diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 01b7577..cc1baca 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,12 +23,12 @@ permissions:
 
 jobs:
   lint:
-    uses: opalmedapps/actions/.github/workflows/prek.yaml@main
+    uses: opalmedapps/actions/.github/workflows/prek.yaml@9d20dc43687635178ec6bd4bd7a7cda5db481284 # main
     with:
       skip: markdownlint-cli2,reuse-lint-file
 
   run-reuse-workflow:
-    uses: opalmedapps/.github/.github/workflows/reuse.yaml@main
+    uses: opalmedapps/.github/.github/workflows/reuse.yaml@c4370fac27e3347093784a56e2eaca34f7c4e283 # main
 
   markdownlint:
     permissions:
@@ -37,7 +37,7 @@ jobs:
       # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#example-workflow-for-sarif-files-generated-outside-of-a-repository
       security-events: write
 
-    uses: opalmedapps/.github/.github/workflows/markdownlint.yaml@main
+    uses: opalmedapps/.github/.github/workflows/markdownlint.yaml@c4370fac27e3347093784a56e2eaca34f7c4e283 # main
     with:
       semantic-linebreak: false
       mkdocs-material-linter: true