Use SHA Hashes for spring-security-release-tools Workflows

Issue gh-18648 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
2026-02-08 22:44:35 +00:00 · 2026-02-05 13:27:17 -07:00 · 2026-02-05 13:27:17 -07:00 · 18d9dd77ec
commit 18d9dd77ec
parent d6e3ec78cd
4 changed files with 9 additions and 9 deletions
--- a/.github/workflows/continuous-integration-workflow.yml
+++ b/.github/workflows/continuous-integration-workflow.yml
@ -17,7 +17,7 @@ permissions:
 jobs:
  build:
    name: Build
-    uses: spring-io/spring-security-release-tools/.github/workflows/build.yml@v1
+    uses: spring-io/spring-security-release-tools/.github/workflows/build.yml@7d42d82298553f123a9dad622e0eac725aaf52ef # v1.0.13
    strategy:
      matrix:
        os: [ ubuntu-latest, windows-latest ]
@ -67,21 +67,21 @@ jobs:
  deploy-artifacts:
    name: Deploy Artifacts
    needs: [ build, test, check-samples ]
-    uses: spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml@v1
+    uses: spring-io/spring-security-release-tools/.github/workflows/deploy-artifacts.yml@7d42d82298553f123a9dad622e0eac725aaf52ef # v1.0.13
    with:
      should-deploy-artifacts: ${{ needs.build.outputs.should-deploy-artifacts }}
    secrets: inherit
  deploy-schema:
    name: Deploy Schema
    needs: [ build, test, check-samples ]
-    uses: spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml@v1
+    uses: spring-io/spring-security-release-tools/.github/workflows/deploy-schema.yml@7d42d82298553f123a9dad622e0eac725aaf52ef # v1.0.13
    with:
      should-deploy-schema: ${{ needs.build.outputs.should-deploy-artifacts }}
    secrets: inherit
  perform-release:
    name: Perform Release
    needs: [ deploy-artifacts, deploy-schema ]
-    uses: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml@v1
+    uses: spring-io/spring-security-release-tools/.github/workflows/perform-release.yml@7d42d82298553f123a9dad622e0eac725aaf52ef # v1.0.13
    with:
      should-perform-release: ${{ needs.deploy-artifacts.outputs.artifacts-deployed }}
      project-version: ${{ needs.deploy-artifacts.outputs.project-version }}
@ -97,6 +97,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Send Notification
-        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
+        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@7d42d82298553f123a9dad622e0eac725aaf52ef # v1.0.13
        with:
          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
--- a/.github/workflows/milestone-spring-releasetrain.yml
+++ b/.github/workflows/milestone-spring-releasetrain.yml
@ -30,6 +30,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Send Notification
-        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
+        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@7d42d82298553f123a9dad622e0eac725aaf52ef # v1.0.13
        with:
          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
--- a/.github/workflows/pr-build-workflow.yml
+++ b/.github/workflows/pr-build-workflow.yml
@ -46,6 +46,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Send Notification
-        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
+        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@7d42d82298553f123a9dad622e0eac725aaf52ef # v1.0.13
        with:
          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
--- a/.github/workflows/update-scheduled-release-version.yml
+++ b/.github/workflows/update-scheduled-release-version.yml
@ -9,7 +9,7 @@ permissions:
 jobs:
  update-scheduled-release-version:
    name: Update Scheduled Release Version
-    uses: spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml@v1
+    uses: spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml@7d42d82298553f123a9dad622e0eac725aaf52ef # v1.0.13
    secrets: inherit
  send-notification:
    name: Send Notification
@ -18,6 +18,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Send Notification
-        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
+        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@7d42d82298553f123a9dad622e0eac725aaf52ef # v1.0.13
        with:
          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}