From b44ede14a2be70bc6d84b2994f63f533dbcca014 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 13 May 2025 10:37:42 +0000
Subject: [PATCH] chore(deps): pin dependencies

---
 .github/workflows/ci.yaml                 |  4 ++--
 .github/workflows/publish.yaml            | 10 +++++-----
 .github/workflows/release.yaml            |  6 +++---
 .github/workflows/reuse.yaml              |  4 ++--
 Dockerfile                                |  2 +-
 charts/control-plane-operator/values.yaml |  2 +-
 6 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index e1e8094..46ef23d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -14,13 +14,13 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           submodules: recursive
 
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
         with:
           go-version-file: go.mod
 
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index ea2785c..b1406fc 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           ssh-key: ${{ secrets.PUSH_KEY }}
           fetch-tags: true
@@ -48,7 +48,7 @@ jobs:
           exit 0
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
 
       - name: Set up Docker Context for Buildx
         id: buildx-context
@@ -56,7 +56,7 @@ jobs:
           docker context create builders
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -64,12 +64,12 @@ jobs:
 
       - name: Set up Docker Buildx
         timeout-minutes: 5
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
         with:
           version: latest
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
         with:
           go-version-file: go.mod
       
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 979588d..ced19b5 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           ssh-key: ${{ secrets.PUSH_KEY }}
           fetch-tags: true
@@ -72,7 +72,7 @@ jobs:
   
       - name: Build Changelog
         id: github_release
-        uses: mikepenz/release-changelog-builder-action@v5
+        uses: mikepenz/release-changelog-builder-action@e92187bd633e680ebfdd15961a7c30b2d097e7ad # v5
         with:
           mode: "PR"
           configurationJson: |
@@ -106,7 +106,7 @@ jobs:
       
       - name: Create GitHub release
         if: ${{ env.SKIP != 'true' }}
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2
         with:
           tag_name: ${{ env.version }}
           name: Release ${{ env.version }}
diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml
index 94fa05f..e7e87c2 100644
--- a/.github/workflows/reuse.yaml
+++ b/.github/workflows/reuse.yaml
@@ -6,6 +6,6 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps: 
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
     - name: REUSE Compliance Check
-      uses: fsfe/reuse-action@v5
\ No newline at end of file
+      uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index cd81ce1..91d2939 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM gcr.io/distroless/static:nonroot@sha256:c0f429e16b13e583da7e5a6ec20dd656d325d88e6819cafe0adb0828976529dc
 ARG TARGETARCH
 WORKDIR /
 COPY bin/manager-linux.${TARGETARCH} /manager
diff --git a/charts/control-plane-operator/values.yaml b/charts/control-plane-operator/values.yaml
index a2b3892..5bd92b9 100644
--- a/charts/control-plane-operator/values.yaml
+++ b/charts/control-plane-operator/values.yaml
@@ -8,7 +8,7 @@ image:
   repository: ghcr.io/openmcp-project/github.com/openmcp-project/control-plane-operator/images/control-plane-operator
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: v0.1.5
+  tag: v0.1.5@sha256:821e518dc52365d3d06501e3b1f677f64127f7e2923fd47beac56b38f7518254
 
 imagePullSecrets: []
 nameOverride: ""