ci: pin GitHub Actions to commit SHAs

[roydahan]

Summary

• Pin all external GitHub Actions to full commit SHAs to reduce supply chain attack surface
• Upgrade outdated actions to their latest versions

This PR was generated automatically. Please verify that GitHub Actions work as expected with these changes before merging.

Reference: scylladb/scylladb#29421

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 1786e456-29b6-491c-be5c-897cd5314e3c

📥 Commits

Reviewing files that changed from the base of the PR and between 7c17c04 and 1a77648.

📒 Files selected for processing (2)

• .github/workflows/docs-pages.yaml
• .github/workflows/docs-pr.yaml

---

📝 Walkthrough

Walkthrough

This PR pins GitHub Actions to specific commit SHAs across two documentation workflows. In .github/workflows/docs-pages.yaml, four action steps are pinned: actions/checkout, astral-sh/setup-uv, actions/upload-artifact, and actions/deploy-pages. In .github/workflows/docs-pr.yaml, two action steps are pinned: actions/checkout and astral-sh/setup-uv. All references replace semantic version tags with fixed commit SHA identifiers.

Possibly related PRs

• scylladb/cpp-rs-driver#465: Both PRs modify GitHub workflow YAMLs to pin third-party Actions (e.g., actions/checkout and actions/upload-artifact) to fixed commit SHAs instead of version tags.

Suggested labels

area/Driver_-_cpp-rs-driver

Suggested reviewers

• wprzytula

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description explains the purpose (reducing supply chain attack surface), the changes made (pinning actions and upgrading versions), and includes an important caveat about verification. However, it does not follow the provided repository template structure.	Consider adopting the repository's PR description template with pre-review checklist items, or clarify if the template applies to this repository's automated dependency management PRs.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'ci: pin GitHub Actions to commit SHAs' clearly and concisely summarizes the main change—pinning GitHub Actions to specific commit SHAs—which is supported by changes to both workflow files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}