chore: pin GH actions to commit sha

c3y1huang · mergify[bot] · commit 4a5448cf6c8f · 2026-04-27T23:44:15.000Z
longhorn/longhorn-12841 Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com> (cherry picked from commit 4c45ba1) # Conflicts: # .github/workflows/conventional_commits.yml # .github/workflows/fossa.yml
diff --git a/.github/workflows/conventional_commits.yml b/.github/workflows/conventional_commits.yml
@@ -15,6 +15,7 @@ jobs:
   commit-lint:
     runs-on: ubuntu-latest
     steps:
+<<<<<<< HEAD
     - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       with:
         fetch-depth: 0
@@ -39,3 +40,33 @@ jobs:
           ci
           revert
           BREAKING
+=======
+      - name: Checkout PR commits
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Lint Commits
+        uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6
+
+      - name: Lint Pull Request
+        uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          types: |
+            feat
+            fix
+            docs
+            style
+            refactor
+            perf
+            test
+            chore
+            vendor
+            build
+            ci
+            revert
+            BREAKING
+>>>>>>> 4c45ba1 (chore: pin GH actions to commit sha)
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
@@ -0,0 +1,33 @@
+name: fossa
+on:
+  push:
+    branches:
+      - master
+      - v*
+    tags:
+      - v*
+  pull_request:
+    branches:
+      - master
+      - v*
+  workflow_dispatch: {}
+
+permissions: {}
+
+jobs:
+  fossa-scan:
+    if: github.repository == 'longhorn/longhorn-share-manager' # FOSSA is not intended to run on forks.
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    env:
+      FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+
+      - name: "Run FOSSA Scan"
+        uses: fossas/fossa-action@c414b9ad82eaad041e47a7cf62a4f02411f427a0 # v1.8.0 # Use a specific version if locking is preferred
+        with:
+          api-key: ${{ secrets.FOSSA_API_KEY }}
+          project: longhorn-share-manager
