From 395fca6b32e127fdaa5e1ee1927b05691da7f4c3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 3 Jul 2026 16:24:08 +0000 Subject: [PATCH] Pin dependencies --- .github/workflows/docker-latest.yml | 4 ++-- .github/workflows/docker.yml | 16 ++++++++-------- .github/workflows/dockerlint.yml | 2 +- .github/workflows/json.yml | 4 ++-- .github/workflows/shellcheck.yml | 4 ++-- .github/workflows/spellcheck.yml | 2 +- Dockerfile | 4 ++-- 7 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/docker-latest.yml b/.github/workflows/docker-latest.yml index 2dbd0eb..726c94a 100644 --- a/.github/workflows/docker-latest.yml +++ b/.github/workflows/docker-latest.yml @@ -7,7 +7,7 @@ jobs: steps: - name: Login to DockerHub if: github.event_name != 'pull_request' - uses: docker/login-action@v4.4.0 + uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -15,7 +15,7 @@ jobs: id: un run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Login to GitHub Container Registry - uses: docker/login-action@v4.4.0 + uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0 with: registry: ghcr.io username: ${{ steps.un.outputs.un }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e74362a..7a0b5f5 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -21,18 +21,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v7.0.0 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up QEMU - uses: docker/setup-qemu-action@v4.2.0 + uses: docker/setup-qemu-action@96fe6ef7f33517b61c61be40b68a1882f3264fb8 # v4.2.0 with: platforms: arm64 #all - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4.2.0 + uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0 with: driver-opts: env.BUILDKIT_STEP_LOG_MAX_SIZE=-1 - name: Login to DockerHub if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@v4.4.0 + uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -40,13 +40,13 @@ jobs: id: un run: echo "un=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Login to GitHub Container Registry - uses: docker/login-action@v4.4.0 + uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0 with: registry: ghcr.io username: ${{ steps.un.outputs.un }} password: ${{ github.token }} - name: Build - uses: docker/build-push-action@v7.3.0 + uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0 if: ${{ github.event_name != 'pull_request' }} with: context: . @@ -61,7 +61,7 @@ jobs: id: pr run: echo "pr=$(echo pr-${{ github.ref_name }} | sed "s|refs/pull/:||g" | sed "s|/merge||g")" >> $GITHUB_OUTPUT - name: Build (PR) - uses: docker/build-push-action@v7.3.0 + uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0 if: ${{ github.event_name == 'pull_request' }} with: context: . @@ -70,7 +70,7 @@ jobs: push: ${{ github.event_name == 'pull_request' }} tags: ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }} - name: add comment (PR) - uses: mshick/add-pr-comment@v3.12.0 + uses: mshick/add-pr-comment@ec328af66588ab8f77cdeb2c264f14aba45bbf59 # v3.12.0 if: ${{ github.event_name == 'pull_request' }} with: message: "The Docker Image can now be found here: `ghcr.io/${{ steps.un.outputs.un }}/${{ github.event.repository.name }}:${{ steps.pr.outputs.pr }}`" diff --git a/.github/workflows/dockerlint.yml b/.github/workflows/dockerlint.yml index 2e6971e..9b5ac4a 100644 --- a/.github/workflows/dockerlint.yml +++ b/.github/workflows/dockerlint.yml @@ -9,7 +9,7 @@ jobs: name: docker-lint steps: - name: Checkout - uses: actions/checkout@v7.0.0 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install hadolint run: | sudo wget https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 -O /usr/bin/hadolint diff --git a/.github/workflows/json.yml b/.github/workflows/json.yml index 09990b3..4b499de 100644 --- a/.github/workflows/json.yml +++ b/.github/workflows/json.yml @@ -7,8 +7,8 @@ jobs: test-json: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7.0.0 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: json-syntax-check - uses: limitusus/json-syntax-check@v2.0.3 + uses: limitusus/json-syntax-check@6e25e4304c75d72195ad8c6fca739cb2e99c3fb1 # v2.0.3 with: pattern: "\\.json" diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 12b88fb..d4d5858 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -8,9 +8,9 @@ jobs: name: Check Shell runs-on: ubuntu-latest steps: - - uses: actions/checkout@v7.0.0 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Run Shellcheck - uses: ludeeus/action-shellcheck@master + uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master with: check_together: 'yes' env: diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml index f0b0d79..fb2d5fa 100644 --- a/.github/workflows/spellcheck.yml +++ b/.github/workflows/spellcheck.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code. - uses: actions/checkout@v7.0.0 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Check spelling uses: codespell-project/actions-codespell@v2 with: diff --git a/Dockerfile b/Dockerfile index 73b4e6f..549d918 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -# syntax=docker/dockerfile:labs -FROM haproxy:3.4.0-alpine3.23 +# syntax=docker/dockerfile:labs@sha256:7d49dad25a050e14338ba7028b0460243f9d911dedc160a8fe20c34738fef3af +FROM haproxy:3.4.0-alpine3.23@sha256:5614ec450485ce1f9f8c25d231cf7fbab9326302a395f2355e05cbbc2dd7468b USER root RUN apk upgrade --no-cache -a && \ apk add --no-cache ca-certificates tzdata tini openssl shadow su-exec curl && \