build: pin actionlint workflow (#25855)

We're required to pin Docker images for Actions to a specific SHA now and this is tripping scans in the Enterprise repo. Update the actionlint image. Ref: https://go.hashi.co/memo/sec-032
2026-01-01 16:05:42 +03:00 · 2025-05-14 14:25:37 -04:00
parent ef25c3d55a
commit 8a87c33594
1 changed files with 1 additions and 1 deletions
--- a/.github/workflows/actionlint.yml
+++ b/.github/workflows/actionlint.yml
@@ -12,4 +12,4 @@ jobs:
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: "Check workflow files"
-        uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint:latest
+        uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:887a259a5a534f3c4f36cb02dca341673c6089431057242cdc931e9f133147e9