diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0225eda..76e8792 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -17,19 +17,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version-file: 'go.mod' - name: Install Syft - run: | - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin + uses: anchore/sbom-action/download-syft@ab5d7b5f48981941c4c5d6bf33aeb98fe3bae38c # v0.15.10 - name: Run GoReleaser id: run-goreleaser - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 + uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 with: version: latest args: release --clean @@ -43,6 +42,6 @@ jobs: id-token: write # To sign. contents: write # To upload release assets. actions: read # To read workflow path. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@c747fe7769adf3656dc7d588b161cb614d7abfee # v1.10.0 with: go-version-file: 'go.mod' diff --git a/Dockerfile b/Dockerfile index dedaf46..ac488f4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.22.1 AS builder +FROM golang:1.22.2@sha256:c4fb952e712efd8f787bcd8e53fd66d1d83b7dc26adabc218e9eac1dbf776bdf AS builder WORKDIR /go/src COPY go.mod go.sum ./ diff --git a/go.mod b/go.mod index fd06190..5db65f3 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/ctfer-io/ctfd-setup -go 1.22.1 +go 1.22.2 require ( github.com/ctfer-io/go-ctfd v0.4.0