ci: pin GitHub Actions to full-length commit SHAs

[maxandersen]

Pin all action references to full-length commit SHAs for supply chain security.

This is required for enabling the org-level policy:
Require actions to be pinned to a full-length commit SHA

Original version tags are preserved as comments for readability.
Consider adding Dependabot for GitHub Actions to keep pins updated:

# .github/dependabot.yml
version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"

Summary by CodeRabbit

• Chores
  • Enhanced security of the build process by pinning GitHub Actions to specific versions.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 71cd6ccc-2402-401a-8915-516f3ff45b01

📥 Commits

Reviewing files that changed from the base of the PR and between 312c53a and 5f51828.

📒 Files selected for processing (1)

• .github/workflows/test.yml

---

📝 Walkthrough

Walkthrough

The PR updates .github/workflows/test.yml to pin the actions/checkout and actions/setup-java GitHub Actions to fixed commit SHA versions instead of floating version tags, improving reproducibility and preventing unexpected action updates.

Changes

Workflow Action Pinning

Layer / File(s)	Summary
Pin checkout and setup-java actions to commit SHAs .github/workflows/test.yml	The test job steps replace version tag references (@v2, @v1) with fixed commit SHAs while retaining version comments and configuration intent.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A rabbit pins actions down so tight,
No floating tags in CI's night,
Commit hashes carved in stone,
Workflows stable, fully known! 🐰✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: pinning GitHub Actions to full-length commit SHAs, which aligns directly with the workflow file modifications shown in the summary.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch pin-actions-to-sha

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}