From f52aca19bb7524eaa0209d7b24632257c9e4da81 Mon Sep 17 00:00:00 2001
From: JL Mitra <jl.mitra@amplitude.com>
Date: Tue, 7 Apr 2026 13:56:06 -0700
Subject: [PATCH] chore: SECENG-7706 [security] Pin versions of GitHub Actions
 to full commit hash - quotation fix

This PR pins versions of GitHub Actions to full commit hash via [automated scripts](https://github.com/amplitude/tools/tree/master/seceng/github_actions/pin-gha).
This PR fixes an error with the previous script not correctly parsing lines in "" quotations.
In general, this PR doesn't change the behavior of the workflows, so you can merge this safely.

This pull request was created by [multi-gitter](https://github.com/lindell/multi-gitter).

Please merge this pull request by 4/10/2026.

For any questions, please ask in the Slack channel #help-security.
---
 .github/workflows/deploy-docs.yml             | 2 +-
 .github/workflows/publish-github-packages.yml | 2 +-
 .github/workflows/release.yml                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml
index 2e9f4677..ca82f85e 100644
--- a/.github/workflows/deploy-docs.yml
+++ b/.github/workflows/deploy-docs.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: ${{ github.actor }} permission check to do a release
-        uses: "lannonbr/repo-permission-check-action@2.0.2"
+        uses: "lannonbr/repo-permission-check-action@2bb8c89ba8bf115c4bfab344d6a6f442b24c9a1f" # 2.0.2
         with:
           permission: "write"
         env:
diff --git a/.github/workflows/publish-github-packages.yml b/.github/workflows/publish-github-packages.yml
index 54c4a39b..80fe75c2 100644
--- a/.github/workflows/publish-github-packages.yml
+++ b/.github/workflows/publish-github-packages.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: ${{ github.actor }} permission check to do a release
-        uses: "lannonbr/repo-permission-check-action@2.0.2"
+        uses: "lannonbr/repo-permission-check-action@2bb8c89ba8bf115c4bfab344d6a6f442b24c9a1f" # 2.0.2
         with:
           permission: "write"
         env:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 408d6910..c634ae06 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -32,7 +32,7 @@ jobs:
           echo "✅ Branch check passed: running from v8.x"
 
       - name: ${{ github.actor }} permission check to do a release
-        uses: 'lannonbr/repo-permission-check-action@2.0.2'
+        uses: 'lannonbr/repo-permission-check-action@2bb8c89ba8bf115c4bfab344d6a6f442b24c9a1f' # 2.0.2
         with:
           permission: 'write'
         env: