Replace github-action versions with SHAs

.github/workflows/release.yaml

@@ -25,12 +25,12 @@ jobs:
     steps:
 
     - name : Checkout repository
-       # https://github.com/actions/checkout/releases/tag/v4.1.1
       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      # https://github.com/actions/checkout/releases/tag/v4.1.1
 
     - name: Setup Go
-      # https://github.com/actions/setup-go/releases/tag/v5.0.0
       uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      # https://github.com/actions/setup-go/releases/tag/v5.0.0
       with:
         go-version-file: 'go.mod'
 
@@ -72,15 +72,15 @@ jobs:
       run: ./scripts/package-helm
 
     - name: Download the amd64 artifacts
-      # https://github.com/actions/download-artifact/commit/65a9edc5881444af0b9093a5e628f2fe47ea3b2e
-      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+      # https://github.com/actions/download-artifact/releases/tag/v4.1.7
       with:
         name: webhook-artifacts-amd64
         path: dist/artifacts
 
     - name: Download the arm64 artifacts
-      # https://github.com/actions/download-artifact/commit/65a9edc5881444af0b9093a5e628f2fe47ea3b2e
-      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+      # https://github.com/actions/download-artifact/releases/tag/v4.1.7
       with:
         name: webhook-artifacts-arm64
         path: dist/artifacts
@@ -116,8 +116,8 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Download the artifacts
-        # https://github.com/actions/download-artifact/commit/65a9edc5881444af0b9093a5e628f2fe47ea3b2e
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        # https://github.com/actions/download-artifact/releases/tag/v4.1.7
         with:
           name: webhook-artifacts-${{ matrix.arch }}
           path: dist/artifacts
@@ -136,24 +136,25 @@ jobs:
             secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        # https://github.com/docker/setup-qemu-action/releases/tag/v3.1.0
+        uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0
 
       - name: Set up Docker Buildx
-        # https://github.com/docker/setup-buildx-action/commit/d70bba72b1f3fd22344832f00baa16ece964efeb
-        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
+        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        # https://github.com/docker/setup-buildx-action/releases/tag/v3.4.0
 
       - name: Log in to the Container registry
-        # https://github.com/docker/login-action/commit/0d4c9c5ea7693da7b068278f7b52bda2a190a446
-        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
+        # https://github.com/docker/login-action/releases/tag/v3.2.0
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ env.DOCKER_USERNAME }}
           password: ${{ env.DOCKER_PASSWORD }}
 
       - name: Build and push the webhook image
         id: build
-        # https://github.com/docker/build-push-action/commit/ca052bb54ab0790a636c9b5f226502c73d547a25
-        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25
+        # https://github.com/docker/build-push-action/releases/tag/v6.3.0
+        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
         with:
           context: .
           file: ./package/Dockerfile
@@ -167,7 +168,8 @@ jobs:
           touch "/tmp/digests/${digest#sha256:}"
 
       - name: Upload digest
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        # https://github.com/actions/upload-artifact/releases/tag/v4.3.3
         with:
           name: digests-${{ matrix.arch }}
           path: /tmp/digests/*
@@ -181,14 +183,16 @@ jobs:
     needs: image
     steps:
       - name: Download digests
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        # https://github.com/actions/download-artifact/releases/tag/v4.1.7
         with:
           path: /tmp/digests
           pattern: digests-*
           merge-multiple: true
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        # https://github.com/docker/setup-buildx-action/releases/tag/v3.4.0
 
       - name: "Read vault secrets"
         uses: rancher-eio/read-vault-secrets@main
@@ -198,8 +202,8 @@ jobs:
             secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD
 
       - name: Log in to the Container registry
-        # https://github.com/docker/login-action/commit/0d4c9c5ea7693da7b068278f7b52bda2a190a446
-        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        # https://github.com/docker/login-action/releases/tag/v3.2.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ env.DOCKER_USERNAME }}