Increase repo security by pinning actions to a commit SHA.
This commit is contained in:
		
							parent
							
								
									d6e1ddb265
								
							
						
					
					
						commit
						56a258a33f
					
				|  | @ -1,3 +1,14 @@ | ||||||
|  | # This workflow uses actions that are not certified by GitHub. | ||||||
|  | # They are provided by a third-party and are governed by | ||||||
|  | # separate terms of service, privacy policy, and support | ||||||
|  | # documentation. | ||||||
|  | 
 | ||||||
|  | # GitHub recommends pinning actions to a commit SHA. | ||||||
|  | # To get a newer version, you will need to update the SHA. | ||||||
|  | # You can also reference a tag or branch, but the action may change without warning. | ||||||
|  | 
 | ||||||
|  | # Build a Docker image whenever it is pushed to master | ||||||
|  | 
 | ||||||
| name: Docker Image CI | name: Docker Image CI | ||||||
| 
 | 
 | ||||||
| on: | on: | ||||||
|  | @ -13,6 +24,6 @@ jobs: | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
| 
 | 
 | ||||||
|     steps: |     steps: | ||||||
|     - uses: actions/checkout@v3 |     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||||||
|     - name: Build the Docker image |     - name: Build the Docker image | ||||||
|       run: docker build --pull . -f Dockerfile -t pairdrop |       run: docker build --pull . -f Dockerfile -t pairdrop | ||||||
|  |  | ||||||
|  | @ -7,6 +7,8 @@ | ||||||
| # To get a newer version, you will need to update the SHA. | # To get a newer version, you will need to update the SHA. | ||||||
| # You can also reference a tag or branch, but the action may change without warning. | # You can also reference a tag or branch, but the action may change without warning. | ||||||
| 
 | 
 | ||||||
|  | # Create a Docker image and push it to ghcr.io whenever a new version tag is pushed | ||||||
|  | 
 | ||||||
| name: GHCR Image CI | name: GHCR Image CI | ||||||
| 
 | 
 | ||||||
| on: | on: | ||||||
|  | @ -27,16 +29,16 @@ jobs: | ||||||
| 
 | 
 | ||||||
|     steps: |     steps: | ||||||
|       - name: Checkout repository |       - name: Checkout repository | ||||||
|         uses: actions/checkout@v3 |         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||||||
|          |          | ||||||
|       - name: Setup qemu |       - name: Setup qemu | ||||||
|         uses: docker/setup-qemu-action@v2.1.0 |         uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | ||||||
| 
 | 
 | ||||||
|       - name: Setup Docker Buildx |       - name: Setup Docker Buildx | ||||||
|         uses: docker/setup-buildx-action@v2.5.0 |         uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | ||||||
| 
 | 
 | ||||||
|       - name: Log in to the Container registry |       - name: Log in to the Container registry | ||||||
|         uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 |         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | ||||||
|         with: |         with: | ||||||
|           registry: ${{ env.REGISTRY }} |           registry: ${{ env.REGISTRY }} | ||||||
|           username: ${{ github.actor }} |           username: ${{ github.actor }} | ||||||
|  | @ -44,12 +46,12 @@ jobs: | ||||||
| 
 | 
 | ||||||
|       - name: Extract metadata (tags, labels) for Docker |       - name: Extract metadata (tags, labels) for Docker | ||||||
|         id: meta |         id: meta | ||||||
|         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 |         uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5.3.0 | ||||||
|         with: |         with: | ||||||
|           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} |           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||||||
| 
 | 
 | ||||||
|       - name: Build and push Docker image |       - name: Build and push Docker image | ||||||
|         uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc |         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 | ||||||
|         with: |         with: | ||||||
|           context: . |           context: . | ||||||
|           platforms: linux/amd64,linux/arm64 |           platforms: linux/amd64,linux/arm64 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	 schlagmichdoch
						schlagmichdoch