<h3 dir="auto">Description</h3>
<p dir="auto">Lock GitHub Actions dependencies to specific version SHAs for security and predictability. Doing so is a best practice as we then know exactly which version of a given dependency is being used. Without locking to SHAs, Actions will simply use whatever latest version is available for the given specified version, usually a major such as "v4", leading to "silent bumps" at the GitHub Action runtime level.</p>
<p dir="auto">Locking to SHAs will also allow us to receive patch and minor level dependency upgrade PRs as opposed to, in most cases, just bumps for major versions.</p>
<h3 dir="auto">How has this been tested?</h3>
<p dir="auto">CI and Danger runs will prove if these changes are proper or not as they only affect GitHub Actions.</p>
<p dir="auto">For reference here are the GitHub Actions dependencies releases so we can check the SHAs.</p>
<ul dir="auto">
<li><a href="https://github.com/actions/checkout/releases/tag/v5.0.0">https://github.com/actions/checkout/releases/tag/v5.0.0</a> (<a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8/hovercard" href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8">actions/checkout@<tt>08c6903</tt></a>)</li>
<li><a href="https://github.com/ruby/setup-ruby/releases/tag/v1.255.0">https://github.com/ruby/setup-ruby/releases/tag/v1.255.0</a> (<a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/ruby/setup-ruby/commit/829114fc20da43a41d27359103ec7a63020954d4/hovercard" href="https://github.com/ruby/setup-ruby/commit/829114fc20da43a41d27359103ec7a63020954d4">ruby/setup-ruby@<tt>829114f</tt></a>)</li>
<li><a href="https://github.com/actions/setup-node/releases/tag/v4.4.0">https://github.com/actions/setup-node/releases/tag/v4.4.0</a> (<a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/actions/setup-node/commit/49933ea5288caeca8642d1e84afbd3f7d6820020/hovercard" href="https://github.com/actions/setup-node/commit/49933ea5288caeca8642d1e84afbd3f7d6820020">actions/setup-node@<tt>49933ea</tt></a>)</li>
<li><a href="https://github.com/actions/upload-artifact/releases/tag/v4.6.2">https://github.com/actions/upload-artifact/releases/tag/v4.6.2</a> (<a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/actions/upload-artifact/commit/ea165f8d65b6e75b540449e92b4886f43607fa02/hovercard" href="https://github.com/actions/upload-artifact/commit/ea165f8d65b6e75b540449e92b4886f43607fa02">actions/upload-artifact@<tt>ea165f8</tt></a>)</li>
<li><a href="https://github.com/coverallsapp/github-action/releases/tag/v2.3.6">https://github.com/coverallsapp/github-action/releases/tag/v2.3.6</a> (<a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/coverallsapp/github-action/commit/648a8eb78e6d50909eff900e4ec85cab4524a45b/hovercard" href="https://github.com/coverallsapp/github-action/commit/648a8eb78e6d50909eff900e4ec85cab4524a45b">coverallsapp/github-action@<tt>648a8eb</tt></a>)</li>
</ul>

<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>  <a href='https://github.com/openstreetmap/openstreetmap-website/pull/6332'>https://github.com/openstreetmap/openstreetmap-website/pull/6332</a></p>

<h4>Commit Summary</h4>
<ul>
  <li><a href="https://github.com/openstreetmap/openstreetmap-website/pull/6332/commits/44d99095488d106293de0c1b2d1d44f1e5bd2919" class="commit-link">44d9909</a>  Lock GitHub Actions dependencies to SHAs for security and predictability</li>
</ul>

<h4 style="display: inline-block">File Changes </h4> <p style="display: inline-block">(<a href="https://github.com/openstreetmap/openstreetmap-website/pull/6332/files">4 files</a>)</p>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/6332/files#diff-9ed6d3c8f52cf7b6862dd9628741eda3dbcd3683b1485977c483b6571e989904">.github/workflows/danger.yml</a>
    (4)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/6332/files#diff-3f5366f6d6df3ec1179e5efadc6f350bfa88eebf4e2da589b4d94ccb85ae5e94">.github/workflows/docker.yml</a>
    (2)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/6332/files#diff-107e910e9f2ebfb9a741fa10b2aa7100cc1fc4f5f3aca2dfe78b905cbd73c0d2">.github/workflows/lint.yml</a>
    (24)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/6332/files#diff-1db27d93186e46d3b441ece35801b244db8ee144ff1405ca27a163bfe878957f">.github/workflows/tests.yml</a>
    (12)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/openstreetmap/openstreetmap-website/pull/6332.patch'>https://github.com/openstreetmap/openstreetmap-website/pull/6332.patch</a></li>
  <li><a href='https://github.com/openstreetmap/openstreetmap-website/pull/6332.diff'>https://github.com/openstreetmap/openstreetmap-website/pull/6332.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/6332">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLJ6LIUPGLICOEMIW3T3OHRH5AVCNFSM6AAAAACEFLIOFCVHI2DSMVQWIX3LMV43ASLTON2WKOZTGMZTCMBSGE3TQMI">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/pull/6332</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/6332",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/6332",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>