Pin dependencies

pagopa · Jun 3, 2024 · 1b49f29 · 1b49f29
1 parent 9a19fba
commit 1b49f29
Show file tree

Hide file tree

Showing 8 changed files with 13 additions and 13 deletions.
diff --git a/.github/workflows/anchore.yml b/.github/workflows/anchore.yml
@@ -35,20 +35,20 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Build the Docker image
         run: docker build . --file ${{ env.DOCKERFILE }} --tag localbuild/testimage:latest
 
       - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3
         with:
           image: "localbuild/testimage:latest"
           acs-report-enable: true
           fail-build: true
           severity-cutoff: "high"
       - name: Upload Anchore Scan Report
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@366cd9811409649a3e1276ce7f1a1c9023832b56 # v2
         if: always()
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/assignee.yml b/.github/workflows/assignee.yml
@@ -21,6 +21,6 @@ jobs:
     steps:
       - name: Assign Me
         # You may pin to the exact commit or the version.
-        uses: kentaro-m/auto-assign-action@v1.2.1
+        uses: kentaro-m/auto-assign-action@746a3a558fdd0e061f612ec9f8ff1b8a19c1a115 # v1.2.1
         with:
           configuration-path: '.github/auto_assign.yml'
diff --git a/.github/workflows/check_metadata_pr.yml b/.github/workflows/check_metadata_pr.yml
@@ -21,15 +21,15 @@ jobs:
     steps:
 
       - name: Verify PR Labels
-        uses: jesusvasquez333/verify-pr-label-action@v1.4.0
+        uses: jesusvasquez333/verify-pr-label-action@657d111bbbe13e22bbd55870f1813c699bde1401 # v1.4.0
         with:
           github-token: '${{ secrets.GITHUB_TOKEN }}'
           valid-labels: 'bug, enhancement, breaking-change, ignore-for-release'
           pull-request-number: '${{ github.event.pull_request.number }}'
 
       - name: Label Check
         if: ${{ !contains(github.event.pull_request.labels.*.name, 'breaking-change') && !contains(github.event.pull_request.labels.*.name, 'enhancement') && !contains(github.event.pull_request.labels.*.name, 'bug') && !contains(github.event.pull_request.labels.*.name, 'ignore-for-release') }}
-        uses: actions/github-script@v3
+        uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 # v3
         with:
           script: |
             core.setFailed('Missing required labels')
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -48,7 +48,7 @@ jobs:
         if: ${{ contains(github.event.pull_request.labels.*.name, 'ignore-for-release') }}
 
       - name: Azure Pipelines Action - Jversion
-        uses: jacopocarlini/azure-pipelines@v1.3
+        uses: jacopocarlini/azure-pipelines@b9721743a54e862597395b4a70727cfdc03028fb # v1.3
         with:
           azure-devops-project-url: https://dev.azure.com/pagopaspa/pagoPA-projects
           azure-pipeline-name: 'projectName.deploy' # TODO: set the name

diff --git a/.github/workflows/sonar_analysis.yml b/.github/workflows/sonar_analysis.yml
@@ -19,7 +19,7 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       - name: Azure Pipelines Action - Jversion
-        uses: jacopocarlini/azure-pipelines@v1.3
+        uses: jacopocarlini/azure-pipelines@b9721743a54e862597395b4a70727cfdc03028fb # v1.3
         with:
           azure-devops-project-url: https://dev.azure.com/pagopaspa/pagoPA-projects
           azure-pipeline-name: 'projectName.code-review' # TODO: set the name

diff --git a/.github/workflows/update_infra.yml b/.github/workflows/update_infra.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
 
       # prepare openapi template for infra repo
       - run: |

diff --git a/Dockerfile b/Dockerfile
@@ -1,13 +1,13 @@
 #
 # Build
 #
-FROM maven:3.8.4-jdk-11-slim as buildtime
+FROM maven:3.8.4-jdk-11-slim@sha256:04f8e5ba4a6a74fb7f97940bc75ac7340520728d2fb051ecc5c9ecbb9ba28b48 as buildtime
 WORKDIR /build
 COPY . .
 RUN mvn clean package
 
 
-FROM adoptopenjdk/openjdk11:alpine-jre as builder
+FROM adoptopenjdk/openjdk11:alpine-jre@sha256:3ebdedeceb203a8a2523b1653a9ab218431294043735a5cbc1305045395af0c2 as builder
 COPY --from=buildtime /build/target/*.jar application.jar
 RUN java -Djarmode=layertools -jar application.jar extract
 

diff --git a/performance-test/docker-compose.yaml b/performance-test/docker-compose.yaml
@@ -1,7 +1,7 @@
 version: '3.3'
 services:
   k6:
-    image: grafana/k6
+    image: grafana/k6@sha256:278d78f2953041b6b4b0bd315e8605ed43222245771adc405f3252f3edea0eef
     container_name: k6
     volumes:
       - '${PWD}/src:/scripts'
@@ -26,7 +26,7 @@ services:
       - nginx
 
   nginx:
-    image: nginx
+    image: nginx@sha256:0f04e4f646a3f14bf31d8bc8d885b6c951fdcf42589d06845f64d18aec6a3c4d
     container_name: nginx
     volumes:
       - '${PWD}/nginx/nginx.conf:/etc/nginx/nginx.conf'