Increase repo security by pinning actions to a commit SHA.
This commit is contained in:
		
							parent
							
								
									d6e1ddb265
								
							
						
					
					
						commit
						56a258a33f
					
				|  | @ -1,3 +1,14 @@ | |||
| # This workflow uses actions that are not certified by GitHub. | ||||
| # They are provided by a third-party and are governed by | ||||
| # separate terms of service, privacy policy, and support | ||||
| # documentation. | ||||
| 
 | ||||
| # GitHub recommends pinning actions to a commit SHA. | ||||
| # To get a newer version, you will need to update the SHA. | ||||
| # You can also reference a tag or branch, but the action may change without warning. | ||||
| 
 | ||||
| # Build a Docker image whenever it is pushed to master | ||||
| 
 | ||||
| name: Docker Image CI | ||||
| 
 | ||||
| on: | ||||
|  | @ -13,6 +24,6 @@ jobs: | |||
|     runs-on: ubuntu-latest | ||||
| 
 | ||||
|     steps: | ||||
|     - uses: actions/checkout@v3 | ||||
|     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||||
|     - name: Build the Docker image | ||||
|       run: docker build --pull . -f Dockerfile -t pairdrop | ||||
|  |  | |||
|  | @ -7,6 +7,8 @@ | |||
| # To get a newer version, you will need to update the SHA. | ||||
| # You can also reference a tag or branch, but the action may change without warning. | ||||
| 
 | ||||
| # Create a Docker image and push it to ghcr.io whenever a new version tag is pushed | ||||
| 
 | ||||
| name: GHCR Image CI | ||||
| 
 | ||||
| on: | ||||
|  | @ -27,16 +29,16 @@ jobs: | |||
| 
 | ||||
|     steps: | ||||
|       - name: Checkout repository | ||||
|         uses: actions/checkout@v3 | ||||
|         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||||
|          | ||||
|       - name: Setup qemu | ||||
|         uses: docker/setup-qemu-action@v2.1.0 | ||||
|         uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | ||||
| 
 | ||||
|       - name: Setup Docker Buildx | ||||
|         uses: docker/setup-buildx-action@v2.5.0 | ||||
|         uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | ||||
| 
 | ||||
|       - name: Log in to the Container registry | ||||
|         uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | ||||
|         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | ||||
|         with: | ||||
|           registry: ${{ env.REGISTRY }} | ||||
|           username: ${{ github.actor }} | ||||
|  | @ -44,12 +46,12 @@ jobs: | |||
| 
 | ||||
|       - name: Extract metadata (tags, labels) for Docker | ||||
|         id: meta | ||||
|         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | ||||
|         uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5.3.0 | ||||
|         with: | ||||
|           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||||
| 
 | ||||
|       - name: Build and push Docker image | ||||
|         uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc | ||||
|         uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 | ||||
|         with: | ||||
|           context: . | ||||
|           platforms: linux/amd64,linux/arm64 | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	 schlagmichdoch
						schlagmichdoch