authzed · tstirrat15 · Oct 6, 2025 · Oct 6, 2025 · Oct 6, 2025 · Oct 8, 2025
@@ -22,8 +22,8 @@ jobs:
       codechange: "${{ steps.code-filter.outputs.codechange }}"
       protochange: "${{ steps.proto-filter.outputs.protochange }}"
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
-      - uses: "dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36" # v3.0.2
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
+      - uses: "dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36"  # v3.0.2
         id: "code-filter"
         with:
           filters: |
@@ -36,7 +36,7 @@ jobs:
               - "pkg/**"
               - "e2e/**"
               - "internal/**"
-      - uses: "dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36" # v3.0.2
+      - uses: "dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36"  # v3.0.2
         id: "proto-filter"
         with:
           filters: |
@@ -52,13 +52,13 @@ jobs:
     if: |
       needs.paths-filter.outputs.codechange == 'true'
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
-      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1" # v3.5.0
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
+      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1"  # v3.5.0
         with:
           username: "${{ env.DOCKERHUB_PUBLIC_USER }}"
           password: "${{ env.DOCKERHUB_PUBLIC_ACCESS_TOKEN }}"
-      - uses: "authzed/actions/go-build@11667c9b2e8b3649ad2af4d788e57d18f8e8eaf1" # main
+      - uses: "authzed/actions/go-build@11667c9b2e8b3649ad2af4d788e57d18f8e8eaf1"  # main
       - name: "Image tests"
         run: "go run mage.go test:image"
 
@@ -69,12 +69,12 @@ jobs:
     if: |
       needs.paths-filter.outputs.codechange == 'true'
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
       - name: "Unit tests with coverage"
         run: "go run mage.go test:unitCover"
       - name: "Coverage"
-        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00" # v5.5.0
+        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00"  # v5.5.0
         with:
           files: "./coverage.txt"
           token: "${{ secrets.CODECOV_TOKEN }}"
@@ -87,8 +87,8 @@ jobs:
     if: |
       needs.paths-filter.outputs.codechange == 'true'
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
       - name: "Steelthread tests"
         run: "go run mage.go test:steelthread"
 
