[StepSecurity] ci: Harden GitHub Actions

[step-security-bot]

Summary

This pull request is created by Secure Repo at the request of @garydgregory. Please merge the Pull Request to incorporate the requested changes. Please tag @garydgregory on your message if you have any questions related to the PR. You can also engage with the StepSecurity team by tagging @step-security-bot.

Security Fixes

Pinned Dependencies

GitHub Action tags and Docker tags are mutatble. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit.

• GitHub Security Guide
• The Open Source Security Foundation (OpenSSF) Security Guide

Feedback

For bug reports, feature requests, and general feedback; please create an issue in step-security/secure-repo. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.18%. Comparing base (2a3b75b) to head (6abeae8).
⚠️ Report is 866 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##             master     #176   +/-   ##
=========================================
  Coverage     93.18%   93.18%           
  Complexity      566      566           
=========================================
  Files            21       21           
  Lines          1203     1203           
  Branches        213      213           
=========================================
  Hits           1121     1121           
  Misses           46       46           
  Partials         36       36           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.