From 1452517efb5cdee936bc0e6447133f3e903e58fe Mon Sep 17 00:00:00 2001
From: Roy Dahan <roy@scylladb.com>
Date: Mon, 8 Jun 2026 04:12:30 +0300
Subject: [PATCH] ci: pin GitHub Actions to commit SHAs

Pin all external GitHub Actions to full commit SHAs to reduce supply
chain attack surface. Upgrade outdated actions to their latest versions.

Reference: https://github.com/scylladb/scylladb/pull/29421
---
 .github/workflows/docs-pages.yaml | 6 +++---
 .github/workflows/docs-pr.yaml    | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/docs-pages.yaml b/.github/workflows/docs-pages.yaml
index a33edb5cc..5691533f5 100644
--- a/.github/workflows/docs-pages.yaml
+++ b/.github/workflows/docs-pages.yaml
@@ -19,17 +19,17 @@ jobs:
       contents: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           ref: ${{ github.event.repository.default_branch }}
           persist-credentials: false
           fetch-depth: 0
       - name: Set up Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: '3.12'
       - name: Install uv
-        uses: astral-sh/setup-uv@v8.1.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
       - name: Set up env
         run: make -C docs setupenv
       - name: Build docs
diff --git a/.github/workflows/docs-pr.yaml b/.github/workflows/docs-pr.yaml
index aa39b4177..bcc70d8a6 100644
--- a/.github/workflows/docs-pr.yaml
+++ b/.github/workflows/docs-pr.yaml
@@ -18,16 +18,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
           fetch-depth: 0
       - name: Set up Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: '3.12'
       - name: Install uv
-        uses: astral-sh/setup-uv@v8.1.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
       - name: Set up env
         run: make -C docs setupenv
       - name: Build docs