From 73c327c49716c66441a97be67a99c8ff2959e2ad Mon Sep 17 00:00:00 2001
From: Balu George <balugeorge@gmail.com>
Date: Mon, 24 Mar 2025 15:20:56 +0530
Subject: [PATCH]  fix: Pin all external github actions to their corresponding
 commit SHAs (#378)

* Pin all external github actions to their corresponding commit SHAs

* Update security actions to use the latest commit
---
 .github/workflows/build.yml   | 2 +-
 .github/workflows/release.yml | 4 ++--
 .github/workflows/sast.yml    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ab177cee..cc46c1c5 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,7 +28,7 @@ jobs:
       # Produces SBOM and CVE report
       # Helps understand vulnerabilities / license compliance across third party dependencies
       - id: sca-project
-        uses: Kong/public-shared-actions/security-actions/sca@2f02738ecb1670f01391162e43fe3f5d4e7942a1 # v2.2.2
+        uses: Kong/public-shared-actions/security-actions/sca@a18abf762d6e2444bcbfd20de70451ea1e3bc1b1
         with:
           dir: ${{ github.repository }}
           upload-sbom-release-assets: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 20d87aed..8e357624 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,7 +22,7 @@ jobs:
           token: ${{ secrets.PAT_INSOMNIA_INFRA }}
 
       - name: Configure Git user
-        uses: Homebrew/actions/git-user-config@master
+        uses: Homebrew/actions/git-user-config@266845213695c3047d210b2e8fbc42ecdaf45802 # master
         with:
           username: ${{ (github.event_name == 'workflow_dispatch' && github.actor) || 'insomnia-infra' }}
 
@@ -48,7 +48,7 @@ jobs:
           git push origin master
 
       - name: Create Tag and Release
-        uses: ncipollo/release-action@v1
+        uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # v1
         id: core_tag_and_release
         with:
           tag: v${{ env.TAG }}
diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml
index 92cfb544..0236f517 100644
--- a/.github/workflows/sast.yml
+++ b/.github/workflows/sast.yml
@@ -22,4 +22,4 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
-      - uses: Kong/public-shared-actions/security-actions/semgrep@bd3d75259607dd015bea3b3313123f53b80e9d7f
+      - uses: Kong/public-shared-actions/security-actions/semgrep@a18abf762d6e2444bcbfd20de70451ea1e3bc1b1