chore(deps): pin dependencies (#51)

| datasource | package                      | from  | to    |
| ---------- | ---------------------------- | ----- | ----- |
| docker     | ghcr.io/stefanprodan/podinfo | 6.5.0 | 6.6.2 |

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/actions/comment/action.yaml

@@ -18,7 +18,7 @@ runs:
     # Will update the comment that triggered the /test comment and add the run-url
     - name: Update comment
       if: github.event_name == 'repository_dispatch'
-      uses: peter-evans/create-or-update-comment@v3
+      uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3
       with:
         token: ${{ inputs.token }}
         repository: ${{ github.event.client_payload.github.payload.repository.full_name }}

.github/actions/e2e/action.yaml

@@ -15,7 +15,7 @@ runs:
   steps:
   # Update GitHub status for pending pipeline run
     - name: "Update GitHub Status for pending"
-      uses: docker://cloudposse/github-status-updater
+      uses: docker://cloudposse/github-status-updater@sha256:3f9e7d4539ac4566dfdadb39d70d8101303df47eb13c3d7b43a32c15fc6f5bcc
       with:
         args: "-action update_state -state pending -ref ${{ env.REPO_SHA }} -repo ${{ env.REPO_NAME }}"
       env:
@@ -36,7 +36,7 @@ runs:
 
     - name: Setup UDS
       if: always()
-      uses: defenseunicorns/uds-common/.github/actions/[email protected]
+      uses: defenseunicorns/uds-common/.github/actions/setup@a6fba9c0084319325d70816a3481aec0979649fa # v0.4.0
 
     - name: Validate ${{ inputs.distro }} AMI
       shell: bash -e -o pipefail {0}
@@ -65,7 +65,7 @@ runs:
     # Update GitHub status for successful pipeline run
     - name: "Update GitHub Status for success"
       if: ${{ success() }}
-      uses: docker://cloudposse/github-status-updater
+      uses: docker://cloudposse/github-status-updater@sha256:3f9e7d4539ac4566dfdadb39d70d8101303df47eb13c3d7b43a32c15fc6f5bcc
       with:
         args: "-action update_state -state success -ref ${{ env.REPO_SHA }} -repo ${{ env.REPO_NAME }}"
       env:
@@ -81,7 +81,7 @@ runs:
     # Update GitHub status for failing pipeline run
     - name: "Update GitHub Status for failure"
       if: ${{ failure() }}
-      uses: docker://cloudposse/github-status-updater
+      uses: docker://cloudposse/github-status-updater@sha256:3f9e7d4539ac4566dfdadb39d70d8101303df47eb13c3d7b43a32c15fc6f5bcc
       with:
         args: "-action update_state -state failure -ref ${{ env.REPO_SHA }} -repo ${{ env.REPO_NAME }}"
       env:
@@ -97,7 +97,7 @@ runs:
     # Update GitHub status for cancelled pipeline run
     - name: "Update GitHub Status for cancelled"
       if: ${{ cancelled() }}
-      uses: docker://cloudposse/github-status-updater
+      uses: docker://cloudposse/github-status-updater@sha256:3f9e7d4539ac4566dfdadb39d70d8101303df47eb13c3d7b43a32c15fc6f5bcc
       with:
         args: "-action update_state -state error -ref ${{ env.REPO_SHA }} -repo ${{ env.REPO_NAME }}"
       env:

.github/test-infra/manifests/test.yaml

@@ -13,6 +13,6 @@ metadata:
 spec:
   containers:
     - name: test-container
-      image: ghcr.io/stefanprodan/podinfo:6.5.0
+      image: ghcr.io/stefanprodan/podinfo:6.6.2@sha256:4aa3b819f4cafc97d03d902ed17cbec076e2beee02d53b67ff88527124086fd9
       command:
         - ./podinfo

.github/workflows/on-pr-aws.yaml

@@ -22,9 +22,9 @@ jobs:
         aws_env: ["commercial"]
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4
         with:
           role-to-assume: ${{ secrets.AWS_COMMERCIAL_ORG_ROLE_TO_ASSUME }}
           role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }}
@@ -33,7 +33,7 @@ jobs:
           role-duration-seconds: 21600
       - name: Setup UDS
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/[email protected]
+        uses: defenseunicorns/uds-common/.github/actions/setup@a6fba9c0084319325d70816a3481aec0979649fa # v0.4.0
       - name: Validate ${{ matrix.base }} AMI
         run: uds run --no-progress validate-ami-${{ matrix.base }}
       - name: Build ${{ matrix.base }} AMI

.github/workflows/publish-aws.yaml

@@ -24,9 +24,9 @@ jobs:
         aws_env: ["commercial"]
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4
         with:
           role-to-assume: ${{ secrets.AWS_COMMERCIAL_ORG_ROLE_TO_ASSUME }}
           role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }}
@@ -35,7 +35,7 @@ jobs:
           role-duration-seconds: 21600
       - name: Setup UDS
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/[email protected]
+        uses: defenseunicorns/uds-common/.github/actions/setup@a6fba9c0084319325d70816a3481aec0979649fa # v0.4.0
       - name: Setup Tofu
         uses: opentofu/setup-opentofu@ae80d4ecaab946d8f5ff18397fbf6d0686c6d46a # v1.0.3
         with:

.github/workflows/slash-command-dispatch.yaml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Slash Command Dispatch
-        uses: peter-evans/slash-command-dispatch@v3
+        uses: peter-evans/slash-command-dispatch@f996d7b7aae9059759ac55e978cff76d91853301 # v3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commands: test

.github/workflows/test-rke2-cluster.yaml

@@ -26,7 +26,7 @@ jobs:
       test-distros: ${{ steps.parse.outputs.test-distros }}
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -40,7 +40,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -57,7 +57,7 @@ jobs:
     if: needs.parse.outputs.run-ping == 'true'
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -81,14 +81,14 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
           ref: ${{ github.event.client_payload.pull_request.head.ref || github.ref_name }}
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4
         with:
           role-to-assume: ${{ secrets.AWS_COMMERCIAL_ORG_ROLE_TO_ASSUME }}
           role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }}