Ref actions by commit SHA in shellcheck.yml

It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8

https://github.com/ludeeus/action-shellcheck/releases/tag/2.0.0
00cae500b0


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
pull/1480/head
Gabriela Gutierrez 2 years ago committed by GitHub
parent 346f7bc0fd
commit 404301103d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -8,6 +8,6 @@ jobs:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0

Loading…
Cancel
Save