From dd170964c70664e2793ceb7e990cf443d9b324ae Mon Sep 17 00:00:00 2001
From: Ivan Gabaldon <igabaldon@inetol.net>
Date: Fri, 8 Aug 2025 11:26:45 +0200
Subject: [mod] ci: strict(er) exec (#5099)

All actions are pulled using the version hash, versions are handled by
dependabot, and we'll have control over which actions get updated.

Replaces Trivy scanner with Docker Scout, we have recently begun analyzing the
images there, and the action will keep us in sync about the problems on GHCS
dashboard.
---
 .github/workflows/cleanup.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to '.github/workflows/cleanup.yml')

diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
index 32b34bd96..5041c69e2 100644
--- a/.github/workflows/cleanup.yml
+++ b/.github/workflows/cleanup.yml
@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: Prune
-        uses: snok/container-retention-policy@v3.0.0
+        uses: snok/container-retention-policy@4f22ef80902ad409ed55a99dc5133cc1250a0d03  # v3.0.0
         with:
           account: "${{ github.repository_owner }}"
           token: "${{ secrets.GITHUB_TOKEN }}"
-- 
cgit v1.2.3