Skip to content

Commit e373d6b

Browse files
paladepalade
authored
Pin golang and static-debian images to sha (#611)
1 parent ac9f0b2 commit e373d6b

6 files changed

Lines changed: 24 additions & 18 deletions

File tree

attestationstatus/Dockerfile

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
1-
# SPDX-FileCopyrightText: (C) 2025 Intel Corporation
1+
# SPDX-FileCopyrightText: (C) 2026 Intel Corporation
2+
#
23
# SPDX-License-Identifier: Apache-2.0
34

4-
FROM golang:1.26.1-bookworm AS build
5+
FROM golang:1.26.1-bookworm@sha256:ab3d6955bbc813a0f3fdf220c1d817dd89c0b3f283777db8ece4a32fe7858edd AS build
56

67
ENV GO111MODULE=on
78
ARG MAKE_TARGET=go-build
@@ -22,7 +23,7 @@ WORKDIR /go/src/github.com/open-edge-platform/infra-managers/attestationstatus/
2223

2324
RUN CGO_ENABLED=0 LABEL_REPO_URL=${REPO_URL} LABEL_VERSION=${VERSION} LABEL_REVISION=${REVISION} LABEL_BUILD_DATE=${BUILD_DATE} make ${MAKE_TARGET}
2425

25-
FROM gcr.io/distroless/static-debian12:nonroot
26+
FROM gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1
2627
# Run as non-privileged user
2728
USER nobody
2829

host/Dockerfile

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
1-
# SPDX-FileCopyrightText: (C) 2025 Intel Corporation
1+
# SPDX-FileCopyrightText: (C) 2026 Intel Corporation
2+
#
23
# SPDX-License-Identifier: Apache-2.0
34

4-
FROM golang:1.26.1-bookworm AS build
5+
FROM golang:1.26.1-bookworm@sha256:ab3d6955bbc813a0f3fdf220c1d817dd89c0b3f283777db8ece4a32fe7858edd AS build
56

67
ENV GO111MODULE=on
78
ARG MAKE_TARGET=go-build
@@ -23,7 +24,7 @@ WORKDIR /go/src/github.com/open-edge-platform/infra-managers/host/
2324

2425
RUN CGO_ENABLED=0 LABEL_REPO_URL=${REPO_URL} LABEL_VERSION=${VERSION} LABEL_REVISION=${REVISION} LABEL_BUILD_DATE=${BUILD_DATE} make ${MAKE_TARGET}
2526

26-
FROM gcr.io/distroless/static-debian12:nonroot
27+
FROM gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1
2728
# Run as non-privileged user
2829
USER nobody
2930

maintenance/Dockerfile

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
1-
# SPDX-FileCopyrightText: (C) 2025 Intel Corporation
1+
# SPDX-FileCopyrightText: (C) 2026 Intel Corporation
2+
#
23
# SPDX-License-Identifier: Apache-2.0
34

4-
FROM golang:1.26.1-bookworm AS build
5+
FROM golang:1.26.1-bookworm@sha256:ab3d6955bbc813a0f3fdf220c1d817dd89c0b3f283777db8ece4a32fe7858edd AS build
56

67
ENV GO111MODULE=on
78
ARG MAKE_TARGET=go-build
@@ -22,7 +23,7 @@ WORKDIR /go/src/github.com/open-edge-platform/infra-managers/maintenance/
2223

2324
RUN CGO_ENABLED=0 LABEL_REPO_URL=${REPO_URL} LABEL_VERSION=${VERSION} LABEL_REVISION=${REVISION} LABEL_BUILD_DATE=${BUILD_DATE} make ${MAKE_TARGET}
2425

25-
FROM gcr.io/distroless/static-debian12:nonroot
26+
FROM gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1
2627
# Run as non-privileged user
2728
USER nobody
2829

networking/Dockerfile

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
1-
# SPDX-FileCopyrightText: (C) 2025 Intel Corporation
1+
# SPDX-FileCopyrightText: (C) 2026 Intel Corporation
2+
#
23
# SPDX-License-Identifier: Apache-2.0
34

4-
FROM golang:1.26.1-bookworm AS build
5+
FROM golang:1.26.1-bookworm@sha256:ab3d6955bbc813a0f3fdf220c1d817dd89c0b3f283777db8ece4a32fe7858edd AS build
56

67
ENV GO111MODULE=on
78
ARG MAKE_TARGET=go-build
@@ -21,7 +22,7 @@ WORKDIR /go/src/github.com/open-edge-platform/infra-managers/networking
2122

2223
RUN CGO_ENABLED=0 LABEL_REPO_URL=${REPO_URL} LABEL_VERSION=${VERSION} LABEL_REVISION=${REVISION} LABEL_BUILD_DATE=${BUILD_DATE} make ${MAKE_TARGET}
2324

24-
FROM gcr.io/distroless/static-debian12:nonroot
25+
FROM gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1
2526
# Run as non-privileged user
2627
USER nobody
2728

os-resource/Dockerfile

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
1-
# SPDX-FileCopyrightText: (C) 2025 Intel Corporation
1+
# SPDX-FileCopyrightText: (C) 2026 Intel Corporation
2+
#
23
# SPDX-License-Identifier: Apache-2.0
34

4-
FROM golang:1.26.1-bookworm AS build
5+
FROM golang:1.26.1-bookworm@sha256:ab3d6955bbc813a0f3fdf220c1d817dd89c0b3f283777db8ece4a32fe7858edd AS build
56

67
SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
78

@@ -29,7 +30,7 @@ RUN CGO_ENABLED=0 TOOL_VERSION_CHECK=0 \
2930
make ${MAKE_TARGET}
3031

3132
# From: https://github.com/GoogleContainerTools/distroless
32-
FROM gcr.io/distroless/static-debian12:nonroot
33+
FROM gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1
3334

3435
# Run as non-privileged user
3536
USER nobody

telemetry/Dockerfile

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
1-
# SPDX-FileCopyrightText: (C) 2025 Intel Corporation
1+
# SPDX-FileCopyrightText: (C) 2026 Intel Corporation
2+
#
23
# SPDX-License-Identifier: Apache-2.0
34

4-
FROM golang:1.26.1-bookworm AS build
5+
FROM golang:1.26.1-bookworm@sha256:ab3d6955bbc813a0f3fdf220c1d817dd89c0b3f283777db8ece4a32fe7858edd AS build
56

67
ENV GO111MODULE=on
78
ARG MAKE_TARGET=go-build
@@ -23,7 +24,7 @@ WORKDIR /go/src/github.com/open-edge-platform/infra-managers/telemetry
2324

2425
RUN CGO_ENABLED=0 LABEL_REPO_URL=${REPO_URL} LABEL_VERSION=${VERSION} LABEL_REVISION=${REVISION} LABEL_BUILD_DATE=${BUILD_DATE} make ${MAKE_TARGET}
2526

26-
FROM gcr.io/distroless/static-debian12:nonroot
27+
FROM gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1
2728
# Run as non-privileged user
2829
USER nobody
2930

0 commit comments

Comments
 (0)