From 061bafa6348a9d0d8bde1e1fd9e7363dd1dbb0b4 Mon Sep 17 00:00:00 2001
From: Andrea Peruffo <andrea.peruffo1982@gmail.com>
Date: Mon, 23 Jan 2023 15:36:33 +0000
Subject: [PATCH] Use commit SHA instead of branch name for third-party actions

Hi!
Following the [GH Action Security Hardening](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) guide we should use the commit SHA instead of the `branch` or `tag` for any third-party untrusted action.
---
 .github/workflows/modular-docs-publish.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/modular-docs-publish.yml b/.github/workflows/modular-docs-publish.yml
index 1f89d985a..ab1efcd60 100644
--- a/.github/workflows/modular-docs-publish.yml
+++ b/.github/workflows/modular-docs-publish.yml
@@ -40,7 +40,8 @@ jobs:
           java-version: 15
           distribution: 'adopt' # See 'Supported distributions' for available options
       - name: Use Ruby 2.6
-        uses: ruby/setup-ruby@v1
+        # v1
+        uses: ruby/setup-ruby@ee26e27437bde475b19a6bf8cb73c9fa658876a2
         with:
           ruby-version: '2.6'
 
@@ -54,7 +55,8 @@ jobs:
         env:
           DOCS_PRODUCT_NAME: ${{matrix.product}}
       - name: Deploy
-        uses: JamesIves/github-pages-deploy-action@4.1.5
+        # 4.1.5
+        uses: JamesIves/github-pages-deploy-action@0f24da7de3e7e135102609a4c9633b025be8411b
         env:
           DEPLOY_BRANCH: ${{matrix.branch}}
         with: