[FR] Tag images with commit hash

[p5]

Is your feature request related to a problem? Please describe.

It's a security best practice to pin your GitHub Action versions to a particular commit hash to prevent changes happening without your knowledge. This helps improve supply chain security.

This results in workflows calling jasonn3/build-container-installer@ceccfc98ef73825152095431bfa85c796f174c7a rather than jasonn3/build-container-installer@v1.2.2.

During the build, GitHub Actions tries to lookup the Docker image tagged with ceccfc98ef73825152095431bfa85c796f174c7a due to the ${{ github.action_ref }} context, which fails because there are no images being tagged with this.
(example build log)

Describe the solution you'd like

It would be great if the images could be tagged with both the version number and commit hash to help improve the security of the supply chain, and allow others to follow best practice.