
2026-03-25 19:02:15 +01:00 · 2026-03-16 14:35:51 +01:00
parent 21f78049bc
commit 671b1cd470
8 changed files with 12 additions and 12 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -53,7 +53,7 @@ jobs:

    steps:
    - name: Check out repo
-      uses: actions/checkout@v4
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

    - name: Check Python linting & PEP8 compliance
      uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 # v3.6.1
@@ -63,12 +63,12 @@ jobs:
        src: "netbox/"

    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
      with:
        python-version: ${{ matrix.python-version }}

    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
      with:
        node-version: ${{ matrix.node-version }}
    
@@ -76,7 +76,7 @@ jobs:
      run: npm install -g yarn
    
    - name: Setup Node.js with Yarn Caching
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
      with:
        node-version: ${{ matrix.node-version }}
        cache: yarn