Merge pull request #9 from pagopa/renovate/pin-dependencies

jacopocarlini · web-flow · commit 56da26ab543c · 2024-09-25T10:52:37.000+02:00
Pin dependencies
diff --git a/.github/workflows/anchore.yml b/.github/workflows/anchore.yml
@@ -35,18 +35,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout the code
-      uses: actions/checkout@v3
+      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
     - name: Build the Docker image
       run: docker build . --file ${{ env.DOCKERFILE }} --tag localbuild/testimage:latest
     - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
-      uses: anchore/scan-action@v3
+      uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3
       with:
         image: "localbuild/testimage:latest"
         acs-report-enable: true
         fail-build: true
         severity-cutoff: "high"
     - name: Upload Anchore Scan Report
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@d97ba04b39135f37e9d60c84a6995bb18b7ac328 # v2
       if: always()
       with:
         sarif_file: results.sarif
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
@@ -14,7 +14,7 @@ jobs:
     steps:
       # Please look up the latest version from
       # https://github.com/amannn/action-semantic-pull-request/releases
-      - uses: amannn/action-semantic-pull-request@v3.4.6
+      - uses: amannn/action-semantic-pull-request@7bfb19c48fc334d3dacb072cf982e81535041209 # v3.4.6
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -37,7 +37,7 @@ jobs:
       - name: Log in to the Container registry
         id: docker_login
         if: steps.release.outputs.new_release_published == 'true'
-        uses: docker/login-action@v2
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -46,7 +46,7 @@ jobs:
       - name: Build and push Docker image
         id: docker_build_push
         if: steps.release.outputs.new_release_published == 'true'
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3
         with:
           context: .
           push: true
