From bd632920a455ace8700417f317445f8e8b2ed8bb Mon Sep 17 00:00:00 2001
From: William Woodruff <william@yossarian.net>
Date: Thu, 21 Aug 2025 11:07:07 -0400
Subject: [PATCH] chore(docs): `make pinact` (#1103)

---
 .github/pinact.yml   |  2 +-
 docs/integrations.md | 14 +++++++-------
 mise.toml            |  2 ++
 3 files changed, 10 insertions(+), 8 deletions(-)
 create mode 100644 mise.toml

diff --git a/.github/pinact.yml b/.github/pinact.yml
index c3c58d02..1a922e80 100644
--- a/.github/pinact.yml
+++ b/.github/pinact.yml
@@ -3,4 +3,4 @@ version: 3
 files:
   # NOTE: we intentionally only update docs with pinact.
   # All non-doc workflows and actions are updated through Dependabot.
-  - pattern: ../docs/*.md
+  - pattern: ../docs/integrations.md
diff --git a/docs/integrations.md b/docs/integrations.md
index 329ece56..3a893106 100644
--- a/docs/integrations.md
+++ b/docs/integrations.md
@@ -33,12 +33,12 @@ jobs:
       actions: read # only needed for private repos
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
 
       - name: Run zizmor 🌈
-        uses: zizmorcore/zizmor-action@f52a838cfabf134edcbaa7c8b3677dde20045018 # v0.1.1
+        uses: zizmorcore/zizmor-action@5ca5fc7a4779c5263a3ffa0e1f693009994446d1 # v0.1.2
 ```
 
 See the action's [`inputs` documentation][inputs-documentation] for
@@ -94,12 +94,12 @@ GitHub Actions setup:
           actions: read # only needed for private repos
         steps:
           - name: Checkout repository
-            uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+            uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
             with:
               persist-credentials: false
 
           - name: Install the latest version of uv
-            uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1
+            uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
 
           - name: Run zizmor 🌈
             run: uvx zizmor --format=sarif . > results.sarif # (2)!
@@ -107,7 +107,7 @@ GitHub Actions setup:
               GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # (1)!
 
           - name: Upload SARIF file
-            uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+            uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10
             with:
               sarif_file: results.sarif
               category: zizmor
@@ -165,10 +165,10 @@ GitHub Actions setup:
           actions: read # only needed for private repos
         steps:
           - name: Checkout repository
-            uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+            uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
           - name: Install the latest version of uv
-            uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6.0.1
+            uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
 
           - name: Run zizmor 🌈
             run: uvx zizmor --format=github . # (2)!
diff --git a/mise.toml b/mise.toml
new file mode 100644
index 00000000..c658e15e
--- /dev/null
+++ b/mise.toml
@@ -0,0 +1,2 @@
+[tools]
+pinact = "latest"