This commit hardens the CI/CD pipeline by addressing several security
vulnerabilities.
- Replaces the manual release process with `goreleaser` to streamline
builds and enable artifact signing.
- Pins all GitHub Actions to specific commit hashes to prevent supply
chain attacks.
- Enables cryptographic signing of release artifacts using `cosign` and
Sigstore's keyless signing.
- Adds a Dependabot configuration to automate dependency updates.
- Removes excessive `contents: write` permissions from workflows.
- Creates an `AUDIT-CICD.md` file to document the audit findings and
remediation steps.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
This commit updates the `.github/workflows/mkdocs.yml` file to use the latest versions of the `actions/checkout` and `actions/setup-python` actions.
Key changes:
- Upgraded `actions/checkout` from `v2` to `v4`.
- Upgraded `actions/setup-python` from `v2` to `v5`.
- Pinned the Python version to `'3.11'`.
- Added `permissions: contents: write` to the `deploy` job to ensure the workflow has the necessary permissions to publish to GitHub Pages.
