From c85b2a8861f6e5be269289046593d8f72d71b503 Mon Sep 17 00:00:00 2001
From: Julien Gaucher <julien.gaucher@csgroup.eu>
Date: Thu, 26 Mar 2026 15:21:09 +0100
Subject: [PATCH] Use aquasecurity/trivy-action v0.35.0 with SHA

---
 .github/actions/publish-docker/action.yml |  2 +-
 .github/workflows/check-code-quality.yml  |  2 +-
 .python-version                           |  1 +
 .vscode/launch.json                       | 19 ++++++++++++-------
 4 files changed, 15 insertions(+), 9 deletions(-)
 create mode 100644 .python-version

diff --git a/.github/actions/publish-docker/action.yml b/.github/actions/publish-docker/action.yml
index fe9b510..cc637ad 100644
--- a/.github/actions/publish-docker/action.yml
+++ b/.github/actions/publish-docker/action.yml
@@ -83,7 +83,7 @@ runs:
         push: false # push after the security scans below
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
       with:
         image-ref: ${{ env.docker_image }}
         format: sarif
diff --git a/.github/workflows/check-code-quality.yml b/.github/workflows/check-code-quality.yml
index 6049241..f8ef7f9 100644
--- a/.github/workflows/check-code-quality.yml
+++ b/.github/workflows/check-code-quality.yml
@@ -73,7 +73,7 @@ jobs:
 
       - name: Run Trivy vulnerability scanner
         if: always()
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
         with:
           scan-type: fs
           ignore-unfixed: true
diff --git a/.python-version b/.python-version
new file mode 100644
index 0000000..d4b278f
--- /dev/null
+++ b/.python-version
@@ -0,0 +1 @@
+3.11.7
diff --git a/.vscode/launch.json b/.vscode/launch.json
index 2bbc2e2..5a2f235 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -1,13 +1,18 @@
 {
   "configurations": [
     {
-      "name": "Python Debugger: API Key Manager",
+      "name": "Python Debugger: Module",
       "type": "debugpy",
       "request": "launch",
-      "module": "app.main",
-      "env": { "PYTHONPATH": "${workspaceFolder}/" },
-      "justMyCode": false,
-      "console": "integratedTerminal"
-    }
+      "python": "/home/jgaucher/projects/rspy/github.hide/apikey-manager/venv/bin/python",
+      "module": "uvicorn",
+      "args": ["app.main:app", "--host", "localhost", "--port", "9998", "--reload", "--log-config=log_config.yaml"],
+      "env": {
+        "APIKM_OIDC_ENDPOINT": "https://iam.dev-rspy.esa-copernicus.eu",
+        "APIKM_OIDC_REALM": "rspy",
+        "APIKM_OIDC_CLIENT_ID": "fastapi_test",
+        "APIKM_OIDC_CLIENT_SECRET": "wXOuCrk5dpwStZQ9GTqUzevXr4dVq171",
+      }
+    },
   ]
-}
+}
\ No newline at end of file