alt Hacker NewsAnother (more complete? maintenance, security checks) solution is to allow renovatebot handle this for you. Enable this preset: https://docs.renovatebot.com/presets-helpers/#helperspingith...
..and in the next update cycle, you will see all actions be pinned like this:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
This only handle your actions, not their dependencies (which seems to be the purpose of gh-actions-lockfile)