From 0c1a6f76a3920918c92346d7b37094417fba1c29 Mon Sep 17 00:00:00 2001
From: Ciprian Hacman <ciprian@hakman.dev>
Date: Tue, 7 Jan 2025 21:36:58 +0200
Subject: [PATCH] Add Dependabot config for weekly updates

---
 .github/dependabot.yml         | 24 ++++++++++++++++++++++++
 .github/workflows/test-e2e.yml |  4 ++--
 .github/workflows/test.yml     |  4 ++--
 Dockerfile                     |  4 ++--
 4 files changed, 30 insertions(+), 6 deletions(-)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..d659012
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,24 @@
+version: 2
+updates:
+- package-ecosystem: "gomod"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+
+- package-ecosystem: "docker"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  groups:
+    k8s:
+      patterns:
+      - "k8s.io/*"
+      - "sigs.k8s.io/*"
+    onsi:
+      patterns:
+      - "github.com/onsi/*"
diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml
index b3b66dc..9fc98c4 100644
--- a/.github/workflows/test-e2e.yml
+++ b/.github/workflows/test-e2e.yml
@@ -10,10 +10,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone the code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
 
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a
         with:
           go-version-file: 'go.mod'
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 07fbf7c..c4f3864 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -10,10 +10,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone the code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
 
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a
         with:
           go-version-file: 'go.mod'
 
diff --git a/Dockerfile b/Dockerfile
index 5c73c7f..7829743 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.23 AS builder
+FROM golang:1.23@sha256:7ea4c9dcb2b97ff8ee80a67db3d44f98c8ffa0d191399197007d8459c1453041 AS builder
 ARG TARGETOS
 ARG TARGETARCH
 
@@ -25,7 +25,7 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o ma
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM gcr.io/distroless/static:nonroot@sha256:6cd937e9155bdfd805d1b94e037f9d6a899603306030936a3b11680af0c2ed58
 WORKDIR /
 COPY --from=builder /workspace/manager .
 USER 65532:65532