diff --git a/.github/actions/build-nextjs-website/action.yaml b/.github/actions/build-nextjs-website/action.yaml index 3f72e40e7..5d64618d2 100644 --- a/.github/actions/build-nextjs-website/action.yaml +++ b/.github/actions/build-nextjs-website/action.yaml @@ -54,7 +54,7 @@ runs: using: "composite" steps: - name: Download GitBook docs - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: repository: pagopa/devportal-docs ref: docs/from-gitbook diff --git a/.github/actions/deploy/action.yaml b/.github/actions/deploy/action.yaml index a8faf7817..efb45d916 100644 --- a/.github/actions/deploy/action.yaml +++ b/.github/actions/deploy/action.yaml @@ -74,7 +74,7 @@ runs: run: npm run compile - name: Download GitBook docs - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: repository: pagopa/devportal-docs ref: docs/from-gitbook diff --git a/.github/workflows/move_latest_tag.yaml b/.github/workflows/move_latest_tag.yaml index 7bee4f6f8..bbd22e8f9 100644 --- a/.github/workflows/move_latest_tag.yaml +++ b/.github/workflows/move_latest_tag.yaml @@ -12,7 +12,7 @@ jobs: if: ${{ startsWith(github.ref, 'refs/tags/') && !endsWith(github.ref, '@latest') }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Get commit hash associated with the new tag id: get-commit diff --git a/apps/chatbot/docker/app.Dockerfile b/apps/chatbot/docker/app.Dockerfile index 56bd38451..83017b82a 100644 --- a/apps/chatbot/docker/app.Dockerfile +++ b/apps/chatbot/docker/app.Dockerfile @@ -1,4 +1,4 @@ -FROM public.ecr.aws/lambda/python:3.12 +FROM public.ecr.aws/lambda/python:3.12@sha256:2951186769ff98c4f1acf3783d9432e40cb3b03c72aab239588b3544f647bb36 ARG DEBIAN_FRONTEND=noninteractive ENV PYTHONPATH=$LAMBDA_TASK_ROOT diff --git a/apps/chatbot/docker/app.local.Dockerfile b/apps/chatbot/docker/app.local.Dockerfile index 532ebf0b7..9000b9ede 100644 --- a/apps/chatbot/docker/app.local.Dockerfile +++ b/apps/chatbot/docker/app.local.Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.12.4-slim-bullseye +FROM python:3.12.4-slim-bullseye@sha256:26ce493641ad3b1c8a6202117c31340c7bbb2dc126f1aeee8ea3972730a81dc6 ARG DEBIAN_FRONTEND=noninteractive RUN apt-get update && \ diff --git a/apps/chatbot/docker/compose.yaml b/apps/chatbot/docker/compose.yaml index 349c71502..d71c5e036 100644 --- a/apps/chatbot/docker/compose.yaml +++ b/apps/chatbot/docker/compose.yaml @@ -18,7 +18,7 @@ services: - ntw dynamodb: - image: amazon/dynamodb-local:2.5.2 + image: amazon/dynamodb-local:2.5.2@sha256:d7ebddeb60fa418bcda218a6c6a402a58441b2a20d54c9cb1d85fd5194341753 environment: - AWS_ACCESS_KEY_ID=dummy - AWS_SECRET_ACCESS_KEY=dummy @@ -29,7 +29,7 @@ services: - ntw redis: - image: redis/redis-stack:7.2.0-v13 + image: redis/redis-stack:7.2.0-v13@sha256:2b000b938e407d14acafa9b7affd4c5a94ceeec572b25b15dcef0d3a6c064d7e ports: - "6379:6379" - "8001:8001" diff --git a/apps/chatbot/load-test/docker-compose.yml b/apps/chatbot/load-test/docker-compose.yml index a5625277b..99cdff973 100644 --- a/apps/chatbot/load-test/docker-compose.yml +++ b/apps/chatbot/load-test/docker-compose.yml @@ -1,6 +1,6 @@ services: master: - image: locustio/locust:2.32.1 + image: locustio/locust:2.32.1@sha256:d0bd7649b89fb2ee981e382d6e9ae2932d898110707943ecff0ef108569b6a5f ports: - "8089:8089" volumes: @@ -12,7 +12,7 @@ services: - "host.docker.internal:host-gateway" worker: - image: locustio/locust:2.32.1 + image: locustio/locust:2.32.1@sha256:d0bd7649b89fb2ee981e382d6e9ae2932d898110707943ecff0ef108569b6a5f volumes: - ./:/mnt/locust command: -f /mnt/locust/locustfile.py --worker --master-host master