fix: harden cluster rebuild determinism

.gitea/workflows/dashboards.yml

@@ -9,6 +9,10 @@ on:
       - "ansible/roles/observability-content/**"
   workflow_dispatch:
 
+concurrency:
+  group: prod-cluster
+  cancel-in-progress: false
+
 env:
   TF_VERSION: "1.7.0"
   TF_VAR_s3_access_key: ${{ secrets.S3_ACCESS_KEY }}
@@ -24,7 +28,7 @@ env:
 jobs:
   dashboards:
     name: Grafana Content
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -46,6 +50,7 @@ jobs:
         working-directory: terraform
         run: |
           terraform init \
+            -lockfile=readonly \
             -backend-config="endpoint=${{ secrets.S3_ENDPOINT }}" \
             -backend-config="bucket=${{ secrets.S3_BUCKET }}" \
             -backend-config="region=auto" \
@@ -56,7 +61,7 @@ jobs:
       - name: Install Python Dependencies
         run: |
           apt-get update && apt-get install -y python3-pip
-          pip3 install --break-system-packages ansible kubernetes jinja2 pyyaml
+          pip3 install --break-system-packages ansible==11.2.0 kubernetes==32.0.1 jinja2==3.1.5 pyyaml==6.0.2
 
       - name: Install Ansible Collections
         run: ansible-galaxy collection install -r ansible/requirements.yml