From c591d240ddaf0ec54b7ad6c7cc6e769147df3608 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 20 May 2026 01:12:47 +0000
Subject: [PATCH] chore(deps): pin dependencies

---
 .github/workflows/build.yml | 20 ++++++++++----------
 Dockerfile                  |  2 +-
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ca176d4..a8c5a6e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -16,11 +16,11 @@ jobs:
     name: Build and release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-java@v5
+      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
         with:
           distribution: liberica
           java-version: |
@@ -28,7 +28,7 @@ jobs:
             25
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v5
+        uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5
 
       - name: Build with Gradle
         run: ./gradlew build --refresh-dependencies
@@ -37,16 +37,16 @@ jobs:
         run: ./gradlew copyJdksToCache jreleaserAssemble
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v4
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Build Docker image
-        uses: docker/build-push-action@v7
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
         with:
           context: .
           load: true
@@ -54,7 +54,7 @@ jobs:
 
       - if: github.ref == 'refs/heads/main'
         name: Push docker image to Docker Hub
-        uses: docker/build-push-action@v7
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
         with:
           context: .
           platforms: linux/amd64,linux/arm64/v8
@@ -73,12 +73,12 @@ jobs:
     needs: build
     if: github.ref == 'refs/heads/main'
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           repository: utPLSQL/utPLSQL
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v4
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -93,7 +93,7 @@ jobs:
             --output-format sq-generic-issue-import
 
       - name: Analyze with SonarCloud
-        uses: sonarsource/sonarcloud-github-action@v5
+        uses: sonarsource/sonarcloud-github-action@ffc3010689be73b8e5ae0c57ce35968afd7909e8 # v5
         with:
           args: >
             -Dsonar.projectKey=utPLSQL-zpa-demo
diff --git a/Dockerfile b/Dockerfile
index 1fc49cc..4fe1ffc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM bellsoft/liberica-runtime-container:jre-25.0.3_11-slim-musl
+FROM bellsoft/liberica-runtime-container:jre-25.0.3_11-slim-musl@sha256:13b730d33b00e28d152ea707d3feeb2c73df622896906ed9d3e8f3a9597932e5
 
 RUN addgroup -S -g 1001 zpa-cli \
  && adduser -S -D -u 1001 -G zpa-cli -h /home/zpa-cli zpa-cli