Merge pull request #6 from NetApp/chore/GHA-010400-stepsecurity-remediation

[StepSecurity] Apply security best practices

Author: romdalf

.github/workflows/release.yml

@@ -37,11 +37,16 @@ jobs:
             asset_name: neoctl-windows-amd64.exe
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
+        with:
+          egress-policy: audit
+
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0
         with:
           go-version: '1.22'
           check-latest: true
@@ -65,7 +70,7 @@ jobs:
 
       - name: Import Apple code-signing certificates
         if: matrix.goos == 'darwin'
-        uses: apple-actions/import-codesign-certs@v3
+        uses: step-security/import-codesign-certs@3aaeedc4d9edfab5de47ab78d22fd5a75dbc26c4 # v6.0.0
         with:
           p12-file-base64: ${{ secrets.MACOS_CERTIFICATE_P12_BASE64 }}
           p12-password: ${{ secrets.MACOS_CERTIFICATE_PWD }}
@@ -97,7 +102,7 @@ jobs:
           zip ${{ matrix.asset_name }}.zip ${{ matrix.asset_name }}
 
       - name: Upload Release Asset
-        uses: softprops/action-gh-release@v1
+        uses: step-security/action-gh-release@dc29ef0d1f6f9a032a97ec797d9cb7ea788dde41 # v2.6.1
         with:
           files: |
             build/*.tar.gz