@@ -93,27 +93,27 @@ jobs:
9393
9494 runs-on : ubuntu-latest
9595 steps :
96- - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
96+ - uses : actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
9797
9898 - name : Set up QEMU (arm64 support)
99- uses : docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4
99+ uses : docker/setup-qemu-action@96fe6ef7f33517b61c61be40b68a1882f3264fb8 # v4
100100 with :
101101 platforms : arm64
102102
103103 - name : Set up Buildx
104- uses : docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
104+ uses : docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4
105105
106106 - name : Log in to GHCR
107107 if : github.event_name != 'pull_request'
108- uses : docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
108+ uses : docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
109109 with :
110110 registry : ${{ env.REGISTRY }}
111111 username : ${{ github.actor }}
112112 password : ${{ secrets.GITHUB_TOKEN }}
113113
114114 - name : Extract metadata
115115 id : meta
116- uses : docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6
116+ uses : docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6
117117 with :
118118 images : ${{ env.REGISTRY }}/${{ env.IMAGE_REPOSITORY }}
119119 tags : |
@@ -128,7 +128,7 @@ jobs:
128128
129129 - name : Build and push
130130 id : build
131- uses : docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7
131+ uses : docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7
132132 with :
133133 context : ${{ inputs.context != '' && inputs.context || format('images/{0}', inputs.image-name)}}
134134 file : ${{ format('{0}/{1}', inputs.context != '' && inputs.context || format('images/{0}', inputs.image-name), inputs.dockerfile) }}
@@ -164,15 +164,15 @@ jobs:
164164
165165 - name : Upload Trivy results to Security tab
166166 if : always() && github.event_name != 'pull_request'
167- uses : github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
167+ uses : github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4
168168 with :
169169 sarif_file : trivy-results.sarif
170170 category : trivy-${{ inputs.image-name }}
171171
172172
173173 - name : Log podman into GHCR
174174 if : inputs.data-boundary && github.event_name != 'pull_request'
175- uses : redhat-actions/podman-login@v1
175+ uses : redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
176176 with :
177177 registry : ${{ inputs.registry }}
178178 username : ${{ github.actor }}
@@ -211,7 +211,7 @@ jobs:
211211
212212 - name : Upload STIG report
213213 if : always() && inputs.data-boundary && github.event_name != 'pull_request'
214- uses : actions/upload-artifact@v7
214+ uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
215215 with :
216216 name : stig-${{ inputs.image-name }}
217217 path : |
0 commit comments