diff --git a/.woodpecker/build.yml b/.woodpecker/build.yml index 65ae7d1..318658b 100644 --- a/.woodpecker/build.yml +++ b/.woodpecker/build.yml @@ -3,7 +3,7 @@ depends_on: - lint steps: selfhosted_tag: - image: plugins/docker + image: plugins/docker@sha256:2f157400c2cb7de1b309b0f044f119375108218e54d38e1340e00b9f93abdefb settings: dockerfile: Dockerfile repo: registry.mgrote.net/miniflux-filter @@ -15,7 +15,7 @@ steps: - tag selfhosted_push: - image: plugins/docker + image: plugins/docker@sha256:2f157400c2cb7de1b309b0f044f119375108218e54d38e1340e00b9f93abdefb settings: dockerfile: Dockerfile repo: registry.mgrote.net/miniflux-filter diff --git a/.woodpecker/lint.yml b/.woodpecker/lint.yml index 94ae16c..21d4ac5 100644 --- a/.woodpecker/lint.yml +++ b/.woodpecker/lint.yml @@ -1,7 +1,7 @@ --- steps: gitleaks: - image: zricethezav/gitleaks:latest + image: zricethezav/gitleaks:latest@sha256:6945c62ca019ead32bc337ab0c9fd055e98d82961765d38b7ccccc84dae95d0f commands: - gitleaks detect --no-git --verbose --source $CI_WORKSPACE when: @@ -9,7 +9,7 @@ steps: exclude: - tag hadolint: - image: hadolint/hadolint:latest-debian + image: hadolint/hadolint:latest-debian@sha256:9cef74a390694cdc01dd119cbba9adac5bb6671ce67d8d79eb7ec68f497a3684 commands: - hadolint Dockerfile when: diff --git a/Dockerfile b/Dockerfile index e5fffab..c303d72 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:20231219 +FROM alpine:20231219@sha256:9f867dc20de5aa9690c5ef6c2c81ce35a918c0007f6eac27df90d3166eaa5cc0 # hadolint ignore=DL3018 RUN apk add --no-cache \ diff --git a/docker-compose.yml b/docker-compose.yml index c7f4892..b6392bd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,6 +9,6 @@ services: - MF_API_URL=https://miniflux.[...].net/v1 - MF_SLEEP=60 #- MF_DEBUG=1 - image: quotengrote/miniflux-filter:latest + image: quotengrote/miniflux-filter:latest@sha256:a99744babfb63fa4566db0ed0219fbffe7580d5dae20b2b018a3bdc8d05aa0c5 volumes: - ./filter.txt:/data/filter.txt