diff --git a/.github/workflows/anchore.yml b/.github/workflows/anchore.yml index 802f626..a54fef9 100644 --- a/.github/workflows/anchore.yml +++ b/.github/workflows/anchore.yml @@ -35,20 +35,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Build the Docker image run: docker build . --file ${{ env.DOCKERFILE }} --tag localbuild/testimage:latest - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled - uses: anchore/scan-action@v3 + uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3 with: image: "localbuild/testimage:latest" acs-report-enable: true fail-build: true severity-cutoff: "high" - name: Upload Anchore Scan Report - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@4d85deb8548d03be541760228f3fe9e6a4d5d27d # v2 if: always() with: sarif_file: results.sarif diff --git a/.github/workflows/assignee.yml b/.github/workflows/assignee.yml index 0611917..cf22668 100644 --- a/.github/workflows/assignee.yml +++ b/.github/workflows/assignee.yml @@ -21,6 +21,6 @@ jobs: steps: - name: Assign Me # You may pin to the exact commit or the version. - uses: kentaro-m/auto-assign-action@v1.2.1 + uses: kentaro-m/auto-assign-action@746a3a558fdd0e061f612ec9f8ff1b8a19c1a115 # v1.2.1 with: configuration-path: '.github/auto_assign.yml' diff --git a/.github/workflows/check_metadata_pr.yml b/.github/workflows/check_metadata_pr.yml index c687c53..5130b4a 100644 --- a/.github/workflows/check_metadata_pr.yml +++ b/.github/workflows/check_metadata_pr.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Verify PR Labels - uses: jesusvasquez333/verify-pr-label-action@v1.4.0 + uses: jesusvasquez333/verify-pr-label-action@657d111bbbe13e22bbd55870f1813c699bde1401 # v1.4.0 with: github-token: '${{ secrets.GITHUB_TOKEN }}' valid-labels: 'bug, enhancement, breaking-change, ignore-for-release' @@ -29,7 +29,7 @@ jobs: - name: Label Check if: ${{ !contains(github.event.pull_request.labels.*.name, 'breaking-change') && !contains(github.event.pull_request.labels.*.name, 'enhancement') && !contains(github.event.pull_request.labels.*.name, 'bug') && !contains(github.event.pull_request.labels.*.name, 'ignore-for-release') }} - uses: actions/github-script@v3 + uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 # v3 with: script: | core.setFailed('Missing required labels') diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4f4091b..7fe85df 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -48,7 +48,7 @@ jobs: if: ${{ contains(github.event.pull_request.labels.*.name, 'ignore-for-release') }} - name: Azure Pipelines Action - Jversion - uses: jacopocarlini/azure-pipelines@v1.3 + uses: jacopocarlini/azure-pipelines@b9721743a54e862597395b4a70727cfdc03028fb # v1.3 with: azure-devops-project-url: https://dev.azure.com/pagopaspa/pagoPA-projects azure-pipeline-name: 'pagopa-function-template.deploy' diff --git a/.github/workflows/sonar_analysis.yml b/.github/workflows/sonar_analysis.yml index 8003cbf..6cc85f6 100644 --- a/.github/workflows/sonar_analysis.yml +++ b/.github/workflows/sonar_analysis.yml @@ -19,7 +19,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - name: Azure Pipelines Action - Jversion - uses: jacopocarlini/azure-pipelines@v1.3 + uses: jacopocarlini/azure-pipelines@b9721743a54e862597395b4a70727cfdc03028fb # v1.3 with: azure-devops-project-url: https://dev.azure.com/pagopaspa/pagoPA-projects azure-pipeline-name: 'pagopa-function-templat.code-review' diff --git a/Dockerfile b/Dockerfile index 0f0a3de..eb2847d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM php:8.2-fpm +FROM php:8.2-fpm@sha256:44323764bd7ff0a64acf1e8d162315b5188e7917959eec1b8d5d7c726fad1558 RUN apt -y update -y && apt -y upgrade && apt -y install git libpq-dev libzip-dev zip libmemcached-dev && docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql && docker-php-ext-install pdo pdo_pgsql pgsql && docker-php-ext-install zip