From 776fa26af0e05d669c5b2dea346ce87fa9f046e6 Mon Sep 17 00:00:00 2001
From: Simon Templer <simon@wetransform.to>
Date: Tue, 26 Mar 2024 15:45:17 +0100
Subject: [PATCH 1/2] ci: attempt to fix trivy-action update w/ renovate

---
 .github/renovate.json5 | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/renovate.json5 b/.github/renovate.json5
index 6fb09f7..2e6c29d 100644
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -15,12 +15,12 @@
     "renovate/{{updateType}}",
   ],
   packageRules: [
-    {
+    /*{
       description: "Ignore frequent renovate updates",
       enabled: false,
       matchPackageNames: ["renovatebot/github-action"],
       matchUpdateTypes: ["patch"],
-    },
+    },*/
     {
       description: "Update renovatebot/github-action minor updates on Sundays",
       matchPackageNames: ["renovatebot/github-action"],
@@ -30,9 +30,9 @@
     {
       description: "Update to action dependencies use fix commits to trigger a release",
       matchFileNames: ["action.yml"],
-      // semanticCommitType: "fix",
+      semanticCommitType: "fix",
       // extends: [":semanticCommitType(fix)"]
-      extends: [":semanticCommitTypeAll(fix)"]
+      // extends: [":semanticCommitTypeAll(fix)"]
     },
   ],
   prBodyTemplate: "{{{table}}}{{{notes}}}{{{changelogs}}}",
@@ -73,5 +73,5 @@ semver-coerced\
 {{/if}}"
     },
   ],
-  separateMinorPatch: false,
+  separateMinorPatch: true,
 }

From a61630216913424650163b853b4f609431670eaa Mon Sep 17 00:00:00 2001
From: Simon Templer <simon@wetransform.to>
Date: Tue, 26 Mar 2024 15:53:20 +0100
Subject: [PATCH 2/2] WIP

---
 .github/renovate.json5 | 2 +-
 action.yml             | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/renovate.json5 b/.github/renovate.json5
index 2e6c29d..2cd3222 100644
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -2,7 +2,7 @@
   $schema: "https://docs.renovatebot.com/renovate-schema.json",
   extends: [ // default presets see https://docs.renovatebot.com/presets-default/
     "config:recommended",
-    "helpers:pinGitHubActionDigestsToSemver",
+    // "helpers:pinGitHubActionDigestsToSemver",
     "security:openssf-scorecard",
     ":disableDependencyDashboard",
     ":disableRateLimiting",
diff --git a/action.yml b/action.yml
index f4fce96..542606a 100644
--- a/action.yml
+++ b/action.yml
@@ -52,7 +52,7 @@ runs:
 
       # https://github.com/aquasecurity/trivy-action
     - name: Scan Docker image for critical vulnerabilities
-      uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0
+      uses: aquasecurity/trivy-action@0.12.0
       if: "${{ inputs.junit-test-output != '' || inputs.create-test-report }}"
       with:
         image-ref: '${{ inputs.image-ref }}'
@@ -77,7 +77,7 @@ runs:
           echo "REPORT_FILENAME=$VALID_FILENAME" >> $GITHUB_ENV
 
     - name: Create vulnerability report as HTML
-      uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0
+      uses: aquasecurity/trivy-action@0.12.0
       with:
         image-ref: '${{ inputs.image-ref }}'
         scan-type: "${{ inputs.image-ref != '' && 'image' || 'fs' }}"
@@ -97,7 +97,7 @@ runs:
       run: |
         cp ${GITHUB_ACTION_PATH}/summary.tpl ./trivy-summary.tpl
     - name: Create summary on vulnerabilities
-      uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0
+      uses: aquasecurity/trivy-action@0.12.0
       with:
         image-ref: '${{ inputs.image-ref }}'
         scan-type: "${{ inputs.image-ref != '' && 'image' || 'fs' }}"