From a767145564bb353ecd8524b6afaaf55be046f9d3 Mon Sep 17 00:00:00 2001
From: Andrea Peruffo <andrea.peruffo1982@gmail.com>
Date: Mon, 23 Jan 2023 15:35:16 +0000
Subject: [PATCH] Use commit SHA instead of branch name for third-party actions

Hi!
Following the [GH Action Security Hardening](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) guide we should use the commit SHA instead of the `branch` or `tag` for any third-party untrusted action.
---
 .github/workflows/modular-docs-check.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/modular-docs-check.yml b/.github/workflows/modular-docs-check.yml
index 2efb79c56..a91224846 100644
--- a/.github/workflows/modular-docs-check.yml
+++ b/.github/workflows/modular-docs-check.yml
@@ -33,7 +33,8 @@ jobs:
         java-version: 15
         distribution: 'adopt' # See 'Supported distributions' for available options
     - name: Use Ruby 2.6
-      uses: ruby/setup-ruby@v1
+      # v1
+      uses: ruby/setup-ruby@ee26e27437bde475b19a6bf8cb73c9fa658876a2
       with:
         ruby-version: '2.6'