diff --git a/.github/actions/build-nextjs-website/action.yaml b/.github/actions/build-nextjs-website/action.yaml index 3f72e40e7..655233b5e 100644 --- a/.github/actions/build-nextjs-website/action.yaml +++ b/.github/actions/build-nextjs-website/action.yaml @@ -54,7 +54,7 @@ runs: using: "composite" steps: - name: Download GitBook docs - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: repository: pagopa/devportal-docs ref: docs/from-gitbook diff --git a/.github/actions/deploy/action.yaml b/.github/actions/deploy/action.yaml index a8faf7817..65830de87 100644 --- a/.github/actions/deploy/action.yaml +++ b/.github/actions/deploy/action.yaml @@ -74,7 +74,7 @@ runs: run: npm run compile - name: Download GitBook docs - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: repository: pagopa/devportal-docs ref: docs/from-gitbook diff --git a/.github/workflows/move_latest_tag.yaml b/.github/workflows/move_latest_tag.yaml index 67c4d472c..d8f9d3724 100644 --- a/.github/workflows/move_latest_tag.yaml +++ b/.github/workflows/move_latest_tag.yaml @@ -11,7 +11,7 @@ jobs: if: ${{ startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '@latest') }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Get commit hash associated with the new tag id: get-commit diff --git a/apps/chatbot/docker/app.Dockerfile b/apps/chatbot/docker/app.Dockerfile index 4e2aae36b..ee7f7d3f8 100644 --- a/apps/chatbot/docker/app.Dockerfile +++ b/apps/chatbot/docker/app.Dockerfile @@ -1,4 +1,4 @@ -FROM public.ecr.aws/lambda/python:3.12 +FROM public.ecr.aws/lambda/python:3.12@sha256:0a3d34a8310dc339ea7afeb64725df5685da2e6f335dc9287cbc0cddc4a159f2 ARG DEBIAN_FRONTEND=noninteractive ENV PYTHONPATH=$LAMBDA_TASK_ROOT diff --git a/apps/chatbot/docker/app.local.Dockerfile b/apps/chatbot/docker/app.local.Dockerfile index 21bcd8be8..bfe49f911 100644 --- a/apps/chatbot/docker/app.local.Dockerfile +++ b/apps/chatbot/docker/app.local.Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.12.4-slim-bullseye +FROM python:3.12.4-slim-bullseye@sha256:26ce493641ad3b1c8a6202117c31340c7bbb2dc126f1aeee8ea3972730a81dc6 ARG DEBIAN_FRONTEND=noninteractive ENV PYTHONPATH=/app