ci: pin actions to commit SHAs to prevent RCE

Pin actions/checkout and actions/setup-go to their full commit SHAs instead of mutable tags, per review feedback. - actions/checkout@v4 → 34e114876b0b11c390a56381ad16ebd13914f8d5 - actions/setup-go@v5 → 40f1582b2485089dde7abd97c1529aa768e1baff
2026-02-19 20:25:23 -08:00 · 2026-02-19 20:25:23 -08:00 · 5d87d386c3
commit 5d87d386c3
parent f65e3887b2
1 changed files with 2 additions and 2 deletions
--- a/.gitea/workflows/check.yml
+++ b/.gitea/workflows/check.yml
@ -10,9 +10,9 @@ jobs:
  check:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
        with:
          go-version-file: go.mod