From 0eee195e447bcbd07bf20c784f6a5eef22f2e96d Mon Sep 17 00:00:00 2001
From: Kentaro Hayashi <hayashi@clear-code.com>
Date: Fri, 6 Mar 2026 11:38:39 +0900
Subject: [PATCH] ci: use sha pinning to mitigate

Lower risk about supply chain attack even though matched tag was compromised.

Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
---
 .github/workflows/linux.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index d3e4b5b..f44b63c 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -28,8 +28,8 @@ jobs:
           --health-retries 5
     name: Ruby ${{ matrix.ruby }} unit testing on ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v2
-    - uses: ruby/setup-ruby@v1
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+    - uses: ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd # v1.288.0
       with:
         ruby-version: ${{ matrix.ruby }}
     - name: prepare database