Skip to content

Commit 76fef15

Browse files
Patel230claude
andcommitted
fix(ci): correct security/docker action SHAs to valid release commits
The pinned SHAs for gosec / trivy-action / docker-* actions were invalid (not reachable refs), breaking CI. Repin to the exact commits behind their release tags (gosec v2.22.4, trivy v0.28.0, metadata v5.7.0, buildx v3.10.0, qemu v3.6.0). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
1 parent 58ab665 commit 76fef15

1 file changed

Lines changed: 4 additions & 4 deletions

File tree

.github/workflows/docker.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,10 +27,10 @@ jobs:
2727
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
2828

2929
- name: Set up QEMU
30-
uses: docker/setup-qemu-action@29109295f81e9208d7d86e7dce2983e2aca5ad12 # v3.6.0
30+
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
3131

3232
- name: Set up Docker Buildx
33-
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36773596c3112 # v3.10.0
33+
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
3434

3535
- name: Log in to GHCR
3636
if: github.event_name != 'pull_request'
@@ -42,7 +42,7 @@ jobs:
4242

4343
- name: Docker metadata
4444
id: meta
45-
uses: docker/metadata-action@902fa8ec7d6ecbea1f9daf56d2a234dc26bc6589 # v5.7.0
45+
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
4646
with:
4747
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
4848
tags: |
@@ -68,7 +68,7 @@ jobs:
6868
6969
- name: Scan image with Trivy
7070
if: github.event_name != 'pull_request'
71-
uses: aquasecurity/trivy-action@76071ef0d7ec797419534a1b7dc4a94af1a4f3f8 # v0.28.0
71+
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
7272
with:
7373
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}
7474
format: sarif

0 commit comments

Comments
 (0)