Use full commit SHA hashes for GitHub Actions (#236)

* Initial plan

* Use full commit SHA hashes for all external GitHub Actions

Co-authored-by: baynezy <1049999+baynezy@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: baynezy <1049999+baynezy@users.noreply.github.com>
Co-authored-by: Simon Baynes <baynezy@gmail.com>

Author: Copilot

.github/workflows/blocked-issue.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955
       - name: Add blocked label if issue is blocked
         run: |
           body=$BODY

.github/workflows/branch-hotfix.yml

@@ -28,23 +28,23 @@ jobs:
     needs: [get-version]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
         with:
           ref: ${{ github.head_ref }}
       - name: Increment Version
         id: increment_version
         run: |
           echo "patch_version=$(($(cat semver.json | jq -r '.patch')+1))" > $GITHUB_OUTPUT
       - name: Store New Version
-        uses: Afterlife-Guide/SemVer.Action@1.1.1.16
+        uses: Afterlife-Guide/SemVer.Action@23e59d321ba2dbb6736fd78076f9b279fecbeaf2
         with:
           path: semver.json
           major-version: ${{ needs.get-version.outputs.major }}
           minor-version: ${{ needs.get-version.outputs.minor }}
           patch-version: ${{ steps.increment_version.outputs.patch_version }}
           build-version: ${{ github.run_number }}
       - name: Update changelog
-        uses: baynezy/ChangeLogger.Action@1.1.1.13
+        uses: baynezy/ChangeLogger.Action@1e22c0074e1cec3c97ca3416db7ab79924310492
         with:
           tag: ${{ needs.get-version.outputs.major }}.${{ needs.get-version.outputs.minor }}.${{ steps.increment_version.outputs.patch_version }}.${{ github.run_number }}
 

.github/workflows/branch-master.yml

@@ -41,7 +41,7 @@ jobs:
     needs: [push-package]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Create Pull Request
         env:
           GH_TOKEN: ${{ secrets.CREATE_PR_TOKEN }}

.github/workflows/completed-feature-workflow.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Extract Issue Number
         shell: bash
         env:

.github/workflows/draft-new-release.yml

@@ -22,12 +22,12 @@ jobs:
     name: "Draft a new release"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Create release branch
         run: git checkout -b release/${{ github.event.inputs.major_version }}.${{ github.event.inputs.minor_version }}.${{ github.event.inputs.patch_version }}.${{ github.run_number }}
 
       - name: Update Version Number
-        uses: Afterlife-Guide/SemVer.Action@1.1.1.16
+        uses: Afterlife-Guide/SemVer.Action@23e59d321ba2dbb6736fd78076f9b279fecbeaf2
         with:
           path: semver.json
           major-version: ${{ github.event.inputs.major_version }}
@@ -36,7 +36,7 @@ jobs:
           build-version: ${{ github.run_number }}
 
       - name: Update changelog
-        uses: baynezy/ChangeLogger.Action@1.1.1.13
+        uses: baynezy/ChangeLogger.Action@1e22c0074e1cec3c97ca3416db7ab79924310492
         with:
           tag: ${{ github.event.inputs.major_version }}.${{ github.event.inputs.minor_version }}.${{ github.event.inputs.patch_version }}.${{ github.run_number }}
 

.github/workflows/gitstream.yml

@@ -38,7 +38,7 @@ jobs:
     name: gitStream workflow automation
     steps:
       - name: Evaluate Rules
-        uses: linear-b/gitstream-github-action@v1
+        uses: linear-b/gitstream-github-action@33597e470d599adf6fbc00360897d2aa46e4064b
         id: rules-engine
         with:
           full_repository: ${{ github.event.inputs.full_repository }}

.github/workflows/in-progress-feature-workflow.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Extract Issue Number
         shell: bash
         run: echo "issue=$(echo ${GITHUB_REF#refs/heads/} | sed 's|[^0-9]||g')" >> $GITHUB_OUTPUT

.github/workflows/label-configurer.yml

@@ -14,9 +14,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Run Labeler
-        uses: crazy-max/ghaction-github-labeler@v5
+        uses: crazy-max/ghaction-github-labeler@24d110aa46a59976b8a7f35518cb7f14f434c916
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           exclude: |

.github/workflows/step-build.yml

@@ -18,29 +18,29 @@ jobs:
       run: |
         echo "Branch: ${{ inputs.checkout-ref }}"
     - name: Checkout
-      uses: actions/checkout@v5
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       with:
         ref: ${{ inputs.checkout-ref }}
     - name: Setup .NET Core
-      uses: actions/setup-dotnet@v5.0.0
+      uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d
       with:
         dotnet-version: 9.0.x
     - name: Restore
-      uses: cake-build/cake-action@v3
+      uses: cake-build/cake-action@5167c3f6a9e15c76f009de2acdfb9488552bc0b9
       with:
         target: Restore
     - name: Build
-      uses: cake-build/cake-action@v3
+      uses: cake-build/cake-action@5167c3f6a9e15c76f009de2acdfb9488552bc0b9
       with:
         target: Build
         arguments: |
           versionNumber: ${{inputs.version}}
     - name: Run tests
-      uses: cake-build/cake-action@v3
+      uses: cake-build/cake-action@5167c3f6a9e15c76f009de2acdfb9488552bc0b9
       with:
         target: Test
     - name: Publish Unit Test Results
       if: ${{ github.actor != 'dependabot[bot]' }}
-      uses: EnricoMi/publish-unit-test-result-action/linux@v2
+      uses: EnricoMi/publish-unit-test-result-action/linux@3a74b2957438d0b6e2e61d67b05318aa25c9e6c6
       with:
         files: "**/TestResults/*.xml"

.github/workflows/step-push-package.yml

@@ -15,10 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -31,7 +31,7 @@ jobs:
           echo "container_name=$(echo 'SemVer.Action' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
           
       - name: Build and push Docker image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
         with:
           context: .
           file: ./src/SemVer.Json/Dockerfile