From d22309446756b0bfb9ff8452fcc2e7fd7cbe7749 Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Mon, 13 Oct 2025 18:49:15 +0200
Subject: [PATCH] Dockerfile: pin Debian trixie image, enable Dependabot

- pin Debian trixie Docker image to hash.
- set Dependabot to update the pin once every month.
- set Dependabot commit message prefixes to `GHA:` (to match curl).

Closes #1724
---
 .github/dependabot.yml          | 11 +++++++++++
 tests/openssh_server/Dockerfile |  3 ++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index bb6ca5f0..c8bade49 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -8,8 +8,19 @@ updates:
     directory: '/'
     schedule:
       interval: 'monthly'
+    commit-message:
+      prefix: 'GHA:'
 
   - package-ecosystem: 'pip'
     directory: '/.github/workflows'
     schedule:
       interval: 'monthly'
+    commit-message:
+      prefix: 'GHA:'
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: 'GHA:'
diff --git a/tests/openssh_server/Dockerfile b/tests/openssh_server/Dockerfile
index 4d6f6adc..22f75e37 100644
--- a/tests/openssh_server/Dockerfile
+++ b/tests/openssh_server/Dockerfile
@@ -1,7 +1,8 @@
 # Copyright (C) Alexander Lamaison <alexander.lamaison@gmail.com>
 # SPDX-License-Identifier: BSD-3-Clause
 
-FROM debian:stable-slim
+# To update, get the latest digest e.g. from https://hub.docker.com/_/debian/tags
+FROM debian:trixie-slim@sha256:c99c73388e005d98f2f131b15fa9389f2a8eec2888a35dc30455e5936467803b
 
 RUN apt-get update \
  && apt-get install -y openssh-server \