Skip to content

Commit 3b1c9b8

Browse files
laurentsimonlaurentsimon
authored
❇️ Pin our docker dependencies by hash (#468)
* check pinning in docker files * Pin our docker dependencies * Revert "check pinning in docker files" This reverts commit c05a500. * comments * typo * fix hashes
1 parent 90e1aeb commit 3b1c9b8

File tree

3 files changed

+6
-6
lines changed

3 files changed

+6
-6
lines changed

Dockerfile

+2-2
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
# limitations under the License.
1414

1515

16-
FROM golang:1.16.4 as base
16+
FROM golang:1.16.4@sha256:6f0b0a314b158ff6caf8f12d7f6f3a966500ec6afb533e986eca7375e2f7560f AS base
1717
WORKDIR /src
1818
ENV CGO_ENABLED=0
1919
COPY go.* ./
@@ -25,6 +25,6 @@ ARG TARGETOS
2525
ARG TARGETARCH
2626
RUN CGO_ENABLED=0 make build-scorecard
2727

28-
FROM gcr.io/distroless/base:nonroot
28+
FROM gcr.io/distroless/base:nonroot@sha256:bc84925113289d139a9ef2f309f0dd7ac46ea7b786f172ba9084ffdb4cbd9490
2929
COPY --from=build /src/scorecard /
3030
ENTRYPOINT [ "/scorecard" ]

cron/Dockerfile

+2-2
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
# limitations under the License.
1515

1616

17-
FROM golang:1.16.3 as base
17+
FROM golang:1.16.4@sha256:6f0b0a314b158ff6caf8f12d7f6f3a966500ec6afb533e986eca7375e2f7560f AS base
1818
WORKDIR /src
1919
ENV CGO_ENABLED=0
2020
COPY go.* ./
@@ -31,7 +31,7 @@ ARG TARGETOS
3131
ARG TARGETARCH
3232
RUN CGO_ENABLED=0 make build-cron
3333

34-
FROM gcr.io/google.com/cloudsdktool/cloud-sdk:slim
34+
FROM gcr.io/google.com/cloudsdktool/cloud-sdk:slim@sha256:acb34ca33bc83255110d16a749b0da618a96fcc481348ecfe614b3edcabdeaa6
3535
COPY ./cron/projects.txt /cron/projects.txt
3636
COPY --from=build /src/scorecard /
3737
COPY --from=cron /src/cron/scorecardcron ./cron/cron

gitcache/Dockerfile

+2-2
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414

1515
# syntax = docker/dockerfile:1-experimental
1616

17-
FROM golang:1.16 as base
17+
FROM golang:1.16.4@sha256:6f0b0a314b158ff6caf8f12d7f6f3a966500ec6afb533e986eca7375e2f7560f AS base
1818
WORKDIR /src
1919
ENV CGO_ENABLED=0
2020
COPY go.* ./
@@ -26,6 +26,6 @@ ARG TARGETOS
2626
ARG TARGETARCH
2727
RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 go build -a -tags netgo -ldflags '-w -extldflags "-static"' -o /out/gitblobcache .
2828

29-
FROM gcr.io/distroless/base:nonroot
29+
FROM gcr.io/distroless/base:nonroot@sha256:bc84925113289d139a9ef2f309f0dd7ac46ea7b786f172ba9084ffdb4cbd9490
3030
COPY --from=build /out/gitblobcache /
3131
ENTRYPOINT [ "/gitblobcache" ]

0 commit comments

Comments
 (0)