From befd8a95519e80e2c2ff9132c9264377d26e8b62 Mon Sep 17 00:00:00 2001
From: William Chu <william.chu@uptickhq.com>
Date: Mon, 15 Dec 2025 15:37:06 +1100
Subject: [PATCH] security(plt-1209): pin all github actions to a fixed sha via
 ratchet

---
 .github/workflows/ci.yml      | 4 ++--
 .github/workflows/release.yml | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index acdb221..3de5c31 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,7 +12,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # ratchet:actions/checkout@v1
       - name: Build and Test
         run: swift test
 
@@ -32,6 +32,6 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # ratchet:actions/checkout@v1
       - name: Build and Test
         run: swift test --enable-test-discovery
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6037162..5041ad8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,15 +13,15 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # ratchet:actions/checkout@v2
 
       - name: Install Cocoapods
         run: gem install cocoapods
 
       - name: Deploy to Cocoapods
         run: |
-         set -eo pipefail
-         pod lib lint --allow-warnings
-         pod trunk push --allow-warnings
+          set -eo pipefail
+          pod lib lint --allow-warnings
+          pod trunk push --allow-warnings
         env:
           COCOAPODS_TRUNK_TOKEN: ${{ secrets.COCOAPODS_TRUNK_TOKEN }}