test: add gh-pin pre-commit

[dipinknair]

Add ghaction-pin pre-commit hook

Adds a new hook that automatically pins GitHub Actions uses: references from mutable tags to immutable commit SHAs, improving supply-chain security.

Before:

- uses: ansys/actions/code-style@v10.3.2

After:

- uses: ansys/actions/code-style@d946b24b9a765f4169bcc94afdb27bd1a0533741 # v10.3.2

What it does

• Scans one or more workflow YAML files or directories recursively
• Resolves each tag/branch ref to its full 40-character commit SHA via the GitHub commits API (no authentication required for public repos)
• Preserves the original tag as an inline comment for human readability
• Skips lines already pinned to a SHA; warns about uses: lines missing a ref entirely
• Handles both LF and CRLF line endings

Usage

- repo: https://github.com/ansys/pre-commit-hooks
  rev: <tag>
  hooks:
    - id: ghaction-pin
      args:
        - .github/workflows

[dipinknair]

This is a test run that I ran in embedding example repo
https://github.com/ansys/pymechanical-embedding-examples/pull/327/changes

[RobPasMue]

I like it! I just see a few issues JSYK, but maybe we can document this. And solve/improve the logic-related ones

[RobPasMue]

This is only true for Windows files.. shouldn't you strip the line ending for LF files? (i.e. \n)

[RobPasMue]

This is going to fail on pre-commit.ci... pre-commit.ci has no access to the web.

[RobPasMue]

This logic seems a bit convoluted... you are only stripping on Windows, and preserving the line ending in other cases to store the eol... Can we clarify this logic and make it simpler?

[dipinknair]

I like it! I just see a few issues JSYK, but maybe we can document this. And solve/improve the logic-related ones

Thank you. I will rectify the issues and thank you for the valuable feedbacks.