From 219254a936ff3981c3ede0bbd44febcd3218b0a4 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 6 May 2025 11:22:51 +0000
Subject: [PATCH] chore(deps): pin dependencies

---
 .github/workflows/ci.yaml                     |  4 ++--
 .github/workflows/publish.yaml                | 10 +++++-----
 .github/workflows/release.yaml                |  6 +++---
 .github/workflows/reuse.yaml                  |  4 ++--
 Dockerfile                                    |  2 +-
 charts/project-workspace-operator/values.yaml |  2 +-
 6 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 784125e..5705604 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -14,13 +14,13 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           submodules: recursive
 
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5
         with:
           go-version-file: go.mod
 
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index cf722ab..42b251c 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           ssh-key: ${{ secrets.PUSH_KEY }}
           fetch-tags: true
@@ -48,7 +48,7 @@ jobs:
           exit 0
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
 
       - name: Set up Docker Context for Buildx
         id: buildx-context
@@ -56,7 +56,7 @@ jobs:
           docker context create builders
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -64,12 +64,12 @@ jobs:
 
       - name: Set up Docker Buildx
         timeout-minutes: 5
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
         with:
           version: latest
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5
         with:
           go-version-file: go.mod
       
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 36f3694..125e3e6 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           ssh-key: ${{ secrets.PUSH_KEY }}
           fetch-tags: true
@@ -72,7 +72,7 @@ jobs:
   
       - name: Build Changelog
         id: github_release
-        uses: mikepenz/release-changelog-builder-action@v5
+        uses: mikepenz/release-changelog-builder-action@e92187bd633e680ebfdd15961a7c30b2d097e7ad # v5
         with:
           mode: "PR"
           configurationJson: |
@@ -122,7 +122,7 @@ jobs:
 
       - name: Create GitHub release
         if: ${{ env.SKIP != 'true' }}
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2
         with:
           tag_name: ${{ env.version }}
           name: Release ${{ env.version }}
diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml
index 94fa05f..e7e87c2 100644
--- a/.github/workflows/reuse.yaml
+++ b/.github/workflows/reuse.yaml
@@ -6,6 +6,6 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps: 
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
     - name: REUSE Compliance Check
-      uses: fsfe/reuse-action@v5
\ No newline at end of file
+      uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 9e7f5de..ae3b073 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 # NOTE: This Dockerfile is used by the pipeline, but not for the 'make image' command, which uses the Dockerfile template in hack/common instead.
 # Use distroless as minimal base image to package the component binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM gcr.io/distroless/static:nonroot@sha256:c0f429e16b13e583da7e5a6ec20dd656d325d88e6819cafe0adb0828976529dc
 ARG TARGETOS
 ARG TARGETARCH
 ARG COMPONENT
diff --git a/charts/project-workspace-operator/values.yaml b/charts/project-workspace-operator/values.yaml
index b6fda62..6b3923e 100644
--- a/charts/project-workspace-operator/values.yaml
+++ b/charts/project-workspace-operator/values.yaml
@@ -20,7 +20,7 @@ image:
   repository: ghcr.io/openmcp-project/github.com/openmcp-project/project-workspace-operator/images/project-workspace-operator
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: v0.10.0
+  tag: v0.10.0@sha256:af7fc400b006cf1275ad96cbbbcd334457818e15f7c90c18091499428a690033
 
 imagePullSecrets: []
 nameOverride: ""