edx-internal kube-lint check was failing on new jq-action v2.3.0; pinned to 2.2.1

[timmc-edx]

Summary: I've pinned an action dependency in edx-internal to a commit, but it needs followup.

This morning the kube-lint check in edx-internal started failing: https://github.com/edx/edx-internal/actions/runs/4184151642/workflow (private link)

This is because we had a dependency on sergeysova/jq-action@v2 which released v2.3.0 this week; the previous v2 had been v2.2.1. The intervening change was sergeysova/jq-action#9 which uses GitHub's new output-file rather than the deprecated set-output. It appears to be breaking on multiline outputs, and I'm not clear on whether that's kube-lint's or jq-action's fault. (There does seem to be more difficulty with multi-line outputs in the new output-file approach, unfortunately.)

In the meantime I've pinned jq-action to a commit, so I'm filing this ticket for followup so it doesn't stay pinned forever. I also don't know what SRE wants to do with respect to action pinning in general. I would recommend pinning to commits, for security, but that may conflict with other needs.

[rgraber]

Closing this as the immediate issue has been resolved https://github.com/edx/edx-internal/pull/7907 and SRE has at least been made aware of the action-pinning issue.