From 50176207f8eb70ce374f70003a263c7d58fbd991 Mon Sep 17 00:00:00 2001
From: "renovate-pagopa[bot]"
 <164534245+renovate-pagopa[bot]@users.noreply.github.com>
Date: Tue, 12 Nov 2024 06:00:36 +0000
Subject: [PATCH] Pin dependencies

---
 .github/actions/check-pr-semver-labels/action.yml | 2 +-
 .github/workflows/check_pr.yml                    | 2 +-
 .github/workflows/deploy.yml                      | 4 ++--
 Dockerfile                                        | 4 ++--
 Dockerfile.nodo-mock                              | 2 +-
 api-tests/Dockerfile                              | 2 +-
 docker-compose.yml                                | 4 ++--
 7 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/actions/check-pr-semver-labels/action.yml b/.github/actions/check-pr-semver-labels/action.yml
index 49c9b343..a6b3eaa1 100644
--- a/.github/actions/check-pr-semver-labels/action.yml
+++ b/.github/actions/check-pr-semver-labels/action.yml
@@ -21,7 +21,7 @@ runs:
   steps:
     - name: Retrieve semantic versioning labels on PR
       id: check_labels
-      uses: actions/github-script@v6.3.3
+      uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # v6.3.3
       env:
         VALID_APP_VERSION_LABELS: patch, minor, major, ignore-for-release
         VALID_CHART_VERSION_LABELS: chart-patch, chart-minor, chart-major
diff --git a/.github/workflows/check_pr.yml b/.github/workflows/check_pr.yml
index 24195599..54ba2e3c 100644
--- a/.github/workflows/check_pr.yml
+++ b/.github/workflows/check_pr.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1
       - uses: ./.github/actions/check-pr-semver-labels
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index d88a65dc..8247b89a 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -18,7 +18,7 @@ jobs:
       semver_chart: ${{ steps.semver_labels.outputs.semver_chart }}
       skip_release: ${{ steps.semver_labels.outputs.skip_release }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
         with:
           token: ${{ secrets.github_token }}
       - uses: ./.github/actions/check-pr-semver-labels
@@ -66,7 +66,7 @@ jobs:
           echo "SKIP_BUILD=${{ steps.configure_pipeline_parameters.outputs.SKIP_BUILD }}"
         shell: bash
       - name: Azure Pipelines Action
-        uses: jacopocarlini/azure-pipelines@v1.3
+        uses: jacopocarlini/azure-pipelines@b9721743a54e862597395b4a70727cfdc03028fb # v1.3
         with:
           azure-devops-project-url: https://dev.azure.com/pagopaspa/pagoPA-projects
           azure-pipeline-name: 'pagopa-ecommerce-payment-requests-service.deploy'
diff --git a/Dockerfile b/Dockerfile
index 7079f931..2e77970a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM openjdk:17-slim as build
+FROM openjdk:17-slim@sha256:aaa3b3cb27e3e520b8f116863d0580c438ed55ecfa0bc126b41f68c3f62f9774 as build
 WORKDIR /workspace/app
 
 COPY mvnw .
@@ -13,7 +13,7 @@ COPY eclipse-style.xml eclipse-style.xml
 RUN ./mvnw install -DskipTests # --offline
 RUN mkdir target/extracted && java -Djarmode=layertools -jar target/*.jar extract --destination target/extracted
 
-FROM openjdk:17-slim
+FROM openjdk:17-slim@sha256:aaa3b3cb27e3e520b8f116863d0580c438ed55ecfa0bc126b41f68c3f62f9774
 
 RUN addgroup --system user && adduser --ingroup user --system user
 USER user:user
diff --git a/Dockerfile.nodo-mock b/Dockerfile.nodo-mock
index a696ac0c..cab2bcdf 100644
--- a/Dockerfile.nodo-mock
+++ b/Dockerfile.nodo-mock
@@ -1,4 +1,4 @@
-FROM node:12.18.2-alpine
+FROM node:12.18.2-alpine@sha256:b48d5259d91e549e4941d5170870619d2e9c27de648e6230625752481232a005
 
 RUN apk update && apk upgrade && \
     apk add --no-cache bash ca-certificates git openssh openssl
diff --git a/api-tests/Dockerfile b/api-tests/Dockerfile
index 7d8b54e9..3e1f0d8a 100644
--- a/api-tests/Dockerfile
+++ b/api-tests/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:14-alpine
+FROM node:14-alpine@sha256:434215b487a329c9e867202ff89e704d3a75e554822e07f3e0c0f9e606121b33
 
 RUN mkdir -p /home/node/newman/node_modules && chown -R node:node /home/node/newman
 WORKDIR /home/node/newman
diff --git a/docker-compose.yml b/docker-compose.yml
index c267b4b4..35535993 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,7 +20,7 @@ services:
           memory: 512M
   redis:
     container_name: pagopa-ecommerce-redis
-    image: redis
+    image: redis@sha256:c16e2b5ec23a6a0f741796ae42d07d056ea0154d928e2df7e2de14899408d3ab
     command: [ "sh", "-c", 'exec redis-server --requirepass "$$REDIS_PASSWORD"' ]
     ports:
       - "6379:6379"
@@ -28,7 +28,7 @@ services:
       - pagopa-ecommerce-net
 
   redis-insight:
-    image: redislabs/redisinsight
+    image: redislabs/redisinsight@sha256:ef29a4cae9ce79b659734f9e3e77db3a5f89876601c89b1ee8fdf18d2f92bb9d
     ports:
       - "8001:8001"
     networks: