pin used action hashes, add dependabot config (#48)

MarkIannucci · alexrashed · web-flow · commit 0c7554fa1ce7 · 2025-12-09T13:20:14.000+01:00
Co-authored-by: Alexander Rashed &lt;alexander.rashed@localstack.cloud&gt;
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -13,12 +13,12 @@ jobs:
     name: 'Test LocalStack GitHub Action'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       # We must hack the action call as remote to be able to use the relative paths
       # Could it break with different CWD? 🤔
       - name: Start LocalStack
-        uses: jenseng/dynamic-uses@v1
+        uses: jenseng/dynamic-uses@26a7fa196ecfc98e02d08d65a09d03ab999683ae # v1
         with:
           uses: LocalStack/setup-localstack@${{ env.GH_ACTION_VERSION }}
           with: |-
@@ -42,12 +42,12 @@ jobs:
     name: 'Test LocalStack Version with Github Actions'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       # We must hack the action call as remote to be able to use the relative paths
       # Could it break with different CWD? 🤔
       - name: Start LocalStack
-        uses: jenseng/dynamic-uses@v1
+        uses: jenseng/dynamic-uses@26a7fa196ecfc98e02d08d65a09d03ab999683ae # v1
         with:
           uses: LocalStack/setup-localstack@${{ env.GH_ACTION_VERSION }}
           with: |-
@@ -71,10 +71,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: ⚡️ Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       - name: Start LocalStack
-        uses: jenseng/dynamic-uses@v1
+        uses: jenseng/dynamic-uses@26a7fa196ecfc98e02d08d65a09d03ab999683ae # v1
         with:
           uses: LocalStack/setup-localstack@${{ env.GH_ACTION_VERSION }}
           with: |-
@@ -94,7 +94,7 @@ jobs:
           awslocal sqs create-queue --queue-name test-queue
 
       - name: Save the Cloud Pod 
-        uses: jenseng/dynamic-uses@v1
+        uses: jenseng/dynamic-uses@26a7fa196ecfc98e02d08d65a09d03ab999683ae # v1
         with:
           uses: LocalStack/setup-localstack@${{ env.GH_ACTION_VERSION }}
           with: |-
@@ -111,10 +111,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: ⚡️ Checkout the repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       - name: Start LocalStack
-        uses: jenseng/dynamic-uses@v1
+        uses: jenseng/dynamic-uses@26a7fa196ecfc98e02d08d65a09d03ab999683ae # v1
         with:
           uses: LocalStack/setup-localstack@${{ env.GH_ACTION_VERSION }}
           with: |-
@@ -139,7 +139,7 @@ jobs:
           awslocal sqs delete-queue --queue-url $(awslocal sqs get-queue-url --queue-name test-queue --output text)
 
       - name: Save the State Artifact
-        uses: jenseng/dynamic-uses@v1
+        uses: jenseng/dynamic-uses@26a7fa196ecfc98e02d08d65a09d03ab999683ae # v1
         with:
           uses: LocalStack/setup-localstack@${{ env.GH_ACTION_VERSION }}
           with: |-
diff --git a/.github/workflows/ephemeral.yml b/.github/workflows/ephemeral.yml
@@ -7,10 +7,10 @@ jobs:
     name: 'Test ephemeral instance workflow'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       - name: Deploy Ephemeral Instance
-        uses: jenseng/dynamic-uses@v1
+        uses: jenseng/dynamic-uses@26a7fa196ecfc98e02d08d65a09d03ab999683ae # v1
         with:
           uses: LocalStack/setup-localstack@${{ env.GH_ACTION_VERSION }}
           with: |-
@@ -67,7 +67,7 @@ jobs:
       # We want explicit shutdown
       - name: Shutdown ephemeral instance
         if: ${{ always() }}
-        uses: jenseng/dynamic-uses@v1
+        uses: jenseng/dynamic-uses@26a7fa196ecfc98e02d08d65a09d03ab999683ae # v1
         with:
           uses: LocalStack/setup-localstack@${{ env.GH_ACTION_VERSION }}
           with: |-
diff --git a/action.yml b/action.yml
@@ -97,7 +97,7 @@ runs:
       shell: bash
 
     - name: Install tools
-      uses: jenseng/dynamic-uses@v1
+      uses: jenseng/dynamic-uses@5175289a9a87978dcfcb9cf512b821d23b2a53eb # v1
       if: ${{ inputs.skip-startup == 'true' || inputs.state-backend == 'ephemeral' || inputs.state-action == 'save' }}
       with:
         uses: ${{ env.GH_ACTION_ROOT }}/tools
@@ -107,7 +107,7 @@ runs:
           }
 
     - name: Start Localstack
-      uses: jenseng/dynamic-uses@v1
+      uses: jenseng/dynamic-uses@5175289a9a87978dcfcb9cf512b821d23b2a53eb # v1
       if: ${{ inputs.skip-startup != 'true' && inputs.state-backend != 'ephemeral' && inputs.state-action != 'save' }}
       with:
         # now we can dynamically determine sub-action path 🥳
@@ -126,7 +126,7 @@ runs:
 
     - name: Create Ephemeral Instance
       if: ${{ inputs.state-action == 'start' && inputs.state-backend == 'ephemeral' }}
-      uses: jenseng/dynamic-uses@v1
+      uses: jenseng/dynamic-uses@5175289a9a87978dcfcb9cf512b821d23b2a53eb # v1
       with:
         uses: ${{ env.GH_ACTION_ROOT }}/ephemeral/startup
         with: |-
@@ -141,7 +141,7 @@ runs:
     # Use different artifact from current workflow's by passing the workflow's id as WORKFLOW_ID env variable
     - name: Manage state
       if: ${{ inputs.state-action == 'save' || inputs.state-action == 'load' }}
-      uses: jenseng/dynamic-uses@v1
+      uses: jenseng/dynamic-uses@5175289a9a87978dcfcb9cf512b821d23b2a53eb # v1
       with:
         uses: ${{ env.GH_ACTION_ROOT }}/${{ inputs.state-backend }}
         with: |-
@@ -152,7 +152,7 @@ runs:
 
     - name: Display Ephemeral Instance URL
       if: ${{ inputs.state-action == 'start' && inputs.state-backend == 'ephemeral' && (inputs.include-preview == 'true' || inputs.ci-project != '') }}
-      uses: jenseng/dynamic-uses@v1
+      uses: jenseng/dynamic-uses@5175289a9a87978dcfcb9cf512b821d23b2a53eb # v1
       with:
         uses: ${{ env.GH_ACTION_ROOT }}/finish
         with: |-
@@ -164,7 +164,7 @@ runs:
     
     - name: Stop Ephemeral Instance
       if: ${{ (inputs.skip-ephemeral-stop == 'false' || inputs.state-action == 'stop') && inputs.state-backend == 'ephemeral' }}
-      uses: jenseng/dynamic-uses@v1
+      uses: jenseng/dynamic-uses@5175289a9a87978dcfcb9cf512b821d23b2a53eb # v1
       with:
         uses: ${{ env.GH_ACTION_ROOT }}/ephemeral/shutdown
         with: |-
diff --git a/ephemeral/startup/action.yml b/ephemeral/startup/action.yml
@@ -42,7 +42,7 @@ runs:
 
     - name: Initial PR comment
       if: inputs.github-token
-      uses: jenseng/dynamic-uses@v1
+      uses: jenseng/dynamic-uses@5175289a9a87978dcfcb9cf512b821d23b2a53eb # v1
       with:
         uses: ${{ env.GH_ACTION_ROOT }}/prepare
         with: |-
diff --git a/startup/action.yml b/startup/action.yml
@@ -50,7 +50,7 @@ runs:
       shell: bash
 
     - name: Install tools
-      uses: jenseng/dynamic-uses@v1
+      uses: jenseng/dynamic-uses@5175289a9a87978dcfcb9cf512b821d23b2a53eb # v1
       with:
         uses: ${{ env.GH_ACTION_ROOT }}/tools
         with: |-
