ci: pin external GitHub Actions by devkoriel · Pull Request #68 · chronicleprotocol/scribe

devkoriel · 2026-05-07T00:21:46Z

Pins third-party GitHub Actions uses: references to full commit SHAs.

Context: RFC-043 GitHub organization security hardening.

This PR does not change GitHub org settings, branch protection, or workflow permissions.

Pinned references:

.github/workflows/lint.yml:13 actions/checkout@v3 -> actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
.github/workflows/lint.yml:18 foundry-rs/foundry-toolchain@v1 -> foundry-rs/foundry-toolchain@c7450ba673e133f5ee30098b3b54f444d3a2ca2d
.github/workflows/non-via-ir-compilation.yml:13 actions/checkout@v3 -> actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
.github/workflows/non-via-ir-compilation.yml:19 foundry-rs/foundry-toolchain@v1 -> foundry-rs/foundry-toolchain@c7450ba673e133f5ee30098b3b54f444d3a2ca2d
.github/workflows/solc-version-tests.yml:13 actions/checkout@v3 -> actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
.github/workflows/solc-version-tests.yml:19 foundry-rs/foundry-toolchain@v1 -> foundry-rs/foundry-toolchain@c7450ba673e133f5ee30098b3b54f444d3a2ca2d
.github/workflows/unit-tests.yml:13 actions/checkout@v3 -> actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
.github/workflows/unit-tests.yml:19 foundry-rs/foundry-toolchain@v1 -> foundry-rs/foundry-toolchain@c7450ba673e133f5ee30098b3b54f444d3a2ca2d

devkoriel added 4 commits May 7, 2026 09:21

ci: pin external GitHub Actions

2641579

ci: pin external GitHub Actions

c34078d

ci: pin external GitHub Actions

84c55ae

ci: pin external GitHub Actions

da3447d

devkoriel requested review from a team May 7, 2026 02:53

pmerkleplant approved these changes May 7, 2026

View reviewed changes

pmerkleplant merged commit 12ff06c into main May 7, 2026
5 checks passed

pmerkleplant deleted the security/pin-external-actions-20260507 branch May 7, 2026 11:03

Provide feedback