docker
diff --git a/‎.github/dependabot.yml‎
Lines changed: 4 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/ci-subaction.yml‎
Lines changed: 5 additions & 2 deletions b/‎.github/workflows/ci-subaction.yml‎
Lines changed: 5 additions & 2 deletions
@@ -4,13 +4,17 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
+    cooldown:
+      default-days: 2
     labels:
       - "dependencies"
       - "bot"
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "daily"
+    cooldown:
+      default-days: 2
     versioning-strategy: "increase"
     allow:
       - dependency-type: "production"
 
@@ -1,5 +1,8 @@
 name: ci-subaction
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -60,7 +63,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Matrix gen
         id: gen
@@ -71,7 +74,7 @@ jobs:
           fields: ${{ matrix.fields }}
       -
         name: Check output
-        uses: actions/github-script@v8
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         env:
           INPUT_MATRIX: ${{ steps.gen.outputs.matrix }}
           INPUT_EXPECTED: ${{ matrix.expected }}