Merge remote-tracking branch 'origin/dev'

2025-12-18 05:04:37 +03:00 · 2024-10-05 23:49:10 +10:00
parent af8fac2968 117c6b3844
commit 46e11b98a6
3 changed files with 24 additions and 24 deletions
--- a/.github/workflows/docker-buildx-dev.yml
+++ b/.github/workflows/docker-buildx-dev.yml
@@ -15,18 +15,18 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          ref: ${{ github.ref }}
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
        with:
          platforms: all
      -
        name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
        with:
          version: latest
      -
@@ -34,13 +34,13 @@ jobs:
        run: echo ${{ steps.buildx.outputs.platforms }}
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push multi-arch dev
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
        with:
          context: .
          file: ./Dockerfile
--- a/.github/workflows/docker-buildx-latest.yml
+++ b/.github/workflows/docker-buildx-latest.yml
@@ -15,18 +15,18 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          ref: ${{ github.ref }}
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
        with:
          platforms: all
      -
        name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
        with:
          version: latest
      -
@@ -34,13 +34,13 @@ jobs:
        run: echo ${{ steps.buildx.outputs.platforms }}
      -
        name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
            username: ${{ secrets.DOCKERHUB_USERNAME }}
            password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push multi-arch latest
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
        with:
            context: .
            file: ./Dockerfile
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@@ -13,18 +13,18 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          ref: ${{ github.ref }}
      -
        name: Run Trivy fs vulnerability scanner in fs mode
-        uses: aquasecurity/trivy-action@0.20.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
        with:
          scan-type: 'fs'
          ignore-unfixed: true
          format: 'sarif'
          output: 'trivy-results.sarif'
-          #severity: 'CRITICAL'
+          severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
      -
        name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v3