From 936d765115e55eb8f9f173bae32fa8d6312c8071 Mon Sep 17 00:00:00 2001
From: Oliver Davies <oliver@oliverdavies.uk>
Date: Fri, 16 Jul 2021 12:00:00 +0100
Subject: [PATCH] GitHub Actions security hardening

Use commit SHAs for third-party actions to ensure that the same versions
are always being downloaded.
---
 .github/workflows/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index cb098e2a..d3fd1ec8 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -12,10 +12,10 @@ jobs:
   build-and-push-images:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
 
       - name: Login to the Docker registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 # v1.10.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}