security: more fixes (#670)

Co-authored-by: Ran Isenberg <ran.isenberg@ranthebuilder.cloud>

Author: ran-isenberg

.github/workflows/serverless-service.yml

@@ -39,7 +39,7 @@ jobs:
           pip install -r dev_requirements.txt
           pip install -r lambda_requirements.txt
       - name: configure aws credentials
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
         with:
           role-to-assume: ${{ secrets.AWS_ROLE }}
           role-session-name: samplerolesession
@@ -69,7 +69,7 @@ jobs:
         run: |
           make pipeline-tests
       - name: Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
         with:
           files: ./coverage.xml
           name: aws-lambda-handler-cookbook-codecov
@@ -86,6 +86,8 @@ jobs:
     name: generate_docs_on_main
     runs-on: ubuntu-latest
     needs: [build]
+    permissions:
+      contents: write # for docs push
     if: contains('refs/heads/main', github.ref)
     steps:
       - name: Check out repository code