From b6bc8c2f1700682a6d6b4e8631e671eb4963f19a Mon Sep 17 00:00:00 2001
From: daz <daz@gradle.com>
Date: Thu, 14 Nov 2024 13:05:02 -0700
Subject: [PATCH] Pin gradle/actions versions

---
 .github/workflows/ci-check-and-unit-test.yml | 3 ++-
 .github/workflows/ci-init-script-check.yml   | 3 ++-
 .github/workflows/ci-validate-wrappers.yml   | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci-check-and-unit-test.yml b/.github/workflows/ci-check-and-unit-test.yml
index 9c1be34..7558d8a 100644
--- a/.github/workflows/ci-check-and-unit-test.yml
+++ b/.github/workflows/ci-check-and-unit-test.yml
@@ -24,7 +24,8 @@ jobs:
         cache: npm
         cache-dependency-path: sources/package-lock.json
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4 # Use a released version to avoid breakages
+      # Use a released version to avoid breakages
+      uses: gradle/actions/setup-gradle@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0
       env:
         ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
       with:
diff --git a/.github/workflows/ci-init-script-check.yml b/.github/workflows/ci-init-script-check.yml
index cc2734d..00907e1 100644
--- a/.github/workflows/ci-init-script-check.yml
+++ b/.github/workflows/ci-init-script-check.yml
@@ -29,7 +29,8 @@ jobs:
         distribution: temurin
         java-version: 11
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4 # Use a released version to avoid breakages
+      # Use a released version to avoid breakages
+      uses: gradle/actions/setup-gradle@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0
       env:
         ALLOWED_GRADLE_WRAPPER_CHECKSUMS: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 # Invalid wrapper jar used for testing
     - name: Run integration tests
diff --git a/.github/workflows/ci-validate-wrappers.yml b/.github/workflows/ci-validate-wrappers.yml
index b82fb3b..b941422 100644
--- a/.github/workflows/ci-validate-wrappers.yml
+++ b/.github/workflows/ci-validate-wrappers.yml
@@ -12,6 +12,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: gradle/actions/wrapper-validation@v4
+      - uses: gradle/actions/wrapper-validation@473878a77f1b98e2b5ac4af93489d1656a80a5ed # v4.2.0
         with:
           allow-checksums: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855