From 7bee88974a9e965e89753f0944f4929f241679d1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 16 Mar 2026 11:17:48 +0000 Subject: [PATCH] fix: pin AWF container images to specific firewall version Pull versioned Docker images using bare semver tags (OCI convention) instead of :latest to ensure reproducible builds, then tag them as :latest for backward compatibility with AWF. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- CHANGELOG.md | 7 +++++++ Cargo.lock | 2 +- Cargo.toml | 2 +- templates/base.yml | 16 ++++++++-------- 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b4b0f97a..a5eef341 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## [0.1.2](https://github.com/githubnext/ado-aw/compare/v0.1.1...v0.1.2) (2026-03-16) + + +### Bug Fixes + +* pin AWF container images to specific firewall version ([#30](https://github.com/githubnext/ado-aw/issues/30)) ([bb92c9c](https://github.com/githubnext/ado-aw/commit/bb92c9ccc6b5edbfa6b0ddeabca1cbe0cd39dd98)) + ## 0.1.0 (2026-03-13) diff --git a/Cargo.lock b/Cargo.lock index b2b41176..8c162740 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,7 +4,7 @@ version = 4 [[package]] name = "ado-aw" -version = "0.1.1" +version = "0.1.2" dependencies = [ "anyhow", "async-trait", diff --git a/Cargo.toml b/Cargo.toml index 6071c363..073a81f3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "ado-aw" -version = "0.1.1" +version = "0.1.2" edition = "2024" [dependencies] diff --git a/templates/base.yml b/templates/base.yml index 5fa51d43..7f48b7b3 100644 --- a/templates/base.yml +++ b/templates/base.yml @@ -193,10 +193,10 @@ jobs: displayName: "Download AWF (Agentic Workflow Firewall) v{{ firewall_version }}" - bash: | - docker pull ghcr.io/github/gh-aw-firewall/squid:v{{ firewall_version }} - docker pull ghcr.io/github/gh-aw-firewall/agent:v{{ firewall_version }} - docker tag ghcr.io/github/gh-aw-firewall/squid:v{{ firewall_version }} ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:v{{ firewall_version }} ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-firewall/squid:{{ firewall_version }} + docker pull ghcr.io/github/gh-aw-firewall/agent:{{ firewall_version }} + docker tag ghcr.io/github/gh-aw-firewall/squid:{{ firewall_version }} ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:{{ firewall_version }} ghcr.io/github/gh-aw-firewall/agent:latest displayName: "Pre-pull AWF container images (v{{ firewall_version }})" {{ prepare_steps }} @@ -354,10 +354,10 @@ jobs: displayName: "Download AWF (Agentic Workflow Firewall) v{{ firewall_version }}" - bash: | - docker pull ghcr.io/github/gh-aw-firewall/squid:v{{ firewall_version }} - docker pull ghcr.io/github/gh-aw-firewall/agent:v{{ firewall_version }} - docker tag ghcr.io/github/gh-aw-firewall/squid:v{{ firewall_version }} ghcr.io/github/gh-aw-firewall/squid:latest - docker tag ghcr.io/github/gh-aw-firewall/agent:v{{ firewall_version }} ghcr.io/github/gh-aw-firewall/agent:latest + docker pull ghcr.io/github/gh-aw-firewall/squid:{{ firewall_version }} + docker pull ghcr.io/github/gh-aw-firewall/agent:{{ firewall_version }} + docker tag ghcr.io/github/gh-aw-firewall/squid:{{ firewall_version }} ghcr.io/github/gh-aw-firewall/squid:latest + docker tag ghcr.io/github/gh-aw-firewall/agent:{{ firewall_version }} ghcr.io/github/gh-aw-firewall/agent:latest displayName: "Pre-pull AWF container images (v{{ firewall_version }})" - bash: |