@@ -99,16 +99,16 @@ jobs:
     if: |
       needs.paths-filter.outputs.codechange == 'true'
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
-      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1" # v3.5.0
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
+      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1"  # v3.5.0
         with:
           username: "${{ env.DOCKERHUB_PUBLIC_USER }}"
           password: "${{ env.DOCKERHUB_PUBLIC_ACCESS_TOKEN }}"
       - name: "Integration tests with coverage"
         run: "go run mage.go test:integrationCover"
       - name: "Coverage"
-        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00" # v5.5.0
+        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00"  # v5.5.0
         with:
           files: "./coverage.txt"
           token: "${{ secrets.CODECOV_TOKEN }}"
@@ -123,13 +123,13 @@ jobs:
       matrix:
         datastore: ["mysql", "spanner"]
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1" # v3.5.0
+      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1"  # v3.5.0
         if: |
           needs.paths-filter.outputs.codechange == 'true'
         with:
@@ -142,7 +142,7 @@ jobs:
       - name: "Coverage"
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00" # v5.5.0
+        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00"  # v5.5.0
         with:
           files: "./coverage.txt"
           token: "${{ secrets.CODECOV_TOKEN }}"
@@ -157,13 +157,13 @@ jobs:
       matrix:
         datastore: ["mysql", "spanner"]
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1" # v3.5.0
+      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1"  # v3.5.0
         if: |
           needs.paths-filter.outputs.codechange == 'true'
         with:
@@ -176,7 +176,7 @@ jobs:
       - name: "Coverage"
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00" # v5.5.0
+        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00"  # v5.5.0
         with:
           files: "./coverage.txt"
           token: "${{ secrets.CODECOV_TOKEN }}"
@@ -192,13 +192,13 @@ jobs:
         datastore: ["postgres", "pgbouncer"]
         pgversion: ["13.8", "14", "15", "16", "17"]
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1" # v3.5.0
+      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1"  # v3.5.0
         if: |
           needs.paths-filter.outputs.codechange == 'true'
         with:
@@ -211,7 +211,7 @@ jobs:
       - name: "Coverage"
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00" # v5.5.0
+        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00"  # v5.5.0
         with:
           files: "./coverage.txt"
           token: "${{ secrets.CODECOV_TOKEN }}"
@@ -227,13 +227,13 @@ jobs:
         datastore: ["postgres"]
         pgversion: ["13.8", "14", "15", "16", "17"]
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1" # v3.5.0
+      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1"  # v3.5.0
         if: |
           needs.paths-filter.outputs.codechange == 'true'
         with:
@@ -246,7 +246,7 @@ jobs:
       - name: "Coverage"
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00" # v5.5.0
+        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00"  # v5.5.0
         with:
           files: "./coverage.txt"
           token: "${{ secrets.CODECOV_TOKEN }}"
@@ -262,13 +262,13 @@ jobs:
         datastore: ["crdb"]
         crdbversion: ["24.3.6", "25.1.0", "25.2.0"]
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1" # v3.5.0
+      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1"  # v3.5.0
         if: |
           needs.paths-filter.outputs.codechange == 'true'
         with:
@@ -281,7 +281,7 @@ jobs:
       - name: "Coverage"
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00" # v5.5.0
+        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00"  # v5.5.0
         with:
           files: "./coverage.txt"
           token: "${{ secrets.CODECOV_TOKEN }}"
@@ -297,13 +297,13 @@ jobs:
         datastore: ["crdb"]
         crdbversion: ["24.3.6", "25.1.0", "25.2.0"]
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1" # v3.5.0
+      - uses: "docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1"  # v3.5.0
         if: |
           needs.paths-filter.outputs.codechange == 'true'
         with:
@@ -316,7 +316,7 @@ jobs:
       - name: "Coverage"
         if: |
           needs.paths-filter.outputs.codechange == 'true'
-        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00" # v5.5.0
+        uses: "codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00"  # v5.5.0
         with:
           files: "./coverage.txt"
           token: "${{ secrets.CODECOV_TOKEN }}"
@@ -329,8 +329,8 @@ jobs:
     if: |
       needs.paths-filter.outputs.codechange == 'true'
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
         with:
           go-version-file: "e2e/go.mod"
           cache-dependency-path: "e2e/go.sum"
@@ -348,7 +348,7 @@ jobs:
         working-directory: "e2e/newenemy"
         run: |
           go test -v -timeout 11m ./...
-      - uses: "actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02" # v4.6.2
+      - uses: "actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02"  # v4.6.2
         if: "always()"
         # this upload step is really flaky, don't fail the job if it fails
         continue-on-error: true
@@ -362,8 +362,8 @@ jobs:
     if: |
       needs.paths-filter.outputs.codechange == 'true'
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
         with:
           go-version-file: "tools/analyzers/go.mod"
           cache-dependency-path: "tools/analyzers/go.sum"
@@ -376,8 +376,8 @@ jobs:
     if: |
       needs.paths-filter.outputs.codechange == 'true'
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
       - name: "WASM tests"
         run: "go run mage.go test:wasm"
 
@@ -388,16 +388,16 @@ jobs:
     if: |
       needs.paths-filter.outputs.protochange == 'true'
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
       - name: "Generate Protos"
         run: "go run mage.go gen:proto"
-      - uses: "chainguard-dev/actions/nodiff@3caedd3784c809ba873cbb8c6a12e2bc6bf6ab09" # main
+      - uses: "chainguard-dev/actions/nodiff@3caedd3784c809ba873cbb8c6a12e2bc6bf6ab09"  # main
         with:
           path: ""
           fixup-command: "go run mage.go gen:proto"
-      - uses: "bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99" # v1.5.0
-      - uses: "bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba" # v1.1.4 TODO(miparnisari) deprecated, use buf-action
+      - uses: "bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99"  # v1.5.0
+      - uses: "bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba"  # v1.1.4 TODO(miparnisari) deprecated, use buf-action
         if: "github.event_name == 'pull_request'"
         env:
           BUF_INPUT_HTTPS_USERNAME: "${{ github.actor }}"

