More workflow pinning

[jonloucks]

Pull request overview

This PR enhances GitHub Actions security by pinning two workflow actions to specific commit SHAs instead of using semantic version tags. This practice prevents potential supply chain attacks where malicious code could be introduced through version tag updates.

Changes:

• Pinned gradle/actions/setup-gradle from v5 to commit SHA 4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2
• Pinned cicirello/jacoco-badge-generator from v2.11.0 to commit SHA 72266185b7ee48a6fd74eaf0238395cc8b14fef8

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
.github/workflows/main-release.yml	Updated gradle setup-gradle and jacoco-badge-generator actions to use commit SHAs
.github/workflows/main-push.yml	Updated gradle setup-gradle and jacoco-badge-generator actions to use commit SHAs
.github/workflows/main-pull-request.yml	Updated gradle setup-gradle and jacoco-badge-generator actions to use commit SHAs
.github/workflows/main-pull-request-matrix.yml	Updated gradle setup-gradle action to use commit SHA

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (code improvement or restructuring without changing external behavior)
• Documentation update
• Chore (e.g., dependency updates, build tooling changes)

Checklist:

• My code follows the project's coding style guidelines.
• I have performed a self-review of my own code.
• I have commented my code, particularly in hard-to-understand areas.
• I have made corresponding changes to the documentation (if necessary).
• My changes generate no new warnings.
• I have added tests that prove my fix is effective or my feature works.
• New and existing unit tests pass locally with my changes.

Additional Notes

[Copilot]

Pull request overview

This PR enhances GitHub Actions security by pinning two workflow actions to specific commit SHAs instead of using semantic version tags. This practice prevents potential supply chain attacks where malicious code could be introduced through version tag updates.

Changes:

• Pinned gradle/actions/setup-gradle from v5 to commit SHA 4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2
• Pinned cicirello/jacoco-badge-generator from v2.11.0 to commit SHA 72266185b7ee48a6fd74eaf0238395cc8b14fef8

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
.github/workflows/main-release.yml	Updated gradle setup-gradle and jacoco-badge-generator actions to use commit SHAs
.github/workflows/main-push.yml	Updated gradle setup-gradle and jacoco-badge-generator actions to use commit SHAs
.github/workflows/main-pull-request.yml	Updated gradle setup-gradle and jacoco-badge-generator actions to use commit SHAs
.github/workflows/main-pull-request-matrix.yml	Updated gradle setup-gradle action to use commit SHA

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.