From a7ff8a8fb0205081e240058755c4b09462277e7e Mon Sep 17 00:00:00 2001
From: Fred Bricon <fbricon@gmail.com>
Date: Fri, 17 Feb 2023 10:20:55 +0100
Subject: [PATCH] Pin 3rd-party actions to SHA1 in
 .github/workflows/release.yml

---
 .github/workflows/release.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5ec5063..d518de8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -32,12 +32,12 @@ jobs:
         git commit -m "bot: Set release version, performed by action" -a
         git tag -a ${{ github.event.inputs.release_version }} -m "Release ${{ github.event.inputs.release_version }}"
     - name: Push released main and tag
-      uses: ad-m/github-push-action@master
+      uses: ad-m/github-push-action@0fafdd62b84042d49ec0cb92d9cac7f7ce4ec79e #master
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         tags: true
     - name: Create release
-      uses: ncipollo/release-action@v1
+      uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e #v1
       with:
         artifacts: "target/kubernetes/*.yml"
         tag: ${{ github.event.inputs.release_version }}
@@ -58,6 +58,6 @@ jobs:
       run: |
         git commit -m "bot: Set next development version, performed by action" -a
     - name: Push development main
-      uses: ad-m/github-push-action@master
+      uses: ad-m/github-push-action@0fafdd62b84042d49ec0cb92d9cac7f7ce4ec79e #master
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}