From 7835d02c935f4b89bcc3e3c0cddf5a9b55400cfc Mon Sep 17 00:00:00 2001 From: Oliver Feldmann Date: Wed, 2 Apr 2025 15:29:57 +0200 Subject: [PATCH 1/2] chore: use sha for gh action versions --- .github/workflows/build.yml | 2 +- .github/workflows/main.yml | 2 +- .github/workflows/push.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/reuse.yaml | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7f959a6..80b55c6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,7 +4,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Build run: | docker build . diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 055954e..107e983 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -4,7 +4,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@master + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Haskell Dockerfile Linter uses: docker://cdssnc/docker-lint-github-action with: diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 954ae9a..e2d67ff 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -12,7 +12,7 @@ jobs: push: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run CI run: | echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USER }} --password-stdin diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1cb4c21..96028f0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,7 +9,7 @@ jobs: create-release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Prepare Release run: | CURRENT_VERSION_LONG=$(curl --silent "https://api.github.com/repos/SAP/devops-docker-neo-cli/releases" | jq -r '.[].tag_name' | head -n1) diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index b4606a4..2e51620 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -6,6 +6,6 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: REUSE Compliance Check - uses: fsfe/reuse-action@v1.1 + uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0 From 0f0eed40767f689d0bf8e95856fc1cd9ad266834 Mon Sep 17 00:00:00 2001 From: Oliver Feldmann Date: Wed, 2 Apr 2025 15:31:43 +0200 Subject: [PATCH 2/2] chore: pin gh action versions --- .github/renovate.json5 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 92597f9..a794a26 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,7 +1,8 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "config:recommended" + "config:recommended", + 'helpers:pinGitHubActionDigests' ], "reviewers": ["o-liver", "srinikitha09", "kaylinche"], "dockerfile": {