[StepSecurity] fix(ci): Pin Dependencies with SHA

Signed-off-by: StepSecurity Bot <[email protected]>

Author: step-security-bot

.github/workflows/codespell.yml

@@ -22,7 +22,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Run codespell
-        uses: codespell-project/[email protected]
+        uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2.1
         with:
           check_filenames: true
           check_hidden: true

.github/workflows/pytest.yml

@@ -46,7 +46,7 @@ jobs:
           python-version: ${{ matrix.python-version }}
 
       - name: Set up pip cache
-        uses: actions/cache@v4
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: |
             ~/.cache/pip

.github/workflows/ruff.yml

@@ -34,12 +34,12 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Lint with Ruff
-        uses: astral-sh/ruff-action@v3
+        uses: astral-sh/ruff-action@eaf0ecdd668ceea36159ff9d91882c9795d89b49 # v3.4.0
         with:
           version-file: pyproject.toml
 
       - name: Check format with Ruff
-        uses: astral-sh/ruff-action@v3
+        uses: astral-sh/ruff-action@eaf0ecdd668ceea36159ff9d91882c9795d89b49 # v3.4.0
         with:
           version-file: pyproject.toml
           args: format --check

.github/workflows/windows_build.yml

@@ -106,7 +106,7 @@ jobs:
 
       - name: Generate GitHub Actions build provenance
         id: gh_provenance_step # Added id
-        uses: actions/[email protected]
+        uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
         with:
           subject-path: windows/Output/*.exe
           subject-name: 'ardupilot_methodic_configurator'