From 6a0c9d0b5e8e9db262bfb8b927d66dea96e20963 Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovate@mgrote.net>
Date: Fri, 26 Jan 2024 23:47:45 +0100
Subject: [PATCH] chore(deps): pin dependencies (#2)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| koalaman/shellcheck-alpine |  | pinDigest |  -> `f73b035` |
| [pipelinecomponents/hadolint](https://gitlab.com/pipeline-components/hadolint) |  | pinDigest |  -> `430e949` |
| plugins/docker |  | pinDigest |  -> `2f15740` |
| ubuntu | final | pinDigest |  -> `f2034e7` |
| [zricethezav/gitleaks](https://github.com/gitleaks/gitleaks) |  | pinDigest |  -> `e5f6d1a` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTIuMSIsInVwZGF0ZWRJblZlciI6IjM3LjE1Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Reviewed-on: https://git.mgrote.net/container-images/fpm/pulls/2
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
---
 .woodpecker/build.yml | 4 ++--
 .woodpecker/lint.yml  | 6 +++---
 Dockerfile            | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.woodpecker/build.yml b/.woodpecker/build.yml
index dbfac20..b799d50 100644
--- a/.woodpecker/build.yml
+++ b/.woodpecker/build.yml
@@ -3,7 +3,7 @@ depends_on:
   - lint
 steps:
   selfhosted_tag:
-    image: plugins/docker
+    image: plugins/docker@sha256:2f157400c2cb7de1b309b0f044f119375108218e54d38e1340e00b9f93abdefb
     settings:
       dockerfile: Dockerfile
       repo: registry.mgrote.net/fpm
@@ -15,7 +15,7 @@ steps:
         - tag
 
   selfhosted_push:
-    image: plugins/docker
+    image: plugins/docker@sha256:2f157400c2cb7de1b309b0f044f119375108218e54d38e1340e00b9f93abdefb
     settings:
       dockerfile: Dockerfile
       repo: registry.mgrote.net/fpm
diff --git a/.woodpecker/lint.yml b/.woodpecker/lint.yml
index 39d7074..d2d75c6 100644
--- a/.woodpecker/lint.yml
+++ b/.woodpecker/lint.yml
@@ -1,7 +1,7 @@
 ---
 steps:
   gitleaks:
-    image: zricethezav/gitleaks:v8.18.0
+    image: zricethezav/gitleaks:v8.18.0@sha256:e5f6d1a62786affd1abd882ecc73e9353ce78adea1650711f6e351767723712d
     commands:
       - gitleaks detect --no-git --verbose --source $CI_WORKSPACE
     when:
@@ -10,7 +10,7 @@ steps:
           - tag
 
   hadolint:
-    image: pipelinecomponents/hadolint:0.25.9
+    image: pipelinecomponents/hadolint:0.25.9@sha256:430e949e6554d56ffc2dd08898ee609c71822d7fa1033f7c4dc240e90f2aac23
     commands:
       - hadolint Dockerfile
     when:
@@ -19,7 +19,7 @@ steps:
           - tag
 
   shellcheck:
-    image: koalaman/shellcheck-alpine:stable
+    image: koalaman/shellcheck-alpine:stable@sha256:f73b035c8ebfc8a66ba54e07af5cc41e790cf41fff45317914b1ce677dd9cada
     commands:
       - "find . -name *.sh -exec shellcheck {} +"
     when:
diff --git a/Dockerfile b/Dockerfile
index de2d8b7..6d3a3ac 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal
+FROM ubuntu:focal@sha256:f2034e7195f61334e6caff6ecf2e965f92d11e888309065da85ff50c617732b8
 
 ENV DEBIAN_FRONTEND=noninteractive