From d8042593f119050e3cfc10a2e239e1ed5b950757 Mon Sep 17 00:00:00 2001 From: ybelMekk Date: Tue, 30 May 2023 23:12:05 +0200 Subject: [PATCH] feat(action): pin actions used * update cosign * add dependabot.yml --- .github/dependabot.yml | 7 +++++++ action.yml | 11 +++-------- 2 files changed, 10 insertions(+), 8 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..0a24199 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 diff --git a/action.yml b/action.yml index beefa35..2f0aacb 100644 --- a/action.yml +++ b/action.yml @@ -3,33 +3,28 @@ description: 'Generate SBOM, attest and sign docker image' branding: icon: 'lock' color: 'green' - inputs: image_ref: description: 'image ref, i.e. "europe-north1-docker.pkg.dev/nais-io/nais/images/canary-deployer@sha256:eac1f85bee008dfe4ca0eadd1f32256946a171b445d129dba8f00cc67d43582b"' required: true - sbom: description: 'existing SBOM in cyclonedx format' default: 'auto-generate-for-me-please.json' - runs: using: 'composite' steps: - name: 'Install cosign' - uses: 'sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65' # ratchet:sigstore/cosign-installer@main + uses: 'sigstore/cosign-installer@dd6b2e2b610a11fd73dd187a43d57cc1394e35f9' # ratchet:sigstore/cosign-installer@v3.0.5 with: - cosign-release: 'v2.0.0' - + cosign-release: 'v2.0.2' - name: 'Generate SBOM' if: inputs.sbom == 'auto-generate-for-me-please.json' - uses: 'aquasecurity/trivy-action@8bd2f9fbda2109502356ff8a6a89da55b1ead252' # ratchet:aquasecurity/trivy-action@master + uses: 'aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2' # ratchet:aquasecurity/trivy-action@0.10.0 with: scan-type: 'image' format: 'cyclonedx' output: 'auto-generate-for-me-please.json' image-ref: "${{ inputs.image_ref }}" - - name: 'Sign and attest image' shell: 'bash' run: |