Bump actions/checkout from 5 to 6 with SHA pinning (#68)

Copilot · MariusStorhaug · web-flow · commit 7b9d6048737e · 2025-11-26T15:17:29.000+01:00
Bumps actions/checkout from v5 to v6 and pins all actions to commit SHAs for security hardening. ## Changes - **SHA pinning with version comments** for all actions: - `actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6` - `PSModule/Auto-Release@eabd533035e2cb9822160f26f2eda584bd012356 # v1` - `super-linter/super-linter@2bdd90ed3262e023ac84bf8fe35dc480721fc1f2 # v8` - `azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2` - **Added `persist-credentials: false`** to all checkout steps ```yaml - name: Checkout repo uses: actions/checkout@1af3b93 # v6 with: persist-credentials: false ```  --- 💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey). --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: MariusStorhaug <17722253+MariusStorhaug@users.noreply.github.com>
diff --git a/.github/workflows/Auto-Release.yml b/.github/workflows/Auto-Release.yml
@@ -26,9 +26,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v6
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
 
       - name: Auto-Release
-        uses: PSModule/Auto-Release@v1
+        uses: PSModule/Auto-Release@eabd533035e2cb9822160f26f2eda584bd012356 # v1
         env:
           GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml
@@ -19,12 +19,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
         with:
+          persist-credentials: false
           fetch-depth: 0
 
       - name: Lint code base
-        uses: super-linter/super-linter@latest
+        uses: super-linter/super-linter@2bdd90ed3262e023ac84bf8fe35dc480721fc1f2 # v8
         env:
           GITHUB_TOKEN: ${{ github.token }}
           VALIDATE_JSON_PRETTIER: false
diff --git a/.github/workflows/TestWorkflow.yml b/.github/workflows/TestWorkflow.yml
@@ -53,8 +53,9 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       - name: Action-Test
         uses: ./
         with:
@@ -76,8 +77,9 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       # # Not a supported way of running the action
       # # This syntax is specifically for using a function in a specific module
       # # i.e.: moduleName\functionName
@@ -144,8 +146,9 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       - name: Action-Test
         uses: ./
         id: test
@@ -324,8 +327,9 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       - name: Action-Test
         uses: ./
         id: test
@@ -386,8 +390,9 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       - name: Action-Test
         uses: ./
         with:
@@ -404,8 +409,9 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       - name: Action-Test
         uses: ./
         with:
@@ -430,8 +436,9 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       - name: Action-Test
         uses: ./
         with:
@@ -456,8 +463,9 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       - name: Action-Test
         uses: ./
         with:
@@ -482,8 +490,9 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       - name: Action-Test
         uses: ./
         with:
@@ -517,8 +526,9 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       - name: Action-Test
         uses: ./
         with:
@@ -553,11 +563,12 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       # Login to Azure to enable KeyVault access
       - name: Login to Azure
-        uses: azure/login@v2
+        uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2
         with:
           client-id: ${{ vars.AZURE_CLIENT_ID }}
           tenant-id: ${{ vars.AZURE_TENANT_ID }}
@@ -602,11 +613,12 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       # Login to Azure to enable KeyVault access
       - name: Login to Azure
-        uses: azure/login@v2
+        uses: azure/login@1384c340ab2dda50fed2bee3041d1d87018aa5e8 # v2
         with:
           client-id: ${{ vars.AZURE_CLIENT_ID }}
           tenant-id: ${{ vars.AZURE_TENANT_ID }}
@@ -650,8 +662,9 @@ jobs:
     steps:
       # Need to check out as part of the test, as its a local action
       - name: Checkout repo
-        uses: actions/checkout@v6
-
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
+        with:
+          persist-credentials: false
       - name: Action-Test with PreserveCredentials false
         uses: ./
         with:
