Timo Behrendt
4bc8c6e40f
All checks were successful
CD / Release (push) Successful in 5s
We always want to pin GitHub actions to a digest, to avoid attack vectors where existing tags are being re-used and their implementation replaced with malicious code. As described in [renovate's documentation](https://docs.renovatebot.com/modules/manager/github-actions/#digest-pinning-and-updating), adding the "helpers:pinGitHubActionDigests" to the extends automatically forces renovate to always pin digests. Reviewed-on: #2 Reviewed-by: branch-buddy <branch-buddy@t00n.de> Co-authored-by: Timo Behrendt <t.behrendt@t00n.de> Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>
11 lines
236 B
JSON
11 lines
236 B
JSON
{
|
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
|
"extends": ["helpers:pinGitHubActionDigests"],
|
|
"packageRules": [
|
|
{
|
|
"matchManagers": ["github-actions"],
|
|
"addLabels": ["deps", "action"]
|
|
}
|
|
]
|
|
}
|