From f3ff3f99d80ed5a150e133764915d1b0a94da318 Mon Sep 17 00:00:00 2001
From: Victor Engmark <vengmark@linz.govt.nz>
Date: Thu, 16 Nov 2023 11:57:02 +1300
Subject: [PATCH] feat: Pin actions to hashes

Done with pin-github-action <https://github.com/mheap/pin-github-action>
1.8.0 using `npx pin-github-action .github/workflows/*.yml`, and then
manually bumping the version tag to the relevant number.

This fixes the issue that it is common practice for GitHub Actions
authors to move major tags when releasing new minor versions.

Dependabot supports updating in the same fashion, bumping the version
tag when updating the hash.
---
 .github/workflows/test.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 6eecd5d..a39155c 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -21,7 +21,7 @@ jobs:
         - macos-13
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Install Nix
       uses: ./
       with:
@@ -43,7 +43,7 @@ jobs:
         - macos-13
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Install Nix
       uses: ./
       with:
@@ -62,7 +62,7 @@ jobs:
         - macos-13
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Install Nix
       uses: ./
       with:
@@ -83,7 +83,7 @@ jobs:
         - macos-13
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Install Nix
       uses: ./
     - run: nix flake show github:NixOS/nixpkgs
@@ -103,7 +103,7 @@ jobs:
             system: x86_64-darwin
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Run NAR server
       run: |
         curl --location https://github.com/cachix/nar-toolbox/releases/download/v0.1.0/nar-toolbox-${{ matrix.system }} -O
@@ -128,7 +128,7 @@ jobs:
         - macos-13
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - name: Install Nix
       uses: ./
       with:
@@ -142,7 +142,7 @@ jobs:
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
     - run: curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash
     - run: docker pull ghcr.io/catthehacker/ubuntu:js-24.04
     - run: |