From 8fadaf122e519dec918637d63d92c313f6003703 Mon Sep 17 00:00:00 2001
From: Tobias Wennergren <tobias@airbyte.io>
Date: Thu, 2 Oct 2025 13:38:57 -0700
Subject: [PATCH] security: pin GitHub Actions to SHA1 for supply chain
 security

Pin all GitHub Actions to their specific SHA1 hashes to reduce the risk of supply chain attacks. This ensures that the exact version of each action is used and prevents potential malicious updates from automatically being incorporated.
---
 .github/workflows/speakeasy_sdk_generation.yml | 2 +-
 .github/workflows/speakeasy_sdk_publish.yml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/speakeasy_sdk_generation.yml b/.github/workflows/speakeasy_sdk_generation.yml
index d420c2e5..da8ac6e3 100644
--- a/.github/workflows/speakeasy_sdk_generation.yml
+++ b/.github/workflows/speakeasy_sdk_generation.yml
@@ -15,7 +15,7 @@ permissions:
         - cron: 0 0 * * *
 jobs:
     generate:
-        uses: speakeasy-api/sdk-generation-action/.github/workflows/workflow-executor.yaml@v15
+        uses: speakeasy-api/sdk-generation-action/.github/workflows/workflow-executor.yaml@f09110c4676497cba7ef85034a6fb94191f1c417 # v15
         with:
             force: ${{ github.event.inputs.force }}
             mode: pr
diff --git a/.github/workflows/speakeasy_sdk_publish.yml b/.github/workflows/speakeasy_sdk_publish.yml
index cedf3a9a..d20c15f9 100644
--- a/.github/workflows/speakeasy_sdk_publish.yml
+++ b/.github/workflows/speakeasy_sdk_publish.yml
@@ -7,7 +7,7 @@ name: Publish
             - RELEASES.md
 jobs:
     publish:
-        uses: speakeasy-api/sdk-generation-action/.github/workflows/sdk-publish.yaml@v15
+        uses: speakeasy-api/sdk-generation-action/.github/workflows/sdk-publish.yaml@f09110c4676497cba7ef85034a6fb94191f1c417 # v15
         secrets:
             github_access_token: ${{ secrets.GITHUB_TOKEN }}
             pypi_token: ${{ secrets.PYPI_TOKEN }}