🔒Pin the unpinned GitHub Actions to commit SHAs (#781)

During the last pin sweep there were a couple actions left unpinned. This pins them. | Workflow | Action | Avant | Après | SHA | |---|---|---|---|---| | `cache-rust-build/action.yml` | `actions/cache` | `v5` | `v5` | `668228422ae6…` | | `windows-codesign/action.yml` | `azure/trusted-signing-action` | `v0` | `v0` | `1d365fec1286…` | | `pre-release-testing.yml` | `actions/checkout` | `v6` | `v6.0.2` | `de0fac2e4500…` |
2026-06-04 13:30:29 +08:00 · 2026-04-06 14:27:49 -07:00
parent 08377eab3c
commit 7989267d1e
3 changed files with 3 additions and 3 deletions
--- a/.github/actions/cache-rust-build/action.yml
+++ b/.github/actions/cache-rust-build/action.yml
@@ -4,7 +4,7 @@ runs:
  using: "composite"
  steps:
    - name: Cache
-      uses: actions/cache@v5
+      uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
      with:
        path: |
          ~/.cargo/registry
--- a/.github/actions/windows-codesign/action.yml
+++ b/.github/actions/windows-codesign/action.yml
@@ -3,7 +3,7 @@ description: Sign Windows files with Microsoft Trusted Signing Service
 runs:
  using: "composite"
  steps:
-    - uses: azure/trusted-signing-action@v0
+    - uses: azure/trusted-signing-action@1d365fec12862c4aa68fcac418143d73f0cea293 # v0
      with:
        azure-tenant-id: ${{ inputs.azure_tenant_id }}
        azure-client-id: ${{ inputs.azure_client_id }}
--- a/.github/workflows/pre-release-testing.yml
+++ b/.github/workflows/pre-release-testing.yml
@@ -34,7 +34,7 @@ jobs:
          echo "BRANCH_NAME=ci_test_hf_xet_${TRIMMED_VERSION}_release" >> $GITHUB_OUTPUT

      - name: Checkout target repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
        with:
          repository: huggingface/${{ matrix.target-repo }}
          path: ${{ matrix.target-repo }}