From 5f8f7566c5edd71ef47117392dce03f6f415c92d Mon Sep 17 00:00:00 2001
From: Renovate Bot <renovate@t00n.de>
Date: Fri, 12 Dec 2025 21:05:52 +0000
Subject: [PATCH] chore(deps): pin dependencies

---
 .gitea/workflows/cd.yaml | 20 ++++++++++----------
 .gitea/workflows/ci.yaml |  8 ++++----
 Dockerfile               |  4 ++--
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml
index e56dd1c..ce54c58 100644
--- a/.gitea/workflows/cd.yaml
+++ b/.gitea/workflows/cd.yaml
@@ -22,14 +22,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
       - name: Setup go
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
         with:
           go-version-file: go.mod
           check-latest: true
       - name: Create cache key
-        uses: https://gitea.com/actions/go-hashfiles@v0.0.1
+        uses: https://gitea.com/actions/go-hashfiles@264ae76b7e50173ce71ed7da4b48e5e517f3f9ec # v0.0.1
         id: hash-go
         with:
           patterns: |
@@ -37,7 +37,7 @@ jobs:
             go.sum
       - name: cache go
         id: cache-go
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
         with:
           path: |
             /go_path
@@ -62,11 +62,11 @@ jobs:
       - linux_${{ matrix.arch }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
       - name: Login to Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
         with:
           registry: ${{ env.DOCKER_REGISTRY }}
           username: ${{ secrets.REGISTRY_USER }}
@@ -77,7 +77,7 @@ jobs:
           echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}' | tr '[:upper:]' '[:lower:]') >> $GITHUB_OUTPUT
           echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
       - name: Build and push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
           context: .
           file: ./Dockerfile
@@ -117,7 +117,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       - name: Get Metadata
         id: meta
@@ -126,7 +126,7 @@ jobs:
           echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
 
       - name: Login to Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
         with:
           registry: ${{ env.DOCKER_REGISTRY }}
           username: ${{ secrets.REGISTRY_USER }}
diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml
index c200470..373d75a 100644
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -13,14 +13,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
       - name: Setup go
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
         with:
           go-version-file: go.mod
           check-latest: true
       - name: Create cache key
-        uses: https://gitea.com/actions/go-hashfiles@v0.0.1
+        uses: https://gitea.com/actions/go-hashfiles@264ae76b7e50173ce71ed7da4b48e5e517f3f9ec # v0.0.1
         id: hash-go
         with:
           patterns: |
@@ -28,7 +28,7 @@ jobs:
             go.sum
       - name: cache go
         id: cache-go
-        uses: actions/cache@v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
         with:
           path: |
             /go_path
diff --git a/Dockerfile b/Dockerfile
index 3631e98..f44a665 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.25-alpine as build
+FROM golang:1.25-alpine@sha256:26111811bc967321e7b6f852e914d14bede324cd1accb7f81811929a6a57fea9 as build
 
 ARG GOARCH=amd64
 
@@ -9,6 +9,6 @@ COPY . .
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=${GOARCH} \
     go build -trimpath -ldflags="-s -w" -o main .
 
-FROM gcr.io/distroless/static-debian12
+FROM gcr.io/distroless/static-debian12@sha256:4b2a093ef4649bccd586625090a3c668b254cfe180dee54f4c94f3e9bd7e381e
 COPY --from=build /app/main /
 CMD ["/main"]