From 76e44c6f6bced8e9583fce1c468e10a250401a9b Mon Sep 17 00:00:00 2001
From: Ty <amfobes@gmail.com>
Date: Sun, 16 Mar 2025 11:21:46 -0400
Subject: [PATCH] CI: Pin some third-party actions to a full length commit SHA

---
 .github/workflows/cron_update_base_translation.yml | 2 +-
 .github/workflows/cron_update_controller_db.yml    | 2 +-
 .github/workflows/macos_build.yml                  | 2 +-
 .github/workflows/release_cut_new.yml              | 6 +++---
 .github/workflows/triage_pr.yml                    | 2 +-
 .github/workflows/windows_build_qt.yml             | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/cron_update_base_translation.yml b/.github/workflows/cron_update_base_translation.yml
index 15706c166e..0baeb23377 100644
--- a/.github/workflows/cron_update_base_translation.yml
+++ b/.github/workflows/cron_update_base_translation.yml
@@ -17,7 +17,7 @@ jobs:
         run: ./.github/workflows/scripts/common/update_base_translation.sh
       
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@4320041ed380b20e97d388d56a7fb4f9b8c20e79
         with:
           title: "Qt: Update Base Translation"
           commit-message: "[ci skip] Qt: Update Base Translation."
diff --git a/.github/workflows/cron_update_controller_db.yml b/.github/workflows/cron_update_controller_db.yml
index d3cdf2605f..126e3739bf 100644
--- a/.github/workflows/cron_update_controller_db.yml
+++ b/.github/workflows/cron_update_controller_db.yml
@@ -19,7 +19,7 @@ jobs:
           mv ./game_controller_db.txt ${{github.workspace}}/bin/resources/game_controller_db.txt
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@4320041ed380b20e97d388d56a7fb4f9b8c20e79
         with:
           title: "PAD: Update to latest controller database"
           commit-message: "[ci skip] PAD: Update to latest controller database."
diff --git a/.github/workflows/macos_build.yml b/.github/workflows/macos_build.yml
index cf42de647b..c595f2a653 100644
--- a/.github/workflows/macos_build.yml
+++ b/.github/workflows/macos_build.yml
@@ -160,7 +160,7 @@ jobs:
 
       - name: Sign the Application
         if: ${{ inputs.sign_and_notarize == true && env.SIGN_KEY }}
-        uses: indygreg/apple-code-sign-action@v1.1
+        uses: indygreg/apple-code-sign-action@44d0985b7f4363198e80b6fea63ac3e9dd3e9957
         with:
           input_path: 'PCSX2.app'
           p12_file: cert.p12
diff --git a/.github/workflows/release_cut_new.yml b/.github/workflows/release_cut_new.yml
index a6a8abd91e..61280bde10 100644
--- a/.github/workflows/release_cut_new.yml
+++ b/.github/workflows/release_cut_new.yml
@@ -40,7 +40,7 @@ jobs:
       # Docs - https://github.com/mathieudutour/github-tag-action
       - name: Bump Version and Push Tag
         id: tag_version
-        uses: mathieudutour/github-tag-action@v6.2
+        uses: mathieudutour/github-tag-action@a22cf08638b34d5badda920f9daf6e72c477b07b
         with:
           github_token: ${{ github.token }}
           tag_prefix: v
@@ -68,7 +68,7 @@ jobs:
           mv ./release-notes.md ${GITHUB_WORKSPACE}/release-notes.md
 
       - name: Create a GitHub Release (Manual)
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda
         if: steps.tag_version.outputs.new_tag && github.event_name == 'workflow_dispatch'
         with:
           body_path: ./release-notes.md
@@ -77,7 +77,7 @@ jobs:
           tag_name: ${{ steps.tag_version.outputs.new_tag }}
 
       - name: Create a GitHub Release (Push)
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda
         if: steps.tag_version.outputs.new_tag && github.event_name != 'workflow_dispatch'
         with:
           body_path: ./release-notes.md
diff --git a/.github/workflows/triage_pr.yml b/.github/workflows/triage_pr.yml
index 62a93ec4bc..7a433e7870 100644
--- a/.github/workflows/triage_pr.yml
+++ b/.github/workflows/triage_pr.yml
@@ -12,7 +12,7 @@ jobs:
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
 
-    - uses: xTVaser/first-interaction@v1.2.4
+    - uses: xTVaser/first-interaction@d62d6eb3c1215eae9f9d6dbfabf12d6725834cb3
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         debug-mode: false
diff --git a/.github/workflows/windows_build_qt.yml b/.github/workflows/windows_build_qt.yml
index aa8d0a9498..4d9d808553 100644
--- a/.github/workflows/windows_build_qt.yml
+++ b/.github/workflows/windows_build_qt.yml
@@ -168,7 +168,7 @@ jobs:
             !./bin/**/*.lib
 
       - name: Install the Breakpad Symbol Generator
-        uses: baptiste0928/cargo-install@v3
+        uses: baptiste0928/cargo-install@91c5da15570085bcde6f4d7aed98cb82d6769fd3
         with:
           crate: dump_syms