Skip to content

Commit fa4fe97

Browse files
committed
fix: force nightly Caddy rebuild through the correct cache key
Ensure the nightly image does not reuse a stale Caddy builder layer, which was allowing the published image to keep reporting Caddy 2.11.2 even after the Dockerfile pin moved to 2.11.3. This change corrects the Buildx cache exclusion input so the nightly pipeline actually rebuilds the Caddy stage before publishing and scanning the image. That prevents the supply-chain checks and GitHub security reporting from being fed an outdated binary.
1 parent f097d59 commit fa4fe97

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

.github/workflows/nightly-build.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -226,7 +226,7 @@ jobs:
226226
ALPINE_IMAGE=${{ steps.alpine.outputs.image }}
227227
cache-from: type=gha
228228
cache-to: type=gha,mode=max
229-
no-cache-filter: caddy-builder
229+
no-cache-filters: caddy-builder
230230
provenance: true
231231
sbom: true
232232

0 commit comments

Comments
 (0)