Pin GitHub Actions versions (rails#55147)

* Pin GitHub Actions versions

After recent [supply chain attacks](https://www.bleepingcomputer.com/news/security/github-action-hack-likely-led-to-another-in-cascading-supply-chain-attack/) on widely used GitHub Actions, it is now [security best practice](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions) to pin GitHub Actions versions in workflow files.

This PR makes that change, using the latest versions that the current major versions in code imply.

* Revert "Pin GitHub Actions versions"

This reverts commit 490bfb7.

* Change to only specifying the SHA for non-well-known sources

* Change to only specifying the SHA for non-well-known sources

Co-authored-by: Rafael Mendonça França <[email protected]>

Author: hlascelles

.github/workflows/devcontainer-smoke-test.yml

@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -34,7 +34,7 @@ jobs:
         run: bundle exec railties/exe/rails new myapp_sqlite --database="sqlite3" --dev --devcontainer
 
       - name: Test devcontainer sqlite3
-        uses: devcontainers/[email protected]
+        uses: devcontainers/ci@8bf61b26e9c3a98f69cb6ce2f88d24ff59b785c6 # v0.3.1900000417
         with:
           subFolder: myapp_sqlite
           imageName: ghcr.io/rails/smoke-test-devcontainer
@@ -51,7 +51,7 @@ jobs:
         run: bundle exec railties/exe/rails new myapp_postgresql --database="postgresql" --dev --devcontainer
 
       - name: Test devcontainer postgresql
-        uses: devcontainers/[email protected]
+        uses: devcontainers/ci@8bf61b26e9c3a98f69cb6ce2f88d24ff59b785c6 # v0.3.1900000417
         with:
           subFolder: myapp_postgresql
           imageName: ghcr.io/rails/smoke-test-devcontainer
@@ -68,7 +68,7 @@ jobs:
         run: bundle exec railties/exe/rails new myapp_mysql --database="mysql" --dev --devcontainer
 
       - name: Test devcontainer mysql
-        uses: devcontainers/[email protected]
+        uses: devcontainers/ci@8bf61b26e9c3a98f69cb6ce2f88d24ff59b785c6 # v0.3.1900000417
         with:
           subFolder: myapp_mysql
           imageName: ghcr.io/rails/smoke-test-devcontainer
@@ -85,7 +85,7 @@ jobs:
         run: bundle exec railties/exe/rails new myapp_trilogy --database="trilogy" --dev --devcontainer
 
       - name: Test devcontainer trilogy
-        uses: devcontainers/[email protected]
+        uses: devcontainers/ci@8bf61b26e9c3a98f69cb6ce2f88d24ff59b785c6 # v0.3.1900000417
         with:
           subFolder: myapp_trilogy
           imageName: ghcr.io/rails/smoke-test-devcontainer

.github/workflows/rails-new-docker.yml

@@ -41,7 +41,7 @@ jobs:
     - name: Test container
       run: ruby -r ./.github/workflows/scripts/test-container.rb
 
-    - uses: zzak/action-discord@v8
+    - uses: zzak/action-discord@4cd181470664aa174b7252e5afb2ecf896001817 # v8
       continue-on-error: true
       if: failure() && github.ref_name == 'main'
       with: