Merge pull request #91 from redhat-cop/renovate/pin-dependencies

Pin dependencies
redhat-cop · Nov 17, 2023 · 2605b65 · 2605b65
2 parents 2613e14 + 525b550
commit 2605b65
Show file tree

Hide file tree

Showing 25 changed files with 43 additions and 43 deletions.
diff --git a/.github/workflows/confbatstest-build.yaml b/.github/workflows/confbatstest-build.yaml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: Get image tags
         id: image_tags
@@ -26,14 +26,14 @@ jobs:
           TAGS+=($(grep "LABEL version" confbatstest/Dockerfile_build | cut -d '"' -f 2))
           echo "${TAGS[*]}"
 
-      - uses: hadolint/[email protected]
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
         with:
           dockerfile: confbatstest/Dockerfile_build
           ignore: DL3041 # https://github.com/hadolint/hadolint/wiki/DL3041
 
       - name: Build image
         id: build_image
-        uses: redhat-actions/buildah-build@v2
+        uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:
           context: ${{ env.context }}
           dockerfiles: |
@@ -44,7 +44,7 @@ jobs:
 
       - name: Push to ghcr.io
         if: ${{ env.branch_name == 'master' }} # Stops push running when dependabot creates a PR, which fails due to token
-        uses: redhat-actions/push-to-registry@v2
+        uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}

diff --git a/.github/workflows/confbatstest.yaml b/.github/workflows/confbatstest.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: Switch the action to use the Dockerfile_build
         run: |

diff --git a/.github/workflows/disconnected-csv.yaml b/.github/workflows/disconnected-csv.yaml
@@ -17,9 +17,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
-      - uses: hadolint/[email protected]
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
         with:
           dockerfile: disconnected-csv/Dockerfile
           ignore: DL3013 # https://github.com/hadolint/hadolint/wiki/DL3013

diff --git a/.github/workflows/get-image-version.yaml b/.github/workflows/get-image-version.yaml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: get-image-version - tests
         id: get_image_version

diff --git a/.github/workflows/github-dispatches-build.yaml b/.github/workflows/github-dispatches-build.yaml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: Get image tags
         id: image_tags
@@ -26,13 +26,13 @@ jobs:
           TAGS+=($(grep "LABEL version" github-dispatches/Dockerfile_build | cut -d '"' -f 2))
           echo "${TAGS[*]}"
 
-      - uses: hadolint/[email protected]
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
         with:
           dockerfile: github-dispatches/Dockerfile_build
 
       - name: Build image
         id: build_image
-        uses: redhat-actions/buildah-build@v2
+        uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:
           context: ${{ env.context }}
           dockerfiles: |
@@ -43,7 +43,7 @@ jobs:
 
       - name: Push to ghcr.io
         if: ${{ env.branch_name == 'master' }} # Stops push running when dependabot creates a PR, which fails due to token
-        uses: redhat-actions/push-to-registry@v2
+        uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}

diff --git a/.github/workflows/github-dispatches.yaml b/.github/workflows/github-dispatches.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: Switch the action to use the Dockerfile_build
         run: |

diff --git a/.github/workflows/kyverno-cli-build.yaml b/.github/workflows/kyverno-cli-build.yaml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: Get image tags
         id: image_tags
@@ -26,14 +26,14 @@ jobs:
           TAGS+=($(grep "LABEL version" kyverno-cli/Dockerfile_build | cut -d '"' -f 2))
           echo "${TAGS[*]}"
 
-      - uses: hadolint/[email protected]
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
         with:
           dockerfile: kyverno-cli/Dockerfile_build
           ignore: DL3041 # https://github.com/hadolint/hadolint/wiki/DL3041
 
       - name: Build image
         id: build_image
-        uses: redhat-actions/buildah-build@v2
+        uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:
           context: ${{ env.context }}
           dockerfiles: |
@@ -44,7 +44,7 @@ jobs:
 
       - name: Push to ghcr.io
         if: ${{ env.branch_name == 'master' }} # Stops push running when dependabot creates a PR, which fails due to token
-        uses: redhat-actions/push-to-registry@v2
+        uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}

diff --git a/.github/workflows/kyverno-cli.yaml b/.github/workflows/kyverno-cli.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: Switch the action to use the Dockerfile_build
         run: |

diff --git a/.github/workflows/redhat-csp-download-build.yaml b/.github/workflows/redhat-csp-download-build.yaml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: Get image tags
         id: image_tags
@@ -26,13 +26,13 @@ jobs:
           TAGS+=($(grep "LABEL version" redhat-csp-download/Dockerfile_build | cut -d '"' -f 2))
           echo "${TAGS[*]}"
 
