From dfd2430209d95f6ec13cea95e5356be2003726e0 Mon Sep 17 00:00:00 2001
From: Lucas TESSON <lucastesson@protonmail.com>
Date: Wed, 15 Jan 2025 09:07:47 +0100
Subject: [PATCH] chore: pin dependencies

---
 .github/workflows/ci.yaml        | 10 +++++-----
 .github/workflows/docker.yaml    |  3 +++
 Dockerfile.chall-manager         | 12 ++++++------
 Dockerfile.chall-manager-janitor |  2 +-
 go.work.sum                      |  3 +++
 5 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 660eafe..a5df5de 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -22,11 +22,11 @@ jobs:
 
       - name: Setup buf dependencies
         run: |
-          go install github.com/bufbuild/buf/cmd/buf
-          go install github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2
-          go install google.golang.org/grpc/cmd/protoc-gen-go-grpc
-          go install github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-grpc-gateway
-          go install google.golang.org/protobuf/cmd/protoc-gen-go
+          go install github.com/bufbuild/buf/cmd/buf@v1.48.0 && \
+          go install github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2@v2.25.1 && \
+          go install google.golang.org/grpc/cmd/protoc-gen-go-grpc && \
+          go install github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-grpc-gateway@v2.25.1 && \
+          go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.36.1
 
       - name: Cache go modules
         uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 316389b..12a1bac 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -5,6 +5,9 @@ on:
     tags:
       - "v*"
 
+permissions:
+  contents: read
+
 jobs:
   docker-cm:
     runs-on: ubuntu-latest
diff --git a/Dockerfile.chall-manager b/Dockerfile.chall-manager
index 766f6af..4862ffd 100644
--- a/Dockerfile.chall-manager
+++ b/Dockerfile.chall-manager
@@ -1,5 +1,5 @@
 # Build stage
-FROM golang:1.23.4 AS builder
+FROM golang:1.23.4@sha256:585103a29aa6d4c98bbb45d2446e1fdf41441698bbdf707d1801f5708e479f04 AS builder
 
 WORKDIR /go/src
 COPY go.mod go.sum ./
@@ -7,11 +7,11 @@ RUN go mod download
 
 COPY . .
 
-RUN go install github.com/bufbuild/buf/cmd/buf && \
-    go install github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2 && \
+RUN go install github.com/bufbuild/buf/cmd/buf@v1.48.0 && \
+    go install github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2@v2.25.1 && \
     go install google.golang.org/grpc/cmd/protoc-gen-go-grpc && \
-    go install github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-grpc-gateway && \
-    go install google.golang.org/protobuf/cmd/protoc-gen-go
+    go install github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-grpc-gateway@v2.25.1 && \
+    go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.36.1
 RUN make buf
 
 RUN apt update && apt install zip unzip -y
@@ -23,7 +23,7 @@ RUN go build -cover -o /go/bin/chall-manager cmd/chall-manager/main.go
 
 
 # Prod stage
-FROM pulumi/pulumi-go:3.145.0
+FROM pulumi/pulumi-go:3.145.0@sha256:b4b0c0f0760e67eba7d045c007f730e8845cf0da998c08bd68472a614698c6a2
 RUN pulumi login --local
 COPY --from=builder /go/bin/chall-manager /chall-manager
 COPY ./gen ./gen
diff --git a/Dockerfile.chall-manager-janitor b/Dockerfile.chall-manager-janitor
index e5fdc1d..1f5ada3 100644
--- a/Dockerfile.chall-manager-janitor
+++ b/Dockerfile.chall-manager-janitor
@@ -1,5 +1,5 @@
 # Build stage
-FROM golang:1.23.4 AS builder
+FROM golang:1.23.4@sha256:585103a29aa6d4c98bbb45d2446e1fdf41441698bbdf707d1801f5708e479f04 AS builder
 
 WORKDIR /go/src
 COPY go.mod go.sum ./
diff --git a/go.work.sum b/go.work.sum
index f50ce6b..7753a68 100644
--- a/go.work.sum
+++ b/go.work.sum
@@ -661,6 +661,7 @@ github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDX
 github.com/containerd/imgcrypt v1.1.8/go.mod h1:x6QvFIkMyO2qGIY2zXc88ivEzcbgvLdWjoZyGqDap5U=
 github.com/containerd/nri v0.6.1/go.mod h1:7+sX3wNx+LR7RzhjnJiUkFDhn18P5Bg/0VnJ/uXpRJM=
 github.com/containerd/protobuild v0.3.0/go.mod h1:5mNMFKKAwCIAkFBPiOdtRx2KiQlyEJeMXnL5R1DsWu8=
+github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY=
 github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
 github.com/containerd/zfs v1.1.0/go.mod h1:oZF9wBnrnQjpWLaPKEinrx3TQ9a+W/RJO7Zb41d8YLE=
 github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw=
@@ -835,6 +836,8 @@ github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A=
+github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
+github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI=
 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=