chore(renovate): add pinDigests to github-actions packageRule
Pin GitHub Actions references to full commit SHAs via Renovate. This ensures supply-chain security by preventing floating tags from silently pointing at different commits. Mirrors the change being made in the org-level renovate-config.json (.github PR #63). Applying it directly here ensures new plugins created from this template have SHA pinning from day one. Related: PRI-731 Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Hugh Hackman
+2
-1
@@ -13,7 +13,8 @@
|
||||
{
|
||||
"matchManagers": ["github-actions"],
|
||||
"matchUpdateTypes": ["minor", "patch"],
|
||||
"groupName": "github-actions minor and patch"
|
||||
"groupName": "github-actions minor and patch",
|
||||
"pinDigests": true
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user