File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ version : 2
2+ updates :
3+ - package-ecosystem : github-actions
4+ directory : /
5+ schedule :
6+ interval : weekly
7+ groups :
8+ dev-dependencies :
9+ applies-to : version-updates
10+ patterns :
11+ - ' *'
12+ dependency-type : development
13+ production-dependencies :
14+ applies-to : version-updates
15+ patterns :
16+ - ' *'
17+ dependency-type : production
18+ cooldown :
19+ default-days : 7
20+ include :
21+ - ' *'
22+ exclude :
23+ - react
Original file line number Diff line number Diff line change 77 branches : [ master ]
88 workflow_dispatch : {}
99
10+ permissions :
11+ contents : read
12+
1013jobs :
1114 build :
1215 runs-on : ubuntu-latest
@@ -17,27 +20,32 @@ jobs:
1720 IMAGE_NAME : ghcr.io/${{ github.repository }}
1821 PUBLISH : ${{ github.ref == 'refs/heads/master' }}
1922 steps :
20- - uses : actions/checkout@v2
21- - uses : docker/setup-buildx-action@v2
23+ - name : Harden the runner (Audit all outbound calls)
24+ uses : step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
25+ with :
26+ egress-policy : audit
27+
28+ - uses : actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
29+ - uses : docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0
2230 id : buildx
2331 with :
2432 install : true
2533 version : latest
26- - uses : docker/login-action@v2
34+ - uses : docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
2735 if : ${{ env.PUBLISH }}
2836 with :
2937 registry : ghcr.io
3038 username : ${{ github.actor }}
3139 password : ${{ secrets.GITHUB_TOKEN }}
3240 - id : meta
33- uses : docker/metadata-action@v4
41+ uses : docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0
3442 with :
3543 images : ${{ env.IMAGE_NAME }}
3644 tags : |
3745 type=sha
3846 type=edge
3947 type=raw,value=latest,enable={{is_default_branch}}
40- - uses : docker/build-push-action@v3
48+ - uses : docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3.3.1
4149 id : build
4250 with :
4351 file : Dockerfile
Original file line number Diff line number Diff line change 1+ repos :
2+ - repo : https://github.com/gitleaks/gitleaks
3+ rev : v8.16.3
4+ hooks :
5+ - id : gitleaks
6+ - repo : https://github.com/jumanjihouse/pre-commit-hooks
7+ rev : 3.0.0
8+ hooks :
9+ - id : shellcheck
10+ - repo : https://github.com/pre-commit/mirrors-eslint
11+ rev : v8.38.0
12+ hooks :
13+ - id : eslint
14+ - repo : https://github.com/pre-commit/pre-commit-hooks
15+ rev : v4.4.0
16+ hooks :
17+ - id : end-of-file-fixer
Original file line number Diff line number Diff line change 11# https://hub.docker.com/_/microsoft-dotnet
2- FROM mcr.microsoft.com/dotnet/sdk:7.0 AS build
2+ FROM mcr.microsoft.com/dotnet/sdk:7.0@sha256:d32bd65cf5843f413e81f5d917057c82da99737cb1637e905a1a4bc2e7ec6c8d AS build
33WORKDIR ./sources
44
55# copy everything else and build app
@@ -8,7 +8,7 @@ WORKDIR ./sources/WebGoat.NET
88RUN dotnet publish -c release -o /app
99
1010# final stage/image
11- FROM mcr.microsoft.com/dotnet/aspnet:7.0
11+ FROM mcr.microsoft.com/dotnet/aspnet:7.0@sha256:c7d9ee6cd01afe9aa80642e577c7cec9f5d87f88e5d70bd36fd61072079bc55b
1212WORKDIR /app
1313COPY --from=build /app ./
1414
You can’t perform that action at this time.
0 commit comments