Pin versions

Author: dlemstra

.github/dependabot.yml

@@ -4,3 +4,7 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+  - package-ecosystem: "nuget"
+    directory: "/"
+    schedule:
+      interval: "weekly"

actions/code-signing/.config/dotnet-tools.json

@@ -0,0 +1,12 @@
+{
+  "version": 1,
+  "isRoot": true,
+  "tools": {
+    "sign": {
+      "version": "0.9.1-beta.26102.1",
+      "commands": [
+        "sign"
+      ]
+    }
+  }
+}

actions/code-signing/action.yml

@@ -27,7 +27,7 @@ runs:
 
     - name: Azure CLI login with federated credential
       if: steps.should_sign.outputs.should_sign == 'true'
-      uses: azure/login@v2
+      uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
       with:
         client-id: ${{inputs.client-id}}
         tenant-id: ${{inputs.tenant-id}}
@@ -36,7 +36,8 @@ runs:
     - name: Install sign cli
       if: steps.should_sign.outputs.should_sign == 'true'
       shell: cmd
-      run: dotnet tool install --global sign --prerelease
+      run: dotnet tool restore
+      working-directory: ${{ github.action_path }}
 
     - name: Sign executables and libraries
       if: steps.should_sign.outputs.should_sign == 'true'