ci: pin GitHub Actions to commit SHAs

[roydahan]

Summary

• Pin all external GitHub Actions to full commit SHAs to reduce supply chain attack surface
• Upgrade outdated actions to their latest versions

This PR was generated automatically. Please verify that GitHub Actions work as expected with these changes before merging.

Reference: scylladb/scylladb#29421

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 4455d766-6db4-4655-b392-07bdfc6816e5

📥 Commits

Reviewing files that changed from the base of the PR and between 886a31b and 69fb333.

📒 Files selected for processing (5)

• .github/workflows/docs-pages.yaml
• .github/workflows/docs-pr.yaml
• .github/workflows/tests-reports-4x@v1.yml
• .github/workflows/tests-reports@v1.yml
• .github/workflows/tests@v1.yml

✅ Files skipped from review due to trivial changes (2)

• .github/workflows/tests-reports-4x@v1.yml
• .github/workflows/tests-reports@v1.yml

🚧 Files skipped from review as they are similar to previous changes (3)

• .github/workflows/docs-pages.yaml
• .github/workflows/docs-pr.yaml
• .github/workflows/tests@v1.yml

---

📝 Walkthrough

Walkthrough

This pull request updates five GitHub Actions workflow files to pin third-party action versions to specific commit SHAs instead of using floating major version references. Documentation workflows (docs-pages.yaml, docs-pr.yaml) and the main tests workflow (tests@v1.yml) now reference pinned versions of actions/checkout, actions/setup-java, and actions/setup-python. Test reporter workflows (tests-reports@v1.yml, tests-reports-4x@v1.yml) pin dorny/test-reporter to v3.0.0. The main test workflow also sets Python to 3.11 in integration test jobs and pins actions/upload-artifact to v7.0.1.

Possibly related PRs

• scylladb/java-driver#912: CI workflow changes that update actions/* references to pinned commit SHAs, addressing the same action-version pinning policy.

Suggested reviewers

• dkropachev

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'ci: pin GitHub Actions to commit SHAs' directly and accurately describes the main change across all workflow files, which is pinning GitHub Actions to specific commit SHAs for security.
Description check	✅ Passed	The description clearly explains the purpose of pinning actions to reduce supply chain attacks and upgrading outdated actions, which aligns with all the changes made across the workflow files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}