diff --git a/.woodpecker/build.yml b/.woodpecker/build.yml index b85b01a..0296942 100644 --- a/.woodpecker/build.yml +++ b/.woodpecker/build.yml @@ -3,7 +3,7 @@ depends_on: - lint steps: docker_build_and_push_selfhosted: - image: thegeeklab/drone-docker-buildx:23 + image: thegeeklab/drone-docker-buildx:23@sha256:2c5226dfba416af189fa7ad18cb6fa307a483a08785c9bdbf172e590c450e5d7 privileged: true settings: dockerfile: Dockerfile @@ -23,7 +23,7 @@ steps: - tag docker_build_and_push_selfhosted_tag: - image: thegeeklab/drone-docker-buildx:23 + image: thegeeklab/drone-docker-buildx:23@sha256:2c5226dfba416af189fa7ad18cb6fa307a483a08785c9bdbf172e590c450e5d7 privileged: true settings: dockerfile: Dockerfile diff --git a/.woodpecker/lint.yml b/.woodpecker/lint.yml index 5ccac95..463384e 100644 --- a/.woodpecker/lint.yml +++ b/.woodpecker/lint.yml @@ -1,7 +1,7 @@ --- steps: gitleaks: - image: zricethezav/gitleaks:v8.18.0 + image: zricethezav/gitleaks:v8.18.0@sha256:e5f6d1a62786affd1abd882ecc73e9353ce78adea1650711f6e351767723712d commands: - gitleaks detect --no-git --verbose --source $CI_WORKSPACE when: @@ -9,7 +9,7 @@ steps: exclude: - tag hadolint: - image: pipelinecomponents/hadolint:0.25.9 + image: pipelinecomponents/hadolint:0.25.9@sha256:430e949e6554d56ffc2dd08898ee609c71822d7fa1033f7c4dc240e90f2aac23 commands: - hadolint Dockerfile when: diff --git a/Dockerfile b/Dockerfile index a8fa89d..85ee890 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3 AS builder +FROM alpine:3@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48 AS builder ARG MDNS_REPEATER_VERSION=local WORKDIR / COPY mdns-repeater.c mdns-repeater.c @@ -7,7 +7,7 @@ RUN set -ex && \ apk add --no-cache build-base && \ gcc -o /bin/mdns-repeater mdns-repeater.c -DMDNS_REPEATER_VERSION=\"${MDNS_REPEATER_VERSION}\" -FROM alpine:3 +FROM alpine:3@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48 # hadolint ignore=DL3018 RUN set -ex && \ apk add --no-cache vlan libcap bash