ci(workflows): pin GitHub Actions dependencies to commit SHAs

[gkorland]

Summary

Pin all third-party GitHub Actions to their full commit SHA for supply-chain security.

Changes

• Pin 7 action references across 3 workflow files to commit SHAs
• Version tags preserved in comments for readability

Changed Files

• .github/workflows/ci.yml
• .github/workflows/pypi-publish.yaml
• .github/workflows/spellcheck.yml

Testing

• Workflow syntax is unchanged; only the @ref portion of uses: directives is modified
• All pinned SHAs correspond to the exact same code as the original version tags

Memory / Performance Impact

N/A - CI configuration only.

Related Issues

Closes #30

[coderabbitai]

Warning

Rate limit exceeded

@gkorland has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 19 minutes and 36 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 400f4367-74b1-4346-ab50-0b121df6de81

📥 Commits

Reviewing files that changed from the base of the PR and between 83d98fe and 81478f4.

📒 Files selected for processing (3)

• .github/workflows/ci.yml
• .github/workflows/pypi-publish.yaml
• .github/workflows/spellcheck.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/pin-workflow-deps

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.53%. Comparing base (83d98fe) to head (81478f4).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #31   +/-   ##
=======================================
  Coverage   86.53%   86.53%           
=======================================
  Files           1        1           
  Lines          52       52           
=======================================
  Hits           45       45           
  Misses          7        7           

Flag	Coverage Δ
unittests	86.53% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.