ci: harden Dockerfile and workflow security

2026-05-08 12:01:28 +00:00 · 2026-03-11 06:49:10 +07:00
parent aa2b83e1f6
commit 91c1bc848e
3 changed files with 13 additions and 1 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -63,3 +63,5 @@ jobs:
          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max
          platforms: linux/amd64
+          provenance: false
+          sbom: false