Skip to content

Commit

Permalink
Pin dependencies
Browse files Browse the repository at this point in the history
  • Loading branch information
renovate-pagopa[bot] authored Nov 21, 2024
1 parent 01abb41 commit afe70c9
Showing 1 changed file with 9 additions and 9 deletions.
18 changes: 9 additions & 9 deletions .github/workflows/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,10 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3

- name: Setup node
uses: actions/setup-node@v3
uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3
with:
node-version-file: '.node-version'
cache: 'npm'
Expand Down Expand Up @@ -49,15 +49,15 @@ jobs:
image_tag: ${{ github.repository }}:${{ github.sha }}

steps:
- uses: actions/checkout@v3
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3

- name: Build container image
uses: docker/build-push-action@v3
uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3
with:
tags: ${{ env.image_tag }}

- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac # 0.7.1
with:
image-ref: ${{ env.image_tag }}
format: 'sarif'
Expand All @@ -66,7 +66,7 @@ jobs:
security-checks: 'vuln,secret,config'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@e2b57b01d64b69ac273abfbea5d3ed15231e1706 # v2
with:
sarif_file: 'trivy-results.sarif'

Expand All @@ -79,20 +79,20 @@ jobs:

steps:
- name: Login to GitHub Package
uses: docker/login-action@v2
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
with:
registry: ${{ env.CONTAINER_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels)
id: meta
uses: docker/metadata-action@v4
uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4
with:
images: ${{ env.CONTAINER_REGISTRY }}/${{ github.repository }}

- name: Build and push container image
uses: docker/build-push-action@v3
uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3
with:
push: true
tags: ${{ steps.meta.outputs.tags }}

0 comments on commit afe70c9

Please sign in to comment.