Merge pull request #197 from Wikid82/renovate/pin-dependencies

chore(deps): pin dependencies
2025-11-24 11:26:24 -05:00
parent d5b322eff2 9d366ff7c9
commit 57e4fc1a2a
1 changed files with 3 additions and 3 deletions
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -111,7 +111,7 @@ jobs:
      - name: Build and push Docker image
        if: steps.skip.outputs.skip_build != 'true'
        id: build-and-push
-        uses: docker/build-push-action@v6 # v6.9.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
        with:
          context: .
          platforms: ${{ github.event_name == 'pull_request' && 'linux/amd64' || 'linux/amd64,linux/arm64' }}
@@ -128,7 +128,7 @@ jobs:

      - name: Run Trivy scan (table output)
        if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true'
-        uses: aquasecurity/trivy-action@0.28.0 # 0.28.0
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
        with:
          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
          format: 'table'
@@ -139,7 +139,7 @@ jobs:
      - name: Run Trivy vulnerability scanner (SARIF)
        if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true'
        id: trivy
-        uses: aquasecurity/trivy-action@0.28.0 # 0.28.0
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
        with:
          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
          format: 'sarif'