diff --git a/.github/workflows/test-action-on-pr-and-schedule.yml b/.github/workflows/test-action-on-pr-and-schedule.yml index 4c85e33..e3ac953 100644 --- a/.github/workflows/test-action-on-pr-and-schedule.yml +++ b/.github/workflows/test-action-on-pr-and-schedule.yml @@ -32,7 +32,7 @@ jobs: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4 - name: run ghcr.io diff --git a/Dockerfile b/Dockerfile index 650f957..8ffc7b5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # This file is used by CI pipeline when testing this action -FROM alpine:latest +FROM alpine:latest@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b RUN apk update \ && apk -a info curl \ diff --git a/action.yml b/action.yml index c5dd101..6e2064c 100644 --- a/action.yml +++ b/action.yml @@ -116,7 +116,7 @@ runs: - name: AWS Authentication - IAM Keys if: contains(inputs.registry, '.dkr.ecr.') && inputs.aws_access_key_id != '' && inputs.aws_secret_access_key != '' - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4 with: aws-access-key-id: ${{ inputs.aws_access_key_id }} aws-secret-access-key: ${{ inputs.aws_secret_access_key }} @@ -124,7 +124,7 @@ runs: - name: AWS Authentication - AWS IAM Role via OIDC if: contains(inputs.registry, '.dkr.ecr.') && inputs.aws_role_to_assume != '' - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4 with: role-to-assume: ${{ inputs.aws_role_to_assume }} aws-region: ${{ inputs.aws_default_region }} @@ -151,7 +151,7 @@ runs: esac - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4 with: ref: '' path: ${{ inputs.target_directory }}