Hash pin github workflows (#107)

* hash pin cifuzz.yml

Signed-off-by: Joyce <joycebrum@google.com>

* hash pin codeql.yml

Signed-off-by: Joyce <joycebrum@google.com>

---------

Signed-off-by: Joyce <joycebrum@google.com>

2 files changed, 4 insertions, 4 deletions

diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index fc8d363..e531ee4 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -24,7 +24,7 @@ jobs:
         dry-run: false
         language: c++
     - name: Upload Crash
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
       if: failure() && steps.build.outcome == 'success'
       with:
         name: artifacts
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 2354068..c3a3217 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -43,11 +43,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -65,6 +65,6 @@ jobs:
     - run: autoreconf -i -f ; ./configure ; make ; make check
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0
       with:
         category: "/language:${{matrix.language}}"