ci: pin Docker base images to SHA256 digests
Pin all FROM images in Dockerfile and dev/ci/Dockerfile to their current SHA256 manifest digests for reproducible builds. - rust:1.93-slim-trixie → @sha256:9663b80a... - busybox:latest → busybox:1.37@sha256:b3255e7d... - debian:trixie-slim → @sha256:f6e2cfac... - gcr.io/distroless/cc-debian13:nonroot → @sha256:84fcd3c2... - rust:1.92-slim → @sha256:bf3368a9... Closes #359 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
fettpl
parent
639032c952
commit
38f6339a83
2 changed files with 5 additions and 5 deletions
|
|
@ -1,6 +1,6 @@
|
|||
# syntax=docker/dockerfile:1.7
|
||||
|
||||
FROM rust:1.92-slim
|
||||
FROM rust:1.92-slim@sha256:bf3368a992915f128293ac76917ab6e561e4dda883273c8f5c9f6f8ea37a378e
|
||||
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue