ci(workflows): pin GitHub Actions dependencies to commit SHAs

[gkorland]

Summary

Pin all third-party GitHub Actions to their full commit SHA for supply-chain security.

Changes

• Pin 7 action references across 2 workflow files to commit SHAs
• Version tags preserved in comments for readability

Changed Files

• .github/workflows/php.yml
• .github/workflows/spellcheck.yml

Testing

• Workflow syntax is unchanged; only the @ref portion of uses: directives is modified
• All pinned SHAs correspond to the exact same code as the original version tags

Memory / Performance Impact

N/A - CI configuration only.

Related Issues

Closes #4

[coderabbitai]

Warning

Rate limit exceeded

@gkorland has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 22 minutes and 33 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 88fdf704-ef52-4a73-88ff-18068df4e19e

📥 Commits

Reviewing files that changed from the base of the PR and between bc38b0d and 4838f1d.

📒 Files selected for processing (2)

• .github/workflows/php.yml
• .github/workflows/spellcheck.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/pin-workflow-deps

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 51.69%. Comparing base (bc38b0d) to head (4838f1d).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##               main       #5   +/-   ##
=========================================
  Coverage     51.69%   51.69%           
  Complexity      333      333           
=========================================
  Files            16       16           
  Lines           766      766           
=========================================
  Hits            396      396           
  Misses          370      370           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.