From d7c45e4fb323dce98a4f448c2039a953ed0add52 Mon Sep 17 00:00:00 2001
From: jshlbrd <liburdi.joshua@gmail.com>
Date: Wed, 9 Oct 2024 10:24:24 -0700
Subject: [PATCH 1/5] ci(workflows): Pin More Hashes

---
 .github/workflows/code.yml | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/code.yml b/.github/workflows/code.yml
index 38b406e2..57dbe8e2 100644
--- a/.github/workflows/code.yml
+++ b/.github/workflows/code.yml
@@ -29,7 +29,7 @@ jobs:
         run: go test -timeout 30s -v ./...
 
       - name: Linting
-        uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.0
+        uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
         with:
           version: v1.61.0
 
@@ -45,11 +45,8 @@ jobs:
         with:
           python-version: "3.x"
 
-      # v24.10.0
       - name: Linting
-        run: |
-          pip install git+https://github.com/psf/black@1b2427a2b785cc4aac97c19bb4b9a0de063f9547 
-          find -name *.py | xargs black --check
+        uses: psf/black@1b2427a2b785cc4aac97c19bb4b9a0de063f9547 # v24.10.0
 
   # Inherits workflow permissions.
   jsonnet:
@@ -61,7 +58,7 @@ jobs:
           fetch-depth: 1
 
       - name: Setup Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
           go-version: 1.22
 

From 86ed650dcc4e3e89366d5c0541042b20f6efeea0 Mon Sep 17 00:00:00 2001
From: jshlbrd <liburdi.joshua@gmail.com>
Date: Wed, 9 Oct 2024 10:34:43 -0700
Subject: [PATCH 2/5] ci(workflows): Update Python Job

---
 .github/workflows/code.yml | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/code.yml b/.github/workflows/code.yml
index 57dbe8e2..99d3cc21 100644
--- a/.github/workflows/code.yml
+++ b/.github/workflows/code.yml
@@ -40,13 +40,11 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Setup Python
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
-        with:
-          python-version: "3.x"
-
       - name: Linting
         uses: psf/black@1b2427a2b785cc4aac97c19bb4b9a0de063f9547 # v24.10.0
+        with:
+          src: "./build"
+          options: "--check"
 
   # Inherits workflow permissions.
   jsonnet:

From c592716431570a13c96180f1c2d8c103447b29b8 Mon Sep 17 00:00:00 2001
From: jshlbrd <liburdi.joshua@gmail.com>
Date: Wed, 9 Oct 2024 10:40:06 -0700
Subject: [PATCH 3/5] ci(workflows): Update Black Opts

---
 .github/workflows/code.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/code.yml b/.github/workflows/code.yml
index 99d3cc21..1219271c 100644
--- a/.github/workflows/code.yml
+++ b/.github/workflows/code.yml
@@ -43,8 +43,8 @@ jobs:
       - name: Linting
         uses: psf/black@1b2427a2b785cc4aac97c19bb4b9a0de063f9547 # v24.10.0
         with:
-          src: "./build"
-          options: "--check"
+          # src: "./build"
+          options: "--check --exclude=''" # "An empty value means no paths are excluded."
 
   # Inherits workflow permissions.
   jsonnet:

From a799c8c50c59a0fbaac51445383093883b4d10d6 Mon Sep 17 00:00:00 2001
From: jshlbrd <liburdi.joshua@gmail.com>
Date: Wed, 9 Oct 2024 10:41:24 -0700
Subject: [PATCH 4/5] style(workflows): Update Python Lint Comments

---
 .github/workflows/code.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/code.yml b/.github/workflows/code.yml
index 1219271c..e2fe4b43 100644
--- a/.github/workflows/code.yml
+++ b/.github/workflows/code.yml
@@ -43,8 +43,9 @@ jobs:
       - name: Linting
         uses: psf/black@1b2427a2b785cc4aac97c19bb4b9a0de063f9547 # v24.10.0
         with:
-          # src: "./build"
-          options: "--check --exclude=''" # "An empty value means no paths are excluded."
+          # This recursively scans the entire project. Note that `exclude` must be
+          # an empty string: "An empty value means no paths are excluded."
+          options: "--check --exclude=''"
 
   # Inherits workflow permissions.
   jsonnet:

From 28976a72e334bd1296d00c7a6cc75793723e3420 Mon Sep 17 00:00:00 2001
From: jshlbrd <liburdi.joshua@gmail.com>
Date: Wed, 9 Oct 2024 10:51:27 -0700
Subject: [PATCH 5/5] ci(workflows): Pin CodeQL

---
 .github/workflows/scorecard.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 6b6f0ccf..a00166ec 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@cf5b0a9041d3c1d336516f1944c96d96598193cc  # v2.19.1
         with:
           sarif_file: results.sarif