From f30582fb09c4203872fc28443541ae3c5c540057 Mon Sep 17 00:00:00 2001
From: Diogo Teles Sant'Anna <diogoteles@google.com>
Date: Wed, 13 Dec 2023 20:22:04 +0000
Subject: [PATCH] ci: hash-pin sensitive workflow dependency

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
---
 .github/workflows/bzlmod-archive.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bzlmod-archive.yml b/.github/workflows/bzlmod-archive.yml
index 362888c..38a75dd 100644
--- a/.github/workflows/bzlmod-archive.yml
+++ b/.github/workflows/bzlmod-archive.yml
@@ -12,7 +12,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - run: git archive $GITHUB_REF -o "yaml-cpp-${GITHUB_REF:10}.tar.gz"
       - run: gh release upload ${GITHUB_REF:10} "yaml-cpp-${GITHUB_REF:10}.tar.gz"
         env: