File tree Expand file tree Collapse file tree 4 files changed +105
-1
lines changed Expand file tree Collapse file tree 4 files changed +105
-1
lines changed Original file line number Diff line number Diff line change @@ -118,3 +118,58 @@ updates:
118118 update-types :
119119 - version-update:semver-major
120120 open-pull-requests-limit : 15
121+
122+ - package-ecosystem : docker
123+ directory : /dogfood/contents
124+ schedule :
125+ interval : daily
126+
127+ - package-ecosystem : docker
128+ directory : /examples/jfrog/docker/build
129+ schedule :
130+ interval : daily
131+
132+ - package-ecosystem : docker
133+ directory : /examples/parameters/build
134+ schedule :
135+ interval : daily
136+
137+ - package-ecosystem : docker
138+ directory : /examples/templates/docker/build
139+ schedule :
140+ interval : daily
141+
142+ - package-ecosystem : npm
143+ directory : /offlinedocs
144+ schedule :
145+ interval : daily
146+
147+ - package-ecosystem : npm
148+ directory : /
149+ schedule :
150+ interval : daily
151+
152+ - package-ecosystem : docker
153+ directory : /scaletest/templates/scaletest-runner
154+ schedule :
155+ interval : daily
156+
157+ - package-ecosystem : docker
158+ directory : /scripts
159+ schedule :
160+ interval : daily
161+
162+ - package-ecosystem : npm
163+ directory : /scripts/apidocgen
164+ schedule :
165+ interval : daily
166+
167+ - package-ecosystem : docker
168+ directory : /scripts/ironbank
169+ schedule :
170+ interval : daily
171+
172+ - package-ecosystem : npm
173+ directory : /site
174+ schedule :
175+ interval : daily
Original file line number Diff line number Diff line change 1+ # Dependency Review Action
2+ #
3+ # This Action will scan dependency manifest files that change as part of a Pull Request,
4+ # surfacing known-vulnerable versions of the packages declared or updated in the PR.
5+ # Once installed, if the workflow run is marked as required,
6+ # PRs introducing known-vulnerable packages will be blocked from merging.
7+ #
8+ # Source repository: https://github.com/actions/dependency-review-action
9+ name : ' Dependency Review'
10+ on : [pull_request]
11+
12+ permissions :
13+ contents : read
14+
15+ jobs :
16+ dependency-review :
17+ runs-on : ubuntu-latest
18+ steps :
19+ - name : Harden Runner
20+ uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
21+ with :
22+ egress-policy : audit
23+
24+ - name : ' Checkout Repository'
25+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
26+ - name : ' Dependency Review'
27+ uses : actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0
Original file line number Diff line number Diff line change 1+ repos :
2+ - repo : https://github.com/gitleaks/gitleaks
3+ rev : v8.16.3
4+ hooks :
5+ - id : gitleaks
6+ - repo : https://github.com/golangci/golangci-lint
7+ rev : v1.52.2
8+ hooks :
9+ - id : golangci-lint
10+ - repo : https://github.com/jumanjihouse/pre-commit-hooks
11+ rev : 3.0.0
12+ hooks :
13+ - id : shellcheck
14+ - repo : https://github.com/pre-commit/mirrors-eslint
15+ rev : v8.38.0
16+ hooks :
17+ - id : eslint
18+ - repo : https://github.com/pre-commit/pre-commit-hooks
19+ rev : v4.4.0
20+ hooks :
21+ - id : end-of-file-fixer
22+ - id : trailing-whitespace
Original file line number Diff line number Diff line change @@ -87,7 +87,7 @@ RUN apt-get update && \
8787 rm -rf /tmp/go/pkg && \
8888 rm -rf /tmp/go/src
8989
90- FROM gcr.io/coder-dev-1/alpine:3.18 as proto
90+ FROM gcr.io/coder-dev-1/alpine:3.18@sha256:25fad2a32ad1f6f510e528448ae1ec69a28ef81916a004d3629874104f8a7f70 as proto
9191WORKDIR /tmp
9292RUN apk add curl unzip
9393RUN curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip && \
You can’t perform that action at this time.
0 commit comments