From 026fb7cb8cdb1fbcd763866a4602269bf989d7c5 Mon Sep 17 00:00:00 2001 From: Nicolas Schweitzer Date: Tue, 30 Jun 2026 17:36:52 +0200 Subject: [PATCH] chore(deps): Pin actions to a commit sha We are relying on this action (https://github.com/DataDog/code-review-action) and are enforcing actions pinned to commit-sha in our repositories. With actions pinned to a tag, we cannot use the gemini client, see https://github.com/DataDog/datadog-agent/actions/runs/28447474045/job/84330396079?pr=52774 Signed-off-by: Nicolas Schweitzer --- action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 35af14fe7..d1d6e6aec 100644 --- a/action.yml +++ b/action.yml @@ -218,7 +218,7 @@ runs: if: |- ${{ inputs.gcp_workload_identity_provider != '' }} id: 'auth' - uses: 'google-github-actions/auth@v3' # ratchet:exclude + uses: 'google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093' # ratchet:google-github-actions/auth@v3 with: project_id: '${{ inputs.gcp_project_id }}' workload_identity_provider: '${{ inputs.gcp_workload_identity_provider }}' @@ -432,7 +432,7 @@ runs: - name: 'Upload Gemini CLI outputs' if: |- ${{ inputs.upload_artifacts == 'true' }} - uses: 'actions/upload-artifact@v6' # ratchet:exclude + uses: 'actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f' # ratchet:actions/upload-artifact@v6 with: name: 'gemini-output' path: 'gemini-artifacts/'