-      - uses: hadolint/[email protected]
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
         with:
           dockerfile: redhat-csp-download/Dockerfile_build
 
       - name: Build image
         id: build_image
-        uses: redhat-actions/buildah-build@v2
+        uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2
         with:
           context: ${{ env.context }}
           dockerfiles: |
@@ -43,7 +43,7 @@ jobs:
 
       - name: Push to ghcr.io
         if: ${{ env.branch_name == 'master' }} # Stops push running when dependabot creates a PR, which fails due to token
-        uses: redhat-actions/push-to-registry@v2
+        uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}

diff --git a/.github/workflows/redhat-csp-download.yaml b/.github/workflows/redhat-csp-download.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: Switch the action to use the Dockerfile_build
         run: |

diff --git a/.github/workflows/s2i.yaml b/.github/workflows/s2i.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: Clone example springboot code to build via s2i
         run: |

diff --git a/.github/workflows/set-helm-version.yaml b/.github/workflows/set-helm-version.yaml
@@ -17,9 +17,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
-      - uses: hadolint/[email protected]
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
         with:
           dockerfile: set-helm-version/Dockerfile
 

diff --git a/.github/workflows/ssh-agent.yaml b/.github/workflows/ssh-agent.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: ssh-agent
         uses: ./ssh-agent

diff --git a/chart-repo-pr-action/Dockerfile b/chart-repo-pr-action/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1@sha256:95413c8dacaac773421428947a431c1cb099d19b4b1125df77d5d1cd2f463ab8
 
 ## According to the GH Actions doc, the user must run as root
 ## https://docs.github.com/en/actions/creating-actions/dockerfile-support-for-github-actions#user

diff --git a/confbatstest/Dockerfile b/confbatstest/Dockerfile
@@ -1 +1 @@
-FROM ghcr.io/redhat-cop/github-actions/confbatstest:latest
+FROM ghcr.io/redhat-cop/github-actions/confbatstest:latest@sha256:d3c5704e19974b815ac8ad678512ecaf2aa9fb63cee5c3e7db04fe95c4a3a917
diff --git a/confbatstest/Dockerfile_build b/confbatstest/Dockerfile_build
@@ -1,5 +1,5 @@
 # Builder image for go
-FROM registry.access.redhat.com/ubi9/go-toolset:1.18 AS go-builder
+FROM registry.access.redhat.com/ubi9/go-toolset:1.18@sha256:ff992007f16f350a6a4fe4d32324e6a92651e963c769ff544ca57f6c5392d5e3 AS go-builder
 
 # go1.19 not released yet - so need to manaully upgrade
 USER root
@@ -13,7 +13,7 @@ RUN PATH="/usr/local/go/bin:$PATH" GOBIN=/tmp/go-bin go install github.com/plexs
     /tmp/go-bin/konstraint --help
 
 # Builder image
-FROM registry.access.redhat.com/ubi9/ubi:9.1 AS builder
+FROM registry.access.redhat.com/ubi9/ubi:9.1@sha256:49124e4acd09c98927882760476d617a85f155cb45759aea56b2ab020563c4b8 AS builder
 
 RUN export HELM_VERSION=3.11.1 && \
     curl -L -o /tmp/helm-v${HELM_VERSION}-linux-amd64.tar.gz https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz && \
@@ -47,7 +47,7 @@ RUN export KUBEVAL_VERSION=latest && \
     /tmp/kubeval --version
 
 # Runnable image
-FROM registry.access.redhat.com/ubi9/python-39:1
+FROM registry.access.redhat.com/ubi9/python-39:1@sha256:81a000d48bca6b09e09a7b834e0b7c8b6ffb1907b7867e76df9b044e02f9a2ac
 
 LABEL version="1.8.0"
 LABEL repository="http://github.com/redhat-cop/github-actions"

diff --git a/disconnected-csv/Dockerfile b/disconnected-csv/Dockerfile
@@ -1,4 +1,4 @@
-FROM quay.io/skopeo/stable:v1
+FROM quay.io/skopeo/stable:v1@sha256:baaaf8c5fdfa71a7c5ce67826998feccff5b90b1a749825f19789d1a473c3d8a
 
