# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

name: Check actions

permissions: {}

on:
  pull_request:
    branches:
      - main
      - release-*

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
      - name: Ensure SHA pinned actions
        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ed00f72a3ca5b6eff8ad4d3ffdcacedb67a21db1 # v3.0.15
        with:
          # slsa-github-generator requires using a semver tag for reusable workflows. 
          # See: https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators
          allowlist: |
            slsa-framework/slsa-github-generator