From 4349d7147c794e3c34e28cf9164753d6a0d3059c Mon Sep 17 00:00:00 2001
From: Rick M <kingthorin@users.noreply.github.com>
Date: Fri, 6 Dec 2024 05:51:53 -0500
Subject: [PATCH] Pin non-GitHub actions with full sha in workflows

---
 .github/workflows/ci.yml             | 2 +-
 .github/workflows/release-plugin.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1c36c8e..c6dd6df 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -19,6 +19,6 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: ${{ matrix.java }}
-      - uses: gradle/actions/setup-gradle@v4
+      - uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1
       - run: ./gradlew assemble
       - run: ./gradlew check
diff --git a/.github/workflows/release-plugin.yml b/.github/workflows/release-plugin.yml
index 9a87836..f055c3c 100644
--- a/.github/workflows/release-plugin.yml
+++ b/.github/workflows/release-plugin.yml
@@ -13,7 +13,7 @@ jobs:
         with:
           distribution: 'temurin'
           java-version: 17
-      - uses: gradle/actions/setup-gradle@v4
+      - uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1
       - run: ./gradlew publishPlugin
         env:
           GRADLE_PUBLISH_KEY: ${{ secrets.ZAPBOT_GRADLE_PUBLISH_KEY }}