This pull request updates multiple GitHub Actions workflows to improve
security, stability, and functionality. The most notable changes include
pinning action versions to specific commit SHAs, adding validation for
branch names, and updating dependencies and configurations.
### Security Improvements:
* Added `persist-credentials: false` to `actions/checkout` steps in
`.github/workflows/build-engine-docker-image-and-publish-to-dockerhub.yml`
and `.github/workflows/e2e-tests.yml` to reduce the risk of unauthorized
access to credentials.
[[1]](diffhunk://#diff-f87667d48e22abfbbccf3695a8acc386143e3542286f432e6e3d8330960c76f9R29)
[[2]](diffhunk://#diff-194218c48b9a0cdd03974145733804c2d992ca818529fe2fa69a501d8b5b1cc3R48-R59)
* Validated branch names against a safe pattern in
`.github/workflows/linting-and-tests.yml` to prevent potential misuse of
branch names in subsequent steps.
### Stability Enhancements:
* Pinned all third-party GitHub Actions to specific commit SHAs across
various workflows to ensure consistent and predictable behavior.
Examples include
`grafana/shared-workflows/actions/build-push-to-dockerhub`,
`catchpoint/workflow-telemetry-action`, and
`actions-ecosystem/action-remove-labels`.
[[1]](diffhunk://#diff-f87667d48e22abfbbccf3695a8acc386143e3542286f432e6e3d8330960c76f9L37-R38)
[[2]](diffhunk://#diff-194218c48b9a0cdd03974145733804c2d992ca818529fe2fa69a501d8b5b1cc3R48-R59)
[[3]](diffhunk://#diff-f93a3de9563193d65121683e6383741ac4b6aa18bdb51ba82b80497e700561cdL15-R15)
* Updated Helm-related actions in
`.github/workflows/linting-and-tests.yml` and
`.github/workflows/on-release-published.yml` to specific SHAs for better
reliability.
[[1]](diffhunk://#diff-a70d3d29c45894eeef2036c533385dbc424f9479590aaea01e62c06dc67079a1L147-R170)
[[2]](diffhunk://#diff-e95a5d3f03a1351728732657b6b150cfbbd9a9724b387226b1f99f079b1954b0L91-R91)
### Functional Updates:
* Enhanced `.github/workflows/linting-and-tests.yml` by using validated
branch references in Git commands to avoid errors caused by unsafe
branch names.
* Updated `snyk/actions/setup` in
`.github/workflows/snyk-security-scan.yml` to a specific SHA for
improved compatibility and security.
These changes collectively enhance the security, reliability, and
maintainability of the workflows.
a991fac43e