Ref actions by commit SHA in release.yml

It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8


Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
pull/1480/head
Gabriela Gutierrez 2 years ago committed by GitHub
parent 0f90ed4833
commit f6afa2b95f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -10,6 +10,6 @@ jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Release
run: make release

Loading…
Cancel
Save