Pin GitHub Actions to immutable commit SHAs

Author: roryabraham

.github/workflows/autorebase.yml

@@ -9,11 +9,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the latest code
-        uses: actions/checkout@v2
+        # v2
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
       - name: Automatic Rebase
-        uses: cirrus-actions/rebase@1.7
+        # 1.7
+        uses: cirrus-actions/rebase@6e572f08c244e2f04f9beb85a943eb618218714d
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/needs-attention.yml

@@ -17,7 +17,8 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Apply Needs Attention Label
-        uses: hramos/needs-attention@v1
+        # v1
+        uses: hramos/needs-attention@4d47f33c9b77fc9bf45670510c7847c382231317
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           response-required-label: "Needs: Author Feedback"

.github/workflows/on-issue-labeled.yml

@@ -17,6 +17,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Respond to Issue Based on Label
-        uses: hramos/respond-to-issue-based-on-label@v2
+        # v2
+        uses: hramos/respond-to-issue-based-on-label@a366dfe725db739c4522391dd1cb3daa9cb399d5
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}