From cfa112683673795af0fbba90510b96566763dd8f Mon Sep 17 00:00:00 2001
From: k-matsuzawa <matsuzawa@cryptogarage.co.jp>
Date: Mon, 5 Jan 2026 12:26:19 +0900
Subject: [PATCH] feat: update ci and tool

---
 .github/dependabot.yml                    |  2 ++
 .github/workflows/create-docker-image.yml | 10 ++++++----
 Taskfile.yml                              |  8 ++++----
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e6a2dc1..090b4bf 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -10,6 +10,8 @@ updates:
       - '.github/**/*'
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 3
     groups:
       dependencies:
         patterns:
diff --git a/.github/workflows/create-docker-image.yml b/.github/workflows/create-docker-image.yml
index 90a8fc4..daa7d9d 100644
--- a/.github/workflows/create-docker-image.yml
+++ b/.github/workflows/create-docker-image.yml
@@ -17,7 +17,9 @@ jobs:
     timeout-minutes: 30
     permissions:
       contents: read
-      pull-requests: write
+      packages: write
+      attestations: write
+      id-token: write
 
     steps:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
@@ -28,7 +30,7 @@ jobs:
         uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
         with:
           # list of Docker images to use as base name for tags
-          images: name=${{env.IMAGE_BASE_NAME}}
+          images: ${{env.IMAGE_BASE_NAME}}
           # generate Docker tags based on the following events/attributes
           tags: |
             type=ref,event=tag
@@ -43,8 +45,8 @@ jobs:
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
-          username: ${{ secrets.CR_USER_NAME }}
-          password: ${{ secrets.CR_PAT }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build and push
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
diff --git a/Taskfile.yml b/Taskfile.yml
index 1adbb7c..516158d 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -6,9 +6,9 @@ tasks:
       - task: :hadolint
   gha-lint:
     vars:
-      PINACT_VERSION: v3.4.4
-      ACTIONLINT_VERSION: v1.7.8
-      GHALINT_VERSION: v1.5.3
+      PINACT_VERSION: latest
+      ACTIONLINT_VERSION: latest
+      GHALINT_VERSION: latest
     cmds:
       - go run github.com/suzuki-shunsuke/pinact/v3/cmd/pinact@{{.PINACT_VERSION}} run
       - go run github.com/rhysd/actionlint/cmd/actionlint@{{.ACTIONLINT_VERSION}}
@@ -19,6 +19,6 @@ tasks:
       - docker run --rm -i -v {{.TASK_DIR}}/.hadolint.yml:/.config/hadolint.yaml ghcr.io/hadolint/hadolint < arm64.dockerfile
   format:
     vars:
-      YAMLFMT_VERSION: v0.20.0
+      YAMLFMT_VERSION: latest
     cmds:
       - go run github.com/google/yamlfmt/cmd/yamlfmt@{{.YAMLFMT_VERSION}}