@@ -14,15 +14,15 @@ on:  # yamllint disable-line rule:truthy
       - "checks_requested"
 permissions:
   actions: "write"
-  contents: "read" # CLA signatures are stored in https://github.com/authzed/cla
+  contents: "read"  # CLA signatures are stored in https://github.com/authzed/cla
   pull-requests: "write"
   statuses: "write"
 jobs:
   cla:
     name: "Check Signature"
     runs-on: "depot-ubuntu-24.04-small"
     steps:
-      - uses: "authzed/actions/cla-check@11667c9b2e8b3649ad2af4d788e57d18f8e8eaf1" # main
+      - uses: "authzed/actions/cla-check@11667c9b2e8b3649ad2af4d788e57d18f8e8eaf1"  # main
         with:
           github_token: "${{ secrets.GITHUB_TOKEN }}"
           cla_assistant_token: "${{ secrets.CLA_ASSISTANT_ACCESS_TOKEN }}"
@@ -13,7 +13,7 @@ jobs:
     permissions:
       pull-requests: "write"
     steps:
-      - uses: "actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9" # v5.0.0
+      - uses: "actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9"  # v5.0.0
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
           sync-labels: true
@@ -17,22 +17,22 @@ jobs:
     name: "License Check"
     runs-on: "depot-ubuntu-24.04-small"
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
       - name: "Check Licenses"
-        uses: "authzed/actions/go-license-check@11667c9b2e8b3649ad2af4d788e57d18f8e8eaf1" # main
+        uses: "authzed/actions/go-license-check@11667c9b2e8b3649ad2af4d788e57d18f8e8eaf1"  # main
         with:
           ignore: "buf.build"  # Has no license information
 
   go-lint:
     name: "Lint Go"
     runs-on: "depot-ubuntu-24.04-4"
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
       - name: "Lint Go"
         run: "go run mage.go lint:go"
-      - uses: "chainguard-dev/actions/nodiff@3caedd3784c809ba873cbb8c6a12e2bc6bf6ab09" # main
+      - uses: "chainguard-dev/actions/nodiff@3caedd3784c809ba873cbb8c6a12e2bc6bf6ab09"  # main
         with:
           path: ""
           fixup-command: "go run mage.go lint:go"
@@ -41,11 +41,11 @@ jobs:
     name: "Lint YAML & Markdown"
     runs-on: "depot-ubuntu-24.04-small"
     steps:
-      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
-      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5" # main
+      - uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
+      - uses: "authzed/actions/setup-go@f00cad69713a135d0b55c16bae64171367f319d5"  # main
       - name: "Lint Everything Else"
         run: "go run mage.go lint:extra"
-      - uses: "chainguard-dev/actions/nodiff@3caedd3784c809ba873cbb8c6a12e2bc6bf6ab09" # main
+      - uses: "chainguard-dev/actions/nodiff@3caedd3784c809ba873cbb8c6a12e2bc6bf6ab09"  # main
         with:
           path: ""
           fixup-command: "go run mage.go lint:extra"
@@ -56,12 +56,12 @@ jobs:
     if: "github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened' || github.event.action == 'edited')"
     steps:
       - name: "Checkout repository"
-        uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493" # v4.2.2
+        uses: "actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"  # v4.2.2
         with:
           fetch-depth: 0
 
       - name: "Set up Python"
-        uses: "actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065" # v5.6.0
+        uses: "actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065"  # v5.6.0
         with:
           python-version: "3.11"