Add Zizmor - Pin commit hashes in GitHub Actions

[mwirikia]

Add Zizmor; Update GitHub Actions workflows to reference specific commit hashes for actions, enhancing stability and predictability in the CI/CD process.

Testing

• Yes
• No
  Test coverage is not necessary as this change involves configuration updates without altering functionality.

Documentation

• No
  No new documentation is necessary as this change pertains to internal workflow configurations.

Related issues

None.

How to review

Review the updated workflow files to ensure the correct commit hashes are referenced for the actions used. Test the workflows to confirm they execute as expected.

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	zizmor	3		0	0	1.05s
⚠️ BASH	bash-exec	5		3	0	0.02s
✅ BASH	shellcheck	5		0	0	0.18s
✅ BASH	shfmt	5		0	0	0.04s
✅ CSHARP	csharpier	1		0	0	0.83s
✅ DOCKERFILE	hadolint	1		0	0	0.2s
✅ JSON	jsonlint	1		0	0	0.15s
✅ JSON	prettier	1		0	0	0.57s
✅ JSON	v8r	1		0	0	2.27s
✅ MARKDOWN	markdownlint	11		0	0	1.15s
✅ MARKDOWN	markdown-table-formatter	11		0	0	0.54s
✅ REPOSITORY	checkov	yes		no	no	27.07s
✅ REPOSITORY	dustilock	yes		no	no	0.12s
✅ REPOSITORY	gitleaks	yes		no	no	9.36s
✅ REPOSITORY	grype	yes		no	no	54.36s
✅ REPOSITORY	kingfisher	yes		no	no	8.12s
✅ REPOSITORY	osv-scanner	yes		no	no	0.67s
✅ REPOSITORY	secretlint	yes		no	no	1.22s
✅ REPOSITORY	syft	yes		no	no	3.69s
✅ REPOSITORY	trivy	yes		no	no	10.77s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.39s
✅ TERRAFORM	terraform-fmt	6		0	0	0.58s
✅ YAML	prettier	8		0	0	0.55s
✅ YAML	v8r	8		0	0	7.81s
✅ YAML	yamllint	8		0	0	0.67s

Detailed Issues

⚠️ BASH / bash-exec - 3 errors

Results of bash-exec linter (version 5.3.3)
See documentation on https://megalinter.io/9.5.0/descriptors/bash_bash_exec/
-----------------------------------------------

❌ [ERROR] concourse/scripts/assume_role.sh
    Error: File:[concourse/scripts/assume_role.sh] is not executable

✅ [SUCCESS] concourse/scripts/build_image.sh
✅ [SUCCESS] concourse/scripts/set_pipeline.sh
❌ [ERROR] concourse/scripts/terraform_infra.sh
    Error: File:[concourse/scripts/terraform_infra.sh] is not executable

❌ [ERROR] shell_scripts/md_fix.sh
    Error: File:[shell_scripts/md_fix.sh] is not executable

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters ACTION_ZIZMOR,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,CSHARP_CSHARPIER,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_DUSTILOCK,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_KINGFISHER,TERRAFORM_TERRAFORM_FMT,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository