From 0856a475a59d1aaedb98ca2b30c311333ccaf981 Mon Sep 17 00:00:00 2001
From: Jimisola Laursen <jimisola.laursen@resurs.se>
Date: Sat, 7 Mar 2026 23:00:46 +0100
Subject: [PATCH] build: SHA-pin GitHub Actions for supply-chain security

Pin external action references to exact commit SHAs instead of
branch or major-version tags to prevent supply-chain attacks.

Signed-off-by: jimisola <jimisola@jimisola.com>
---
 .github/workflows/check-semantic-pr.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check-semantic-pr.yml b/.github/workflows/check-semantic-pr.yml
index 5bacd57..dfb02a0 100644
--- a/.github/workflows/check-semantic-pr.yml
+++ b/.github/workflows/check-semantic-pr.yml
@@ -7,4 +7,4 @@ on:
 
 jobs:
   check:
-    uses: reqstool/.github/.github/workflows/check-semantic-pr.yml@main
+    uses: reqstool/.github/.github/workflows/check-semantic-pr.yml@33502e31f66fb7e982f48f50e3c6c29b0410a017 # main 2026-03-07