From 360cf1b0080f2836fc1a7eb2bc63c47131643ae2 Mon Sep 17 00:00:00 2001
From: Jauder Ho <jauderho@users.noreply.github.com>
Date: Mon, 14 Feb 2022 09:34:01 -0800
Subject: [PATCH] Update workflows to use commit hashes per OpenSSF Scorecard
 guidelines.

Signed-off-by: Jauder Ho <jauderho@users.noreply.github.com>
---
 .github/workflows/release-draft.yml |  2 +-
 .github/workflows/release-tag.yml   |  2 +-
 .github/workflows/test.yml          | 10 +++++-----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml
index 09aa893d..7b5b29eb 100644
--- a/.github/workflows/release-draft.yml
+++ b/.github/workflows/release-draft.yml
@@ -10,6 +10,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Draft release notes
-        uses: release-drafter/release-drafter@v5
+        uses: release-drafter/release-drafter@2f7ebf8ab5ef7f9835ee4b0b1eebaa2a14ca1669 # v5
         env:
           GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml
index ee1f5a84..70562fb0 100644
--- a/.github/workflows/release-tag.yml
+++ b/.github/workflows/release-tag.yml
@@ -8,7 +8,7 @@ jobs:
   actions-tagger:
     runs-on: ubuntu-latest
     steps:
-      - uses: Actions-R-Us/actions-tagger@v2
+      - uses: Actions-R-Us/actions-tagger@f411bd910a5ad370d4511517e3eac7ff887c90ea # v2
         env:
           GITHUB_TOKEN: ${{ github.token }}
         with:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a74688c6..e2980874 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,7 +17,7 @@ jobs:
   build: # make sure build/ci work properly and there is no faked build ncc built scripts
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
       - run: npm ci
       - run: npm audit --production
       - run: npm run package
@@ -31,12 +31,12 @@ jobs:
         os: [ubuntu-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: Vampire/setup-wsl@v1
+      - uses: Vampire/setup-wsl@d4a53c5e36a60bb1b334b7100b253869109833ad # v1
         if: ${{ matrix.os == 'windows-latest' }}
         with:
           distribution: Alpine
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
         with:
           path: ./
 
@@ -66,7 +66,7 @@ jobs:
         ports:
           - 5000:5000
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
       - name: Build images
         run: |
           for distro in alpine centos debian; do
@@ -79,7 +79,7 @@ jobs:
   test-as-action: # make sure the action works on a clean machine without building
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
         with:
           path: ./