Pin versions

soulgalore · soulgalore · commit b07c2cff463c · 2026-03-28T09:25:15.000+01:00
diff --git a/.github/workflows/building-docker-release.yml b/.github/workflows/building-docker-release.yml
@@ -9,28 +9,28 @@ jobs:
     steps:
       -
           name: Checkout
-          uses: actions/checkout@v4
+          uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       -
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
       -
         name: Login to DockerHub
-        uses: docker/login-action@v3
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Get the tag
         id: tag
-        uses: dawidd6/action-get-tag@v1
+        uses: dawidd6/action-get-tag@727a6f0a561be04e09013531e73a3983a65e3479 # v1
         with:
           strip_v: true
       -
         name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
         with:
           context: .
           platforms: linux/amd64,linux/arm64
diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml
@@ -11,15 +11,15 @@ jobs:
     if: ${{ !contains(github.event.head_commit.message, 'docs:') }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
-      
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+
       - name: Build an image from Dockerfile
         run: |
           docker buildx install
           docker buildx build --load --platform linux/amd64 -t docker.io/sitespeedio/browsers:${{ github.sha }} .
-      
+
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # master
         with:
           image-ref: 'docker.io/sitespeedio/browsers:${{ github.sha }}'
           format: 'table'
