diff --git a/.github/workflows/canary.yml b/.github/workflows/canary.yml index 1307ee8..f366cb5 100644 --- a/.github/workflows/canary.yml +++ b/.github/workflows/canary.yml @@ -37,13 +37,13 @@ jobs: rc: true - name: Canary test - uses: docker://ghcr.io/step-security/integration-test/int:latest + uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333 env: PAT: ${{ secrets.PAT }} canary: true - name: Canary TLS test - uses: docker://ghcr.io/step-security/integration-test/int:latest + uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333 env: PAT: ${{ secrets.PAT }} canary-tls: true diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml index 0518582..fb0f5b2 100644 --- a/.github/workflows/code-review.yml +++ b/.github/workflows/code-review.yml @@ -20,4 +20,4 @@ jobs: int.api.stepsecurity.io:443 - name: Code Review - uses: step-security/ai-codewise@int + uses: step-security/ai-codewise@ab9fe138367d6094b2df7f8469ddc2c5a79c9cf4 # int diff --git a/.github/workflows/recurring-int-tests.yml b/.github/workflows/recurring-int-tests.yml index 20fc63a..4b7adc8 100644 --- a/.github/workflows/recurring-int-tests.yml +++ b/.github/workflows/recurring-int-tests.yml @@ -18,7 +18,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Canary test - uses: docker://ghcr.io/step-security/integration-test/int:latest + uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333 env: PAT: ${{ secrets.PAT }} canary: true @@ -33,7 +33,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Canary test - uses: docker://ghcr.io/step-security/integration-test/int:latest + uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333 env: PAT: ${{ secrets.PAT }} canary-tls: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e27ded9..a2b4dbc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -40,7 +40,7 @@ jobs: rc: true - name: Canary test - uses: docker://ghcr.io/step-security/integration-test/int:latest + uses: docker://ghcr.io/step-security/integration-test/int:latest@sha256:63d9fc09c6cb655d046e7e89d3d6ef1117e103713f540c6bc4bc1b822be54333 env: PAT: ${{ secrets.PAT }} canary: true diff --git a/.github/workflows/runs-on.yml b/.github/workflows/runs-on.yml index a233b74..3e71504 100644 --- a/.github/workflows/runs-on.yml +++ b/.github/workflows/runs-on.yml @@ -14,7 +14,7 @@ jobs: - image=ubuntu24-stepsecurity-x64 steps: - name: Harden Runner - uses: step-security/harden-runner@rc + uses: step-security/harden-runner@fa70c45ca9a73bcef023a3e6afac49ffa3007480 # rc with: egress-policy: audit allowed-endpoints: > @@ -43,7 +43,7 @@ jobs: - image=ubuntu24-stepsecurity-x64 steps: - name: Harden Runner - uses: step-security/harden-runner@rc + uses: step-security/harden-runner@fa70c45ca9a73bcef023a3e6afac49ffa3007480 # rc with: egress-policy: block allowed-endpoints: > @@ -89,7 +89,7 @@ jobs: - image=ubuntu24-stepsecurity-x64 steps: - name: Harden Runner - uses: step-security/harden-runner@rc + uses: step-security/harden-runner@fa70c45ca9a73bcef023a3e6afac49ffa3007480 # rc with: egress-policy: audit allowed-endpoints: > @@ -137,7 +137,7 @@ jobs: - image=ubuntu24-stepsecurity-x64 steps: - name: Harden Runner - uses: step-security/harden-runner@rc + uses: step-security/harden-runner@fa70c45ca9a73bcef023a3e6afac49ffa3007480 # rc with: egress-policy: block allowed-endpoints: >