diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index da3ad72..90604f1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,22 +13,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Compute docker tags id: docker_meta - uses: crazy-max/ghaction-docker-meta@v5 + uses: crazy-max/ghaction-docker-meta@369eb591f429131d6889c46b94e711f089e6ca96 # v5 with: images: orangecloudfoundry/create-bosh-release-action - name: Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Publish to DockerHub - uses: docker/build-push-action@v6 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6 with: push: true tags: ${{ steps.docker_meta.outputs.tags }} diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index 505a838..636583c 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -12,13 +12,13 @@ jobs: steps: - name: Checkout repository id: checkout_repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 path: ./create-bosh-release-action - name: Checkout repository test repo id: checkout_test_repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: repository: 'orange-cloudfoundry/create-bosh-release-action-test-boshrelease' fetch-depth: 0 diff --git a/Dockerfile b/Dockerfile index 28d592f..c126529 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:alpine +FROM ruby:alpine@sha256:e5c30595c6a322bc3fbaacd5e35d698a6b9e6d1079ab0af09ffe52f5816aec3b RUN apk add git curl jq bash