Pin dependencies

.github/workflows/build-push-chart.yml

@@ -17,7 +17,7 @@ permissions: read-all
 
 jobs:
   setenv:
-    uses: ortelius/workflow-toolkit/.github/workflows/env-config-workflow.yml@cf5621d9d515b30f327262fcc356f36190ace596
+    uses: ortelius/workflow-toolkit/.github/workflows/env-config-workflow.yml@a1a11d1622e4ad53a9d48f0284cbdd3584cc7cd1
     with:
       gh_head_ref: ${{ github.head_ref }}
       gh_ref_name: ${{ github.ref_name }}
@@ -27,7 +27,7 @@ jobs:
       gh_run_number: ${{ github.run_number }}
 
   release:
-    uses: ortelius/workflow-toolkit/.github/workflows/container-release-workflow.yml@cf5621d9d515b30f327262fcc356f36190ace596
+    uses: ortelius/workflow-toolkit/.github/workflows/container-release-workflow.yml@a1a11d1622e4ad53a9d48f0284cbdd3584cc7cd1
     needs: setenv
     with:
       gh_repository_owner: ${{ github.repository_owner }}
@@ -43,7 +43,7 @@ jobs:
     permissions:
       security-events: write
       statuses: write
-    uses: ortelius/workflow-toolkit/.github/workflows/trivy-scan-workflow.yml@cf5621d9d515b30f327262fcc356f36190ace596
+    uses: ortelius/workflow-toolkit/.github/workflows/trivy-scan-workflow.yml@a1a11d1622e4ad53a9d48f0284cbdd3584cc7cd1
     needs: [setenv, release]
     with:
       gh_repository_owner: ${{ github.repository_owner }}
@@ -54,7 +54,7 @@ jobs:
   helm:
     permissions:
       contents: write
-    uses: ortelius/workflow-toolkit/.github/workflows/helm-release-workflow.yml@cf5621d9d515b30f327262fcc356f36190ace596
+    uses: ortelius/workflow-toolkit/.github/workflows/helm-release-workflow.yml@a1a11d1622e4ad53a9d48f0284cbdd3584cc7cd1
     needs: [setenv, release]
     with:
       gh_repository_owner: ${{ github.repository_owner }}
@@ -74,7 +74,7 @@ jobs:
 
 
   sbom:
-    uses: ortelius/workflow-toolkit/.github/workflows/sbom-generation-workflow.yml@cf5621d9d515b30f327262fcc356f36190ace596
+    uses: ortelius/workflow-toolkit/.github/workflows/sbom-generation-workflow.yml@a1a11d1622e4ad53a9d48f0284cbdd3584cc7cd1
     needs: [setenv, release]
     with:
       gh_repository_owner: ${{ github.repository_owner }}

.github/workflows/codeql.yml

@@ -21,19 +21,19 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1
+        uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - name: Checkout repository
-        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7
+        uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
         with:
           languages: "go"
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7
+        uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
         with:
           category: "/language:go"

.github/workflows/mega-linter.yml

@@ -25,7 +25,7 @@ jobs:
     steps:
       # Git Checkout
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
         with:
           token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
           fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances
@@ -35,7 +35,7 @@ jobs:
         id: ml
         # You can override MegaLinter flavor used to have faster performances
         # More info at https://megalinter.io/flavors/
-        uses: oxsecurity/megalinter/flavors/go@v6
+        uses: oxsecurity/megalinter/flavors/go@fda6ac3a38be0e969820709ac16e442464e5a035 # v7
         env:
           # All available variables are described in documentation
           # https://megalinter.io/configuration/
@@ -46,7 +46,7 @@ jobs:
       # Upload MegaLinter artifacts
       - name: Archive production artifacts
         if: ${{ success() }} || ${{ failure() }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3
         with:
           name: MegaLinter reports
           path: |
@@ -57,7 +57,7 @@ jobs:
       - name: Create Pull Request with applied fixes
         id: cpr
         if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5
         with:
           token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
           commit-message: "[MegaLinter] Apply linters automatic fixes"
@@ -75,7 +75,7 @@ jobs:
         run: sudo chown -Rc $UID .git/
       - name: Commit and push applied linter fixes
         if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
-        uses: stefanzweifel/git-auto-commit-action@v4
+        uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4
         with:
           branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
           commit_message: "[MegaLinter] Apply linters fixes"