chore: github actions cleanup

- [x] add stale workflow
- [x] switch to umutable actions on ones that allow it (closes 8 security warnings)

Signed-off-by: jmeridth <jmeridth@gmail.com>

Author: jmeridth

.github/workflows/docker-ci.yml

@@ -14,6 +14,6 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4.2.2
       - name: Build the Docker image
         run: docker build . --file Dockerfile --platform linux/amd64

.github/workflows/major-version-updater.yml

@@ -15,7 +15,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4.2.2
 
       - name: version
         id: version

.github/workflows/python-ci.yml

@@ -20,9 +20,9 @@ jobs:
       matrix:
         python-version: [3.11, 3.12]
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4.2.2
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b
+        uses: actions/setup-python@v5.3.0
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies

.github/workflows/release.yml

@@ -60,7 +60,7 @@ jobs:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4.2.2
       - name: Push Docker Image
         if: ${{ success() }}
         uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75

.github/workflows/scorecard.yml

@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4.2.2
         with:
           persist-credentials: false
 
@@ -36,7 +36,7 @@ jobs:
           results_format: sarif
           publish_results: true
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@v4.4.3
         with:
           name: SARIF file
           path: results.sarif

.github/workflows/stale.yml

@@ -0,0 +1,21 @@
+name: "Close stale issues"
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+permissions:
+  issues: write
+  pull-requests: read
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9.0.0
+        with:
+          stale-issue-message: "This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days."
+          close-issue-message: "This issue was closed because it has been stalled for 35 days with no activity."
+          days-before-stale: 21
+          days-before-close: 14
+          days-before-pr-close: -1
+          exempt-issue-labels: keep

.github/workflows/super-linter.yaml

@@ -18,7 +18,7 @@ jobs:
       statuses: write
     steps:
       - name: Checkout Code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4.2.2
         with:
           fetch-depth: 0
       - name: Install dependencies