From e2d3e65a591e2fdc7def92ae7b83978ea3b2d651 Mon Sep 17 00:00:00 2001 From: Ronni Skansing Date: Thu, 4 Jun 2026 10:46:44 +0200 Subject: [PATCH] pin it Signed-off-by: Ronni Skansing --- .github/workflows/release.yml | 12 ++++++------ .github/workflows/test-build.yml | 12 ++++++------ backend/Dockerfile | 2 +- frontend/package-lock.json | 24 ++++++++++++------------ frontend/package.json | 24 ++++++++++++------------ 5 files changed, 37 insertions(+), 37 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 73393f0..31e1b5f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,20 +13,20 @@ jobs: packages: write steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 - name: Set up QEMU - uses: docker/setup-qemu-action@v4 + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0 with: platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Log in to GitHub Container Registry - uses: docker/login-action@v4 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -55,7 +55,7 @@ jobs: cp -r frontend/build/* backend/frontend/build/ - name: Cache Go build cache - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /tmp/go-build-cache key: go-build-${{ runner.os }}-${{ hashFiles('backend/go.sum') }} @@ -140,7 +140,7 @@ jobs: phishingclub.sig - name: Build and push multi-arch Docker image - uses: docker/build-push-action@v7 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: . file: ./Dockerfile.release diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml index 93a599e..f3aba09 100644 --- a/.github/workflows/test-build.yml +++ b/.github/workflows/test-build.yml @@ -12,20 +12,20 @@ jobs: packages: write steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 - name: Set up QEMU - uses: docker/setup-qemu-action@v4 + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0 with: platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Log in to GitHub Container Registry - uses: docker/login-action@v4 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -53,7 +53,7 @@ jobs: cp -r frontend/build/* backend/frontend/build/ - name: Cache Go build cache - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /tmp/go-build-cache key: go-build-${{ runner.os }}-${{ hashFiles('backend/go.sum') }} @@ -217,7 +217,7 @@ jobs: tar -tzf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_arm64.tar.gz - name: Upload build artifacts (for review) - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: phishingclub-test-build-${{ steps.get_version.outputs.HASH }} path: | diff --git a/backend/Dockerfile b/backend/Dockerfile index 32da2c0..4d5eaa4 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -1,5 +1,5 @@ # development docker file -FROM golang:1.25.10 +FROM golang:1.25.10@sha256:c138bff780910acf4254ab3a6f7ff0f64bbd841f27bd82bfa986fe122c109538 EXPOSE 8000 8001 diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 7edd8db..1929ff5 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -7,18 +7,18 @@ "": { "name": "platform", "dependencies": { - "brace-expansion": "^4.0.1", - "cross-spawn": "^7.0.6", - "d3": "^7.9.0", + "brace-expansion": "4.0.1", + "cross-spawn": "7.0.6", + "d3": "7.9.0", "date-fns": "4.1.0", - "devalue": "^5.3.2", - "license-checker": "^25.0.1", - "monaco-editor": "^0.53.0", - "monaco-vim": "^0.4.2", - "nanoid": "^5.1.5", - "npm-check-updates": "^17.1.3", - "papaparse": "^5.5.3", - "svelte": "^4.2.19", + "devalue": "5.3.2", + "license-checker": "25.0.1", + "monaco-editor": "0.53.0", + "monaco-vim": "0.4.2", + "nanoid": "5.1.5", + "npm-check-updates": "17.1.3", + "papaparse": "5.5.3", + "svelte": "4.2.19", "tailwindcss": "3.4.13" }, "devDependencies": { @@ -29,7 +29,7 @@ "autoprefixer": "10.4.20", "nodemon": "3.1.7", "prettier": "3.3.3", - "prettier-plugin-svelte": "^3.4.0", + "prettier-plugin-svelte": "3.4.0", "vite": "5.4.8" } }, diff --git a/frontend/package.json b/frontend/package.json index 92dd15b..6de6b17 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -21,25 +21,25 @@ "@sveltejs/kit": "2.6.1", "@vitejs/plugin-basic-ssl": "1.1.0", "autoprefixer": "10.4.20", - "license-checker": "^25.0.1", + "license-checker": "25.0.1", "nodemon": "3.1.7", - "npm-check-updates": "^17.1.3", + "npm-check-updates": "17.1.3", "prettier": "3.3.3", - "prettier-plugin-svelte": "^3.4.0", + "prettier-plugin-svelte": "3.4.0", "vite": "5.4.8" }, "type": "module", "dependencies": { - "brace-expansion": "^4.0.1", - "cross-spawn": "^7.0.6", - "d3": "^7.9.0", + "brace-expansion": "4.0.1", + "cross-spawn": "7.0.6", + "d3": "7.9.0", "date-fns": "4.1.0", - "devalue": "^5.3.2", - "monaco-editor": "^0.53.0", - "monaco-vim": "^0.4.2", - "nanoid": "^5.1.5", - "papaparse": "^5.5.3", - "svelte": "^4.2.19", + "devalue": "5.3.2", + "monaco-editor": "0.53.0", + "monaco-vim": "0.4.2", + "nanoid": "5.1.5", + "papaparse": "5.5.3", + "svelte": "4.2.19", "tailwindcss": "3.4.13" } }