 LABEL version="1.0.0"
 LABEL repository="http://github.com/redhat-cop/github-actions"

diff --git a/github-dispatches/Dockerfile b/github-dispatches/Dockerfile
@@ -1 +1 @@
-FROM ghcr.io/redhat-cop/github-actions/github-dispatches:latest
+FROM ghcr.io/redhat-cop/github-actions/github-dispatches:latest@sha256:20eb7ebde992d39045e142d7087cd9b0d4723b469097d8f7bc9acc206c341163
diff --git a/github-dispatches/Dockerfile_build b/github-dispatches/Dockerfile_build
@@ -1,13 +1,13 @@
 # Builder image
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1 AS builder
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1@sha256:95413c8dacaac773421428947a431c1cb099d19b4b1125df77d5d1cd2f463ab8 AS builder
 
 RUN export JQ_VERSION=1.6 && \
     curl -L -o /tmp/jq-linux64 https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 && \
     chmod +x /tmp/jq-linux64 && \
     /tmp/jq-linux64 --version
 
 # Runnable image
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1@sha256:95413c8dacaac773421428947a431c1cb099d19b4b1125df77d5d1cd2f463ab8
 
 LABEL version="1.2.0"
 LABEL repository="http://github.com/redhat-cop/github-actions"

diff --git a/kyverno-cli/Dockerfile b/kyverno-cli/Dockerfile
@@ -1 +1 @@
-FROM ghcr.io/redhat-cop/github-actions/kyverno-cli:latest
+FROM ghcr.io/redhat-cop/github-actions/kyverno-cli:latest@sha256:728b2d5cc038401e24ea4437cbcefcda1fa8985a2c9b0e63b9c421b31f0ca6eb
diff --git a/kyverno-cli/Dockerfile_build b/kyverno-cli/Dockerfile_build
@@ -1,5 +1,5 @@
 # Builder image
-FROM registry.access.redhat.com/ubi9/ubi:9.1 AS builder
+FROM registry.access.redhat.com/ubi9/ubi:9.1@sha256:49124e4acd09c98927882760476d617a85f155cb45759aea56b2ab020563c4b8 AS builder
 
 RUN export HELM_VERSION=3.11.1 && \
     curl -L -o /tmp/helm-v${HELM_VERSION}-linux-amd64.tar.gz https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz && \
@@ -23,7 +23,7 @@ RUN export KYVERNO_VERSION=v1.9.0 && \
     /tmp/kyverno --help
 
 # Runnable image
-FROM registry.access.redhat.com/ubi9/python-39:1
+FROM registry.access.redhat.com/ubi9/python-39:1@sha256:81a000d48bca6b09e09a7b834e0b7c8b6ffb1907b7867e76df9b044e02f9a2ac
 
 LABEL version="1.1.0"
 LABEL repository="http://github.com/redhat-cop/github-actions"

diff --git a/redhat-csp-download/Dockerfile b/redhat-csp-download/Dockerfile
@@ -1 +1 @@
-FROM ghcr.io/redhat-cop/github-actions/redhat-csp-download:latest
+FROM ghcr.io/redhat-cop/github-actions/redhat-csp-download:latest@sha256:7c516dd0355e6484633029306d93d90a5176ea3cb01c8d8d671116ed636550ba
diff --git a/redhat-csp-download/Dockerfile_build b/redhat-csp-download/Dockerfile_build
@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/python-39:1
+FROM registry.access.redhat.com/ubi9/python-39:1@sha256:81a000d48bca6b09e09a7b834e0b7c8b6ffb1907b7867e76df9b044e02f9a2ac
 
 LABEL version="1.3.0"
 LABEL repository="http://github.com/redhat-cop/github-actions"

diff --git a/s2i/Dockerfile b/s2i/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.1@sha256:95413c8dacaac773421428947a431c1cb099d19b4b1125df77d5d1cd2f463ab8
 
 LABEL version="1.0.0"
 LABEL repository="http://github.com/redhat-cop/github-actions"

diff --git a/set-helm-version/Dockerfile b/set-helm-version/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/python-39:1
+FROM registry.access.redhat.com/ubi9/python-39:1@sha256:81a000d48bca6b09e09a7b834e0b7c8b6ffb1907b7867e76df9b044e02f9a2ac
 
 LABEL version="1.1.0"
 LABEL repository="http://github.com/redhat-cop/github-actions"