diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ec12c05..dc9a744 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,10 +27,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Go - uses: actions/setup-go@v5.4.0 + uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: go-version-file: go.mod diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index a41975f..bf767fd 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -18,18 +18,18 @@ jobs: steps: - name: Set up QEMU - uses: docker/setup-qemu-action@v3.6.0 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.10.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true show-progress: false - name: Log into registry - uses: docker/login-action@v3.4.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -40,7 +40,7 @@ jobs: run: bash ci/docker-gen-tagnames.sh - name: Build and push - uses: docker/build-push-action@v6.16.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 with: context: . platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/pr-regen-translations.yml b/.github/workflows/pr-regen-translations.yml index 740c2dd..3593aaf 100644 --- a/.github/workflows/pr-regen-translations.yml +++ b/.github/workflows/pr-regen-translations.yml @@ -11,7 +11,7 @@ jobs: shell: bash container: - image: luzifer/gh-arch-env + image: luzifer/gh-arch-env@sha256:b6512b11919261a7ad7697fbd2cfb10dfd13ac1802ac1b554eaaf8e4748baa40 env: CGO_ENABLED: 0 GOPATH: /go @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.head_ref }} @@ -34,7 +34,7 @@ jobs: working-directory: ./ci/translate run: go run . - - uses: stefanzweifel/git-auto-commit-action@v5.2.0 + - uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0 with: commit_author: 'github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>' commit_message: 'CI: Update embedded translations' diff --git a/.github/workflows/test-and-build.yml b/.github/workflows/test-and-build.yml index 508abbe..3790d54 100644 --- a/.github/workflows/test-and-build.yml +++ b/.github/workflows/test-and-build.yml @@ -16,7 +16,7 @@ jobs: shell: bash container: - image: ghcr.io/luzifer-docker/gh-arch-env + image: ghcr.io/luzifer-docker/gh-arch-env@sha256:7695537d0125e06d918e0d1ab88c0d12fbd4288d2ae101bd83578125ee43bab0 env: CGO_ENABLED: 0 GOPATH: /go @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Marking workdir safe run: git config --global --add safe.directory /__w/ots/ots @@ -54,7 +54,7 @@ jobs: grep -q "### Language" translate-issue.md || rm -f translate-issue.md - name: Update Translations Issue - uses: JasonEtco/create-an-issue@v2.9.2 + uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2 if: github.ref == 'refs/heads/master' && hashFiles('translate-issue.md') != '' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -77,7 +77,7 @@ jobs: run: 'awk "/^#/ && ++c==2{exit}; /^#/f" "History.md" | tail -n +2 >release_changelog.md' - name: Release - uses: ncipollo/release-action@v1.16.0 + uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # v1.16.0 if: startsWith(github.ref, 'refs/tags/') with: artifacts: '.build/*' diff --git a/Dockerfile b/Dockerfile index a320f4c..5f62afb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.24.2-alpine AS builder +FROM golang:1.24.2-alpine@sha256:7772cb5322baa875edd74705556d08f0eeca7b9c4b5367754ce3f2f00041ccee AS builder ENV CGO_ENABLED=0 \ GOPATH=/go \ @@ -22,7 +22,7 @@ RUN set -ex \ -mod=readonly -FROM alpine:3.21 +FROM alpine:3.21@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c LABEL org.opencontainers.image.authors='Knut Ahlers ' \ org.opencontainers.image.version='1.16.0' \ diff --git a/Dockerfile.minimal b/Dockerfile.minimal index b1a7dff..5129b1b 100644 --- a/Dockerfile.minimal +++ b/Dockerfile.minimal @@ -1,4 +1,4 @@ -FROM golang:1.24.2-alpine AS builder +FROM golang:1.24.2-alpine@sha256:7772cb5322baa875edd74705556d08f0eeca7b9c4b5367754ce3f2f00041ccee AS builder ENV CGO_ENABLED=0 \ GOPATH=/go \ diff --git a/docker-compose.yml b/docker-compose.yml index 98fc9ca..93b91f6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,7 +18,7 @@ services: ports: - 3000:3000 redis: - image: redis:alpine + image: redis:alpine@sha256:f773b35a95e170d92dd4214a3ec4859b1b7960bf56896ae687646d695f311187 restart: always volumes: - ./data:/data