diff --git a/.woodpecker/build.yml b/.woodpecker/build.yml index 3010c9c..aff259d 100644 --- a/.woodpecker/build.yml +++ b/.woodpecker/build.yml @@ -3,7 +3,7 @@ depends_on: - lint steps: selfhosted_tag: - image: plugins/docker + image: plugins/docker@sha256:2f157400c2cb7de1b309b0f044f119375108218e54d38e1340e00b9f93abdefb settings: dockerfile: Dockerfile repo: registry.mgrote.net/mkdocs @@ -15,7 +15,7 @@ steps: - tag selfhosted_push: - image: plugins/docker + image: plugins/docker@sha256:2f157400c2cb7de1b309b0f044f119375108218e54d38e1340e00b9f93abdefb settings: dockerfile: Dockerfile repo: registry.mgