chore(renovate): add pinDigests to github-actions packageRule
Pin GitHub Actions references to full commit SHAs via Renovate. This ensures supply-chain security by preventing floating tags from silently pointing at different commits. Mirrors the change being made in the org-level renovate-config.json (.github PR #63). Applying it directly here ensures new plugins created from this template have SHA pinning from day one. Related: PRI-731 Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Hugh Hackman
+2
-1
@@ -13,7 +13,8 @@
|
|||||||
{
|
{
|
||||||
"matchManagers": ["github-actions"],
|
"matchManagers": ["github-actions"],
|
||||||
"matchUpdateTypes": ["minor", "patch"],
|
"matchUpdateTypes": ["minor", "patch"],
|
||||||
"groupName": "github-actions minor and patch"
|
"groupName": "github-actions minor and patch",
|
||||||
|
"pinDigests": true
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user