From c4beef9f6eed981f230d4dfe419791eccc0717b2 Mon Sep 17 00:00:00 2001
From: "renovate-pagopa[bot]"
 <164534245+renovate-pagopa[bot]@users.noreply.github.com>
Date: Tue, 1 Oct 2024 05:45:19 +0000
Subject: [PATCH] Pin dependencies

---
 .github/workflows/main.yaml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index c709cf72..72256328 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -18,10 +18,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3
         with:
           node-version-file: '.node-version'
           cache: 'npm'
@@ -49,15 +49,15 @@ jobs:
       image_tag: ${{ github.repository }}:${{ github.sha }}
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Build container image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3
         with:
           tags: ${{ env.image_tag }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.7.1
+        uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac # 0.7.1
         with:
           image-ref: ${{ env.image_tag }}
           format: 'sarif'
@@ -66,7 +66,7 @@ jobs:
           security-checks: 'vuln,secret,config'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@85b07cf1e13dd512be7c27c37a33c5864c252fcc # v2
         with:
           sarif_file: 'trivy-results.sarif'
 
@@ -79,7 +79,7 @@ jobs:
 
     steps:
       - name: Login to GitHub Package
-        uses: docker/login-action@v2
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
         with:
           registry: ${{ env.CONTAINER_REGISTRY }}
           username: ${{ github.actor }}
@@ -87,12 +87,12 @@ jobs:
 
       - name: Extract metadata (tags, labels)
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4
         with:
           images: ${{ env.CONTAINER_REGISTRY }}/${{ github.repository }}
 
       - name: Build and push container image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3
         with:
           push: true
           tags: ${{ steps.meta.outputs.tags }}