ci: update workflow to follow security best practices

Author: jim-deriv

.github/actions/setup_node/action.yml

@@ -4,6 +4,6 @@ runs:
   using: composite
   steps:
     - name: Use Node.js 16.x
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8
       with:
         node-version: 16.x

.github/workflows/coveralls.yml

@@ -9,10 +9,10 @@ on:
 jobs:
   build:
     name: Build
-    runs-on: ubuntu-latest # TODO: Replace this with the appropriate runner for Deriv-Api-Docs when provided
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
       - name: Setup Node
         uses: './.github/actions/setup_node'
       - name: Install dependencies
@@ -22,4 +22,4 @@ jobs:
       - name: Run Tests
         run: npm run test  -- --collectCoverage
       - name: Coveralls
-        uses: coverallsapp/github-action@v2
+        uses: coverallsapp/github-action@3dfc5567390f6fa9267c0ee9c251e4c8c3f18949

.github/workflows/release_production.yml

@@ -9,12 +9,12 @@ jobs:
   build_and_publish:
     name: Builds and Publishes to Cloudflare Pages Production
     environment: Production
-    runs-on: ubuntu-latest # TODO: Replace this with the appropriate runner for Deriv-Api-Docs when provided
+    runs-on: ubuntu-latest
     outputs:
       RELEASE_VERSION: ${{ steps.extract_version.outputs.RELEASE_VERSION }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
       - name: Setup Node
         uses: ./.github/actions/setup_node
       - name: Install dependencies
@@ -30,14 +30,14 @@ jobs:
           RELEASE_TYPE: ${{ env.RELEASE_TYPE }}
       - name: Extract version
         id: extract_version
-        run: echo "RELEASE_VERSION=$(cat build/version)" >> $GITHUB_OUTPUT
+        run: echo "RELEASE_VERSION=$(cat build/version.txt)" >> $GITHUB_OUTPUT
       - name: Publish to Cloudflare Pages Production
         uses: ./.github/actions/publish_to_pages_production
         with:
           CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
       - name: Upload Build Artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8
         with:
           name: build
           path: build
@@ -51,9 +51,9 @@ jobs:
     needs: [build_and_publish]
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
       - name: Conclusion
-        uses: technote-space/workflow-conclusion-action@v3
+        uses: technote-space/workflow-conclusion-action@45ce8e0eb155657ab8ccf346ade734257fd196a5
       - name: Create Slack Message
         id: create_slack_message
         run: |
@@ -75,9 +75,9 @@ jobs:
     needs: [build_and_publish]
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
       - name: Download Build Artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935
         with:
           name: build
           path: build