From 32d97ed01a5ef0ac2bf4989c0d5df03219b278e1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 14 Jul 2026 12:13:28 +0000 Subject: [PATCH 1/2] chore(deps): pin dependencies Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/security-scans/action.yml | 2 +- .github/workflows/bake_targets.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/security-scans/action.yml b/.github/actions/security-scans/action.yml index 918f2fff..6f031dd0 100644 --- a/.github/actions/security-scans/action.yml +++ b/.github/actions/security-scans/action.yml @@ -38,7 +38,7 @@ runs: accept-filenames: usr/share/postgresql-common/pgdg/apt.postgresql.org.asc,etc/ssl/private/ssl-cert-snakeoil.key,usr/local/lib/python3.9/dist-packages/azure/core/settings.py,usr/local/lib/python3.11/dist-packages/azure/core/settings.py,usr/local/lib/python3.13/dist-packages/azure/core/settings.py - name: Snyk - uses: snyk/actions/docker@master + uses: snyk/actions/docker@8e119fbb6c251787721d34ba683ed48eba792766 # master id: snyk if: ${{ inputs.snyk_token != '' }} # Snyk can be used to break the build when it detects vulnerabilities. diff --git a/.github/workflows/bake_targets.yml b/.github/workflows/bake_targets.yml index e1fcd1d3..842bb186 100644 --- a/.github/workflows/bake_targets.yml +++ b/.github/workflows/bake_targets.yml @@ -154,7 +154,7 @@ jobs: - name: Security checks # NOTE: Do not modify this to point to the local action "./.github/actions/security-scans", # as it will break workflows running bake_targets.yml (this workflow) from external repositories. - uses: cloudnative-pg/postgres-containers/.github/actions/security-scans@main + uses: cloudnative-pg/postgres-containers/.github/actions/security-scans@a2445960f20b62916f411c7ea3098adb2eefb5c3 # main with: image: "${{ matrix.image }}" registry_user: ${{ github.actor }} @@ -180,7 +180,7 @@ jobs: - name: Copy to production # NOTE: Do not modify this to point to the local action "./.github/actions/copy-images", # as it will break workflows running bake_targets.yml (this workflow) from external repositories. - uses: cloudnative-pg/postgres-containers/.github/actions/copy-images@main + uses: cloudnative-pg/postgres-containers/.github/actions/copy-images@a2445960f20b62916f411c7ea3098adb2eefb5c3 # main with: bake_build_metadata: "${{ needs.testbuild.outputs.metadata }}" registry_user: ${{ github.actor }} From a0d7b114cd7024aee552d482692544575b5536b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niccol=C3=B2=20Fei?= Date: Tue, 14 Jul 2026 16:19:04 +0200 Subject: [PATCH 2/2] chore: revert pinning of local actions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Niccolò Fei --- .github/workflows/bake_targets.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/bake_targets.yml b/.github/workflows/bake_targets.yml index 842bb186..e1fcd1d3 100644 --- a/.github/workflows/bake_targets.yml +++ b/.github/workflows/bake_targets.yml @@ -154,7 +154,7 @@ jobs: - name: Security checks # NOTE: Do not modify this to point to the local action "./.github/actions/security-scans", # as it will break workflows running bake_targets.yml (this workflow) from external repositories. - uses: cloudnative-pg/postgres-containers/.github/actions/security-scans@a2445960f20b62916f411c7ea3098adb2eefb5c3 # main + uses: cloudnative-pg/postgres-containers/.github/actions/security-scans@main with: image: "${{ matrix.image }}" registry_user: ${{ github.actor }} @@ -180,7 +180,7 @@ jobs: - name: Copy to production # NOTE: Do not modify this to point to the local action "./.github/actions/copy-images", # as it will break workflows running bake_targets.yml (this workflow) from external repositories. - uses: cloudnative-pg/postgres-containers/.github/actions/copy-images@a2445960f20b62916f411c7ea3098adb2eefb5c3 # main + uses: cloudnative-pg/postgres-containers/.github/actions/copy-images@main with: bake_build_metadata: "${{ needs.testbuild.outputs.metadata }}" registry_user: ${{ github.actor }}