From decefa1974a929fde92952858c820bdcf3fba620 Mon Sep 17 00:00:00 2001
From: "renovate-sh-app[bot]"
 <219655108+renovate-sh-app[bot]@users.noreply.github.com>
Date: Thu, 18 Dec 2025 04:54:24 +0000
Subject: [PATCH] chore(deps): pin dependencies

Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
---
 .drone.yml               | 2 +-
 .github/workflows/ci.yml | 4 ++--
 Dockerfile               | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index d279f8f..89291db 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -4,7 +4,7 @@ type: docker
 name: docker-push
 steps:
 - name: docker
-  image: plugins/docker
+  image: plugins/docker@sha256:4e482ef91fb2695d658a85c60772d7f75f931e0883e23ec0954f0bc17ccc0663
   settings:
     auto_tag: true
     dockerfile: Dockerfile
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 37e3455..7a4198a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,12 +11,12 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
         with:
           persist-credentials: false
 
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2
         with:
           go-version: 1.24.2
       - name: Build
diff --git a/Dockerfile b/Dockerfile
index 459a1ef..bfbe77f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,11 +1,11 @@
-FROM golang:1.25.5 AS build
+FROM golang:1.25.5@sha256:36b4f45d2874905b9e8573b783292629bcb346d0a70d8d7150b6df545234818f AS build
 WORKDIR /src
 
 COPY . .
 RUN go mod download && \
     CGO_ENABLED=0 GOOS=linux go build -a -o app .
 
-FROM alpine:latest
+FROM alpine:latest@sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62
 
 RUN addgroup -g 1000 app && \
     adduser -u 1000 -h /app -G app -S app