diff --git a/.docker/forge-github-app-register/Dockerfile b/.docker/forge-github-app-register/Dockerfile index 0da6d427..a17a9b8a 100644 --- a/.docker/forge-github-app-register/Dockerfile +++ b/.docker/forge-github-app-register/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.14-slim +FROM python:3.14-slim@sha256:0aecac02dc3d4c5dbb024b753af084cafe41f5416e02193f1ce345d671ec966e RUN useradd --create-home appuser WORKDIR /home/appuser diff --git a/.docker/pre-commit/Dockerfile b/.docker/pre-commit/Dockerfile index 0a9e6aa1..88487ddf 100644 --- a/.docker/pre-commit/Dockerfile +++ b/.docker/pre-commit/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:24.04 AS build +FROM ubuntu:24.04@sha256:c35e29c9450151419d9448b0fd75374fec4fff364a27f176fb458d472dfc9e54 AS build WORKDIR /opt/build @@ -124,7 +124,7 @@ RUN set -eux; \ unzip -o ${TOFU_ARTIFACT} -d /usr/local/bin/; \ chmod 755 /usr/local/bin/tofu -FROM ubuntu:24.04 AS final +FROM ubuntu:24.04@sha256:c35e29c9450151419d9448b0fd75374fec4fff364a27f176fb458d472dfc9e54 AS final ENV DEBIAN_FRONTEND=noninteractive diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0f9768dd..4bf0310c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -83,7 +83,7 @@ repos: # Commit Message Hooks # --------------------- - repo: https://github.com/commitizen-tools/commitizen - rev: v4.1.0 + rev: v4.10.0 hooks: - id: commitizen name: Git · Validate commit message @@ -135,7 +135,7 @@ repos: # Docker Hooks # --------------------- - repo: https://github.com/hadolint/hadolint - rev: v2.13.1 + rev: v2.14.0 hooks: - id: hadolint name: Docker · Linter @@ -159,7 +159,7 @@ repos: name: Python · autopep8 - repo: https://github.com/PyCQA/isort - rev: 6.0.1 + rev: 6.1.0 hooks: - id: isort name: Python · Import sorter @@ -178,14 +178,14 @@ repos: args: [--ignore=E501] - repo: https://github.com/asottile/pyupgrade - rev: v3.20.0 + rev: v3.21.2 hooks: - id: pyupgrade name: Python · Upgrade syntax always_run: true - repo: https://github.com/abravalheri/validate-pyproject - rev: v0.23 + rev: v0.24.1 hooks: - id: validate-pyproject name: Python · Validate pyproject.toml @@ -196,7 +196,7 @@ repos: # JSON Schema Hooks # --------------------- - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.33.3 + rev: 0.35.0 hooks: - id: check-github-workflows name: JSON Schema · GitHub workflows @@ -230,7 +230,7 @@ repos: always_run: true - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.100.0 + rev: v1.104.0 hooks: - id: terraform_fmt name: Terraform · Formatter @@ -256,7 +256,7 @@ repos: # Security Hooks # --------------------- - repo: https://github.com/gitleaks/gitleaks - rev: v8.28.0 + rev: v8.30.0 hooks: - id: gitleaks name: Security · Gitleaks @@ -266,17 +266,18 @@ repos: # Ansible Hooks # --------------------- - repo: https://github.com/ansible-community/ansible-lint.git - rev: v25.8.2 + rev: v25.11.1 hooks: - id: ansible-lint name: Ansible · Linter always_run: true + language_version: python3.12 # --------------------- # Markdown Hooks # --------------------- - repo: https://github.com/hukkin/mdformat - rev: 0.7.21 + rev: 0.7.22 hooks: - id: mdformat name: Markdown · Format markdown diff --git a/modules/platform/ec2_deployment/main.tf b/modules/platform/ec2_deployment/main.tf index a8c78bc0..ac660583 100644 --- a/modules/platform/ec2_deployment/main.tf +++ b/modules/platform/ec2_deployment/main.tf @@ -56,7 +56,7 @@ data "external" "download_lambdas" { } module "runners" { - source = "git::https://github.com/github-aws-runners/terraform-aws-github-runner.git//modules/multi-runner?ref=v6.9.1" + source = "git::https://github.com/github-aws-runners/terraform-aws-github-runner.git//modules/multi-runner?ref=v6.10.0" aws_region = var.aws_region