Fix CI GitHub warnings

.github/workflows/ci.yml

@@ -41,28 +41,28 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@v2
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2
         with:
           egress-policy: audit
 
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Python 3.10
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5
         with:
           python-version: '3.10'
 
       - name: Install packages
         run: |
           brew update
-          brew install gcovr ninja || brew link --overwrite python
+          brew install gcovr || brew link --overwrite python # ninja
 
       - name: Install Python modules
         run: pip3 install meson pytest
 
       - name: Install dependencies
-        uses: kiwix/kiwix-build/actions/dl_deps_archive@main
+        uses: kiwix/kiwix-build/actions/dl_deps_archive@77592b12ffa8f2b51f9b28e6f34643eb2d99ac62 # main
         with:
           target_platform: ${{ matrix.target }}
 
@@ -102,15 +102,15 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@v2
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2
         with:
           egress-policy: audit
 
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup python 3.10
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5
         with:
           python-version: '3.10'
 
@@ -122,12 +122,12 @@ jobs:
         run: pip3 install meson
 
       - name: Setup MSVC compiler
-        uses: bus1/cabuild/action/msdevshell@v1
+        uses: bus1/cabuild/action/msdevshell@e22aba57d6e74891d059d66501b6b5aed8123c4d # v1
         with:
           architecture: x64
 
       - name: Install dependencies
-        uses: kiwix/kiwix-build/actions/dl_deps_archive@main
+        uses: kiwix/kiwix-build/actions/dl_deps_archive@77592b12ffa8f2b51f9b28e6f34643eb2d99ac62 # main
         with:
           target_platform: win-x86_64-dyn
 
@@ -215,18 +215,18 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@v2
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2
         with:
           egress-policy: audit
 
       - name: Install dependencies
         if: ${{ !contains(matrix.target, 'musl') }}
-        uses: kiwix/kiwix-build/actions/dl_deps_archive@main
+        uses: kiwix/kiwix-build/actions/dl_deps_archive@77592b12ffa8f2b51f9b28e6f34643eb2d99ac62 # main
         with:
           target_platform: ${{ matrix.target }}
 
       - name: Retrieve source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Compile source code
         shell: bash
@@ -277,10 +277,10 @@ jobs:
           fi
 
       - name: Upload code coverage
-        uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1
+        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5
         if: matrix.coverage
         with:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+          token: ${{ secrets.CODECOV_TOKEN }}
 
   OSSF-Scorecard:
     name: OSSF Scorecard
@@ -337,6 +337,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3
         with:
           sarif_file: results.sarif