From 51035a2fe2d7007e78b2b6ec0458a93fed820731 Mon Sep 17 00:00:00 2001
From: clawbot <clawbot@noreply.git.eeqj.de>
Date: Mon, 2 Mar 2026 12:07:00 -0800
Subject: [PATCH] ci: pin checkout action by SHA, run on all branches

- Pin actions/checkout to commit SHA (v4.2.2) to prevent tag mutation attacks
- Remove branch filters so CI runs on push to all branches, not just main
---
 .gitea/workflows/check.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.gitea/workflows/check.yml b/.gitea/workflows/check.yml
index 3761dcb..eafafa8 100644
--- a/.gitea/workflows/check.yml
+++ b/.gitea/workflows/check.yml
@@ -2,13 +2,11 @@ name: check
 
 on:
   push:
-    branches: [main]
   pull_request:
-    branches: [main]
 
 jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - run: docker build .