ethiack · simao-silva · May 11, 2026 · May 11, 2026 · May 11, 2026
diff --git a/.github/configs/commitlint.config.js b/.github/configs/commitlint.config.js
diff --git a/.github/configs/commitlint.config.mjs b/.github/configs/commitlint.config.mjs
@@ -0,0 +1,9 @@
+export default {
+	extends: ['@commitlint/config-conventional'],
+	rules: {
+		'body-max-line-length': [1, 'always', 100], // warning
+		'header-max-length': [1, 'always', 100], // warning
+		'footer-max-line-length': [1, 'always', 100], // warning
+		'subject-case': [1, 'never', ['sentence-case', 'start-case', 'pascal-case', 'upper-case']], // warning
+	},
+}
diff --git a/.github/workflows/checks.base.yaml b/.github/workflows/checks.base.yaml
@@ -1,16 +1,17 @@
 name: Checks (base)
-  
+
 on:
-   workflow_call:
+  workflow_call:
 
 jobs:
   commitlint:
     name: (check) Commitlint
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
       - name: Run Commitlint
-        uses: wagoid/commitlint-github-action@v5
+        uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1
         with:
-          configFile: .github/configs/commitlint.config.js
+          configFile: .github/configs/commitlint.config.mjs
diff --git a/.github/workflows/checks.branches.yaml b/.github/workflows/checks.branches.yaml
@@ -2,9 +2,9 @@ name: Checks (branches)
 
 on:
   push:
-    branches-ignore:    
-    - main
-    - staging
+    branches-ignore:
+      - main
+      - staging
 
 jobs:
   checks:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -14,6 +14,7 @@ jobs:
   checks:
     name: Run Checks
     uses: ./.github/workflows/checks.base.yaml
+
   release:
     name: Release
     needs: checks
@@ -24,29 +25,34 @@ jobs:
       pull-requests: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
+
       - name: Generate GitHub App token
         id: app-token
         if: ${{ secrets.ETHIACK_RELEASE_BOT_APP_ID != '' && secrets.ETHIACK_RELEASE_BOT_APP_PRIVATE_KEY != '' }}
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
         with:
           app-id: ${{ secrets.ETHIACK_RELEASE_BOT_APP_ID }}
           private-key: ${{ secrets.ETHIACK_RELEASE_BOT_APP_PRIVATE_KEY }}
+
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
           node-version: "lts/*"
+
       - name: Install plugins
         run: >
           npm install -D
           @semantic-release/git
           @semantic-release/changelog
           conventional-changelog-conventionalcommits
           @saithodev/semantic-release-backmerge
+
       - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
         run: npm audit signatures
+
       - name: Release
         env:
           GITHUB_TOKEN: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}

diff --git a/.releaserc.yaml b/.releaserc.yaml
@@ -111,7 +111,7 @@ prepare:
 
   - path: "@semantic-release/git"
     message: "chore(release): release <%= nextRelease.version %> - <%= new Date().toLocaleDateString('en-US', {year: 'numeric', month: 'short', day: 'numeric', hour: 'numeric', minute: 'numeric' }) %> \n\n<%= nextRelease.notes %>"
-    assets: 
+    assets:
       - CHANGELOG.md
       - pyproject.toml
 

diff --git a/README.md b/README.md
@@ -70,7 +70,7 @@ To configure, navigate to your repository settings, select `Secrets and variable
 
 ### **Example:** *Launching a job and waiting for its conclusion*
 
-This pipeline launches a scan for the domain  `https://example.ethiack.com` and waits until it finishes (cf. `--wait` flag). If vulnerabilities with severity `medium` or higher are found, the success of the job is interpreted as failing, and this pipeline step will exit with a non-zero status code (cf. `--fail` flag).
+This pipeline launches a scan for the domain `https://example.ethiack.com` and waits until it finishes (cf. `--wait` flag). If vulnerabilities with severity `medium` or higher are found, the success of the job is interpreted as failing, and this pipeline step will exit with a non-zero status code (cf. `--fail` flag).
 
 ```yaml
 jobs:
@@ -138,7 +138,7 @@ This GitHub Action supports every command provided by [Ethiack's Job Manager Pac
 
 > The `url` input refers to the target Uniform Resource Locator (URL) of the service for which the command is run.
 
-> The `uuid` input refers to the Universal Unique Identifier (UUID) of the job for which the command is run.  
+> The `uuid` input refers to the Universal Unique Identifier (UUID) of the job for which the command is run.
 
 #### Optional Arguments
 > The behaviour of these commands can be customized with flags and additional parameters provided inn the `args:` variable in the workflow step (e.g., the `--fail` and `--severity` flags in the examples above). For more information regarding the available options and flags for each command, please refer to the [Job Manager Package](https://github.com/ethiack/job-manager).

diff --git a/action.yaml b/action.yaml
@@ -40,7 +40,7 @@ runs:
   using: 'composite'
   steps:
     - name: Set up Python
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
       with:
         python-version: '3.11'
 
@@ -56,7 +56,7 @@ runs:
       id: ethiack-run-command
       run: |
         # Run ethiack-job-manager
-        
+
         set +e # Disable exit on error
 
         # Prepare command
@@ -67,7 +67,7 @@ runs:
             COMMAND="$COMMAND ${{ inputs.args }}"
         fi
 
-        ## Add url input if needed 
+        ## Add url input if needed
         if [ "${{ inputs.command }}" = "launch" ] || [ "${{ inputs.command }}" = "check" ]; then
             if [ -n "${{ inputs.url }}" ]; then
                 COMMAND="$COMMAND ${{ inputs.url }}"
@@ -76,18 +76,21 @@ runs:
                 exit 1
             fi
         fi
+
         ## Add beacon_id input if provided for launch or check
         if [ "${{ inputs.command }}" = "launch" ] || [ "${{ inputs.command }}" = "check" ]; then
             if [ -n "${{ inputs.beacon_id }}" ]; then
                 COMMAND="$COMMAND --beacon-id ${{ inputs.beacon_id }}"
             fi
         fi
+
         ## Add event_slug input if provided for launch or check
         if [ "${{ inputs.command }}" = "launch" ] || [ "${{ inputs.command }}" = "check" ]; then
             if [ -n "${{ inputs.event_slug }}" ]; then
                 COMMAND="$COMMAND --event-slug ${{ inputs.event_slug }}"
             fi
         fi
+
         ## Add uuid input if needed
         if [ "${{ inputs.command }}" = "cancel" ] || [ "${{ inputs.command }}" = "info" ] || [ "${{ inputs.command }}" = "status" ] || [ "${{ inputs.command }}" = "success" ] || [ "${{ inputs.command }}" = "await" ]; then
             if [ -n "${{ inputs.uuid }}" ]; then
@@ -101,7 +104,7 @@ runs:
         # Run
         echo "[ETHIACK-JOB-MANAGER] Executing command: $COMMAND"
         RESPONSE=$($COMMAND)
-        EXIT_CODE=$? 
+        EXIT_CODE=$?
         echo "[ETHIACK-JOB-MANAGER] Response:"
         echo "$RESPONSE"
         echo "response<<EOF"$'\n'"$RESPONSE"$'\n'EOF >> $GITHUB_OUTPUT
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,9 +2,9 @@ name: Checks (branches) @@
     on:
       push:
-        branches-ignore:
-        - main
-        - staging
+        branches-ignore:
+          - main
+          - staging
     jobs:
       checks:
@@ Expand Down @@