From a7afb3e551a3a17400c6a20562040479383220a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charles.edouard@nirmata.com>
Date: Tue, 3 Oct 2023 15:57:36 +0200
Subject: [PATCH] chore: check actions workflow (#5)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 .github/workflows/check-actions.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 .github/workflows/check-actions.yaml

diff --git a/.github/workflows/check-actions.yaml b/.github/workflows/check-actions.yaml
new file mode 100644
index 00000000..5a8d2622
--- /dev/null
+++ b/.github/workflows/check-actions.yaml
@@ -0,0 +1,23 @@
+name: Check actions
+
+# permissions: {}
+
+on:
+  pull_request:
+    branches:
+      - 'main'
+      - 'release*'
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - name: Ensure SHA pinned actions
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@f32435541e24cd6a4700a7f52bb2ec59e80603b1 # v2.1.4
+        with:
+          # slsa-github-generator requires using a semver tag for reusable workflows. 
+          # See: https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators
+          allowlist: |
+            slsa-framework/slsa-github-generator