Skip to content

chore: update dependabot config and pin Docker images #15194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 4, 2024
Merged

chore: update dependabot config and pin Docker images #15194

merged 1 commit into from
Nov 4, 2024

Conversation

matifali
Copy link
Member

@matifali matifali commented Oct 23, 2024
edited
Loading

  • Update dependabot to cover missing directories.
  • Pin Docker base images using SHA256 hashes.
  • Add a missing hardening runner step.

Contributes to coder/internal#89

@matifali
chore: update dependabot config and pin Docker images
64b4c29 
- Expand Docker update directories in dependabot config for better management.
- Pin Docker base images using SHA256 to ensure consistent builds.
- Enhance workflow security by implementing hardening steps.
@matifali matifali requested a review from coadler October 23, 2024 10:59
@github-actions github-actions bot added the stale This issue is like stale bread. label Oct 31, 2024
@matifali matifali added hotfix PRs only. Harmless small change. Only humans may set this. and removed stale This issue is like stale bread. labels Oct 31, 2024
cdr-bot[bot]
cdr-bot bot approved these changes Nov 4, 2024
View reviewed changes
Copy link

@cdr-bot cdr-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR is a hotfix and has been automatically approved.

  • ✅ Base is main or release branch
  • ✅ Has hotfix label
  • ✅ Head is from coder/coder
  • ✅ Less than 100 lines

@matifali matifali merged commit 065263a into main Nov 4, 2024
35 checks passed
@matifali matifali deleted the atif/pin-images branch November 4, 2024 06:01
@github-actions github-actions bot locked and limited conversation to collaborators Nov 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@cdr-bot cdr-bot[bot] cdr-bot[bot] approved these changes

@coadler coadler Awaiting requested review from coadler

Assignees

@matifali matifali

Labels
hotfix PRs only. Harmless small change. Only humans may set this.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@matifali