From 65b9628675d4abb43182d0f84a8abf56657489cd Mon Sep 17 00:00:00 2001
From: Matthew Watkins <mwatkins@linuxfoundation.org>
Date: Wed, 29 Oct 2025 15:07:39 +0000
Subject: [PATCH] CI: Update GitHub2Gerrit workflow

Issue-ID: CIMAN-33

Change-Id: Ief17cf32644bfe6f84505c07803293bab5fdd805
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
---
 .github/workflows/github2gerrit.yaml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/github2gerrit.yaml b/.github/workflows/github2gerrit.yaml
index 01baeae..c8e832d 100644
--- a/.github/workflows/github2gerrit.yaml
+++ b/.github/workflows/github2gerrit.yaml
@@ -39,14 +39,23 @@ jobs:
       issues: write
     timeout-minutes: 12
     steps:
-      - name: Checkout repository
+      # Harden the runner used by this workflow
+      # yamllint disable-line rule:line-length
+      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        name: 'Harden runner'
+        with:
+          egress-policy: audit
+
+      - name: 'Checkout repository'
+        # yamllint disable-line rule:line-length
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
         with:
           fetch-depth: 10
           ref: ${{ github.event.pull_request.head.sha || github.sha }}
 
-      - name: Run GitHub2Gerrit Action
-        uses: modeseven-lfreleng-actions/github2gerrit-action@main
+      - name: 'Run GitHub2Gerrit Action'
+        # yamllint disable-line rule:line-length
+        uses: lfreleng-actions/github2gerrit-action@f3ec169f35720fd2169110f55cc91e68f99f3a73  # v0.1.20
         with:
           USE_PR_AS_COMMIT: true
           ALLOW_DUPLICATES: ${{ inputs.allow_duplicates }}
-- 
2.16.6