From c4aac5ad6f34d7a52c7e08d44b72ede6b1083c03 Mon Sep 17 00:00:00 2001 From: "renovate-pagopa[bot]" <164534245+renovate-pagopa[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 05:42:18 +0000 Subject: [PATCH] Pin dependencies --- .github/workflows/main.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index c709cf72..746db7fa 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -18,10 +18,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Setup node - uses: actions/setup-node@v3 + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3 with: node-version-file: '.node-version' cache: 'npm' @@ -49,15 +49,15 @@ jobs: image_tag: ${{ github.repository }}:${{ github.sha }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Build container image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3 with: tags: ${{ env.image_tag }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.7.1 + uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac # 0.7.1 with: image-ref: ${{ env.image_tag }} format: 'sarif' @@ -66,7 +66,7 @@ jobs: security-checks: 'vuln,secret,config' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@e8b34a2aaa1d35eab0b758128337086bb22bc6bf # v2 with: sarif_file: 'trivy-results.sarif' @@ -79,7 +79,7 @@ jobs: steps: - name: Login to GitHub Package - uses: docker/login-action@v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2 with: registry: ${{ env.CONTAINER_REGISTRY }} username: ${{ github.actor }} @@ -87,12 +87,12 @@ jobs: - name: Extract metadata (tags, labels) id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4 with: images: ${{ env.CONTAINER_REGISTRY }}/${{ github.repository }} - name: Build and push container image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3 with: push: true tags: ${{ steps.meta.outputs.tags }}