From a3b6966ba40a85922aa740f7e83d221ac38c7681 Mon Sep 17 00:00:00 2001
From: Paul Abel <p.abel@f5.com>
Date: Thu, 1 Feb 2024 17:27:26 +0000
Subject: [PATCH] pin actions to specific commit sha

---
 .github/workflows/ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 73189dc9c7..93c8852950 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -325,7 +325,7 @@ jobs:
 
       - name: Authenticate to Google Cloud
         id: auth
-        uses: google-github-actions/auth@v2
+        uses: google-github-actions/auth@5a50e581162a13f4baa8916d01180d2acbc04363 # v2.1.0
         with:
           token_format: access_token
           workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }}
@@ -333,7 +333,7 @@ jobs:
         if: github.event.pull_request.head.repo.full_name == github.repository
 
       - name: Login to GCR
-        uses: docker/login-action@v3
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:
           registry: gcr.io
           username: oauth2accesstoken
@@ -349,7 +349,7 @@ jobs:
         if: github.event.pull_request.head.repo.full_name == github.repository
 
       - name: Build Test-Runner Container
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
         with:
           file: tests/Dockerfile
           context: "."