Pin GitHub actions by sha

[vdemeester]

As a best practice, we should pin actions we use by commit SHA. This is the case for some workflows in the organization but not all. This issue is there to track updating those workflow and enable this settings.

Note: with dependabot, it doesn't require too much to update those as dependabot knows how to update.

• List workflows that are not using full commit SHA
• Update them
• Enable that setting

[AlanGreene]

The following workflows have at least 1 action not using the full commit SHA / image digest:

• tektoncd/catalog chatops_retest.yaml Pin actions by commit SHA catalog#1353
• tektoncd/catalog ci.yaml Pin actions by commit SHA catalog#1353
• tektoncd/catalog slash.yml Pin actions by commit SHA catalog#1353
• tektoncd/catlin chatops_retest.yaml Pin actions by commit SHA catlin#71
• tektoncd/catlin slash.yml Pin actions by commit SHA catlin#71
• tektoncd/chains lint.yaml Pin actions by commit SHA chains#1453
• tektoncd/chains test-on-microshift.yaml Pin actions by commit SHA chains#1453
• tektoncd/chains codeql.yml Pin actions by commit SHA chains#1453
• tektoncd/chains reusable-e2e.yaml Pin actions by commit SHA chains#1453
• tektoncd/cli e2e-matrix.yml Pin actions by commit SHA cli#2620
• tektoncd/hub ci.yaml Pin actions by commit SHA hub#2606
• tektoncd/hub goa-gen-dependabot.yml Pin actions by commit SHA hub#2606
• tektoncd/hub golangci-lint.yaml Pin actions by commit SHA hub#2606
• tektoncd/infra terraform-lint.yaml https://github.com/tektoncd/infra/pull/67
• tektoncd/mcp-server chatops_retest.yaml Pin actions by commit SHA mcp-server#83
• tektoncd/mcp-server slash.yml Pin actions by commit SHA mcp-server#83
• tektoncd/operator ci.yaml Pin actions by commit SHA operator#2917
• tektoncd/operator update-tektoncd-task-versions.yml Pin actions by commit SHA operator#2917
• tektoncd/operator bump-payload-on-main.yaml Pin actions by commit SHA operator#2917
• tektoncd/operator bump-payload-on-releases.yaml Pin actions by commit SHA operator#2917
• tektoncd/operator chatops_retest.yaml Pin actions by commit SHA operator#2917
• tektoncd/operator codeql-analysis.yml Pin actions by commit SHA operator#2917
• tektoncd/operator e2e-matrix.yml Pin actions by commit SHA operator#2917
• tektoncd/operator helm-release.yaml Pin actions by commit SHA operator#2917
• tektoncd/operator slash.yml Pin actions by commit SHA operator#2917
• tektoncd/pipeline ci.yaml Pin actions by commit SHA or image digest pipeline#9061
• tektoncd/pipeline chatops_retest.yaml Pin actions by commit SHA or image digest pipeline#9061
• tektoncd/pipeline e2e-matrix.yml Pin actions by commit SHA or image digest pipeline#9061
• tektoncd/pipeline labels.yaml Pin actions by commit SHA or image digest pipeline#9061
• tektoncd/pipeline nightly-builds.yaml Pin actions by commit SHA or image digest pipeline#9061
• tektoncd/pipeline slash.yml Pin actions by commit SHA or image digest pipeline#9061
• tektoncd/plumbing images.yaml Pin actions by commit SHA #2881
• tektoncd/pruner reusable-e2e.yaml Pin actions by commit SHA pruner#13
• tektoncd/pruner build_and_publish.yaml Pin actions by commit SHA pruner#13
• tektoncd/pruner codeql.yml Pin actions by commit SHA pruner#13
• tektoncd/results golangci-lint.yaml Pin actions by commit SHA results#1129
• tektoncd/results presubmit-ci.yaml Pin actions by commit SHA results#1129
• tektoncd/results codeql.yml Pin actions by commit SHA results#1129
• tektoncd/triggers golangci-lint.yaml Pin actions by commit SHA triggers#1893
• tektoncd/triggers codeql-analysis.yml Pin actions by commit SHA triggers#1893
• tektoncd/website ruff.yml Pin actions by commit SHA website#679