diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 577445431..1a0c4131d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,16 +26,16 @@ jobs: steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0 + - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 - name: Docker registry login - if: github.ref_name == 'main' && false run: | echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin + if: github.ref_name == 'main' && false - name: Build and Publish - uses: containerbase/internal-tools@9f7cb1408116743c56ef02d432761ed7f5ecdd2a # v3.0.23 + uses: containerbase/internal-tools@e7bd2e8cedd99c9b24982865534cb7c9bf88620b # v3.0.55 with: command: docker-builder platforms: ${{ github.ref_name == 'main' && 'linux/amd64,linux/arm64' || '' }} @@ -43,12 +43,11 @@ jobs: last-only: true dry-run: ${{ github.ref_name != 'main' || true }} - - name: Build and Publish slim - if: github.ref_name == 'main' && false - uses: containerbase/internal-tools@9f7cb1408116743c56ef02d432761ed7f5ecdd2a # v3.0.23 + uses: containerbase/internal-tools@e7bd2e8cedd99c9b24982865534cb7c9bf88620b # v3.0.55 with: command: docker-builder image-prefixes: ghcr.io/${{ github.repository_owner }} last-only: true tag-suffix: slim + if: github.ref_name == 'main' && false diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 024bd039f..cccce3310 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -22,6 +22,6 @@ jobs: format: 'sarif' output: 'trivy-results.sarif' - - uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 + - uses: github/codeql-action/upload-sarif@dc021d495cb77b369e4d9d04a501700fd83b8c51 # v2.24.0 with: sarif_file: trivy-results.sarif diff --git a/Dockerfile b/Dockerfile index 121c54353..d673c8870 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ # renovate: datasource=npm depName=renovate versioning=npm -ARG RENOVATE_VERSION=37.83.4 +ARG RENOVATE_VERSION=37.180.1 # Base image #============ -FROM ghcr.io/renovatebot/base-image:1.2.0@sha256:2baa209ff4342f65b78abf0eb5cca74c1f7701aa33964a9a69da7eadef9aba96 AS base +FROM ghcr.io/renovatebot/base-image:1.22.0@sha256:59606f80b6194a99f9d7d4a2667dcc468b8717af793165cd8624bff440b67a78 AS base LABEL name="renovate" LABEL org.opencontainers.image.source="https://github.com/renovatebot/renovate" \ diff --git a/docs/bitbucket.md b/docs/bitbucket.md index 645c6e9ce..44ae434ba 100644 --- a/docs/bitbucket.md +++ b/docs/bitbucket.md @@ -6,7 +6,7 @@ The pipeline should also work on shared runners. ## bitbucket-pipelines.yml ```yml -image: renovate/renovate:37.81.4 +image: renovate/renovate:37.172.2 definitions: caches: diff --git a/docs/gitlab.md b/docs/gitlab.md index 62295906f..557060e6d 100644 --- a/docs/gitlab.md +++ b/docs/gitlab.md @@ -21,7 +21,7 @@ This sample will configure the Renovate slim image. The following pipeline runs Renovate normally on `main` branch and for self-update it runs in [`dryRun`](https://docs.renovatebot.com/self-hosted-configuration/#dryrun) mode. ```yml -image: renovate/renovate:37.81.4 +image: renovate/renovate:37.172.2 variables: LOG_LEVEL: debug diff --git a/docs/jenkins.md b/docs/jenkins.md index 7db9e241c..03dd7e806 100644 --- a/docs/jenkins.md +++ b/docs/jenkins.md @@ -29,7 +29,7 @@ The following pipeline runs Renovate normally on the default branch (eg. `main` pipeline { agent { docker { - image 'renovate/renovate:37.81.4' + image 'renovate/renovate:37.172.2' args '-v /tmp:/tmp --group-add 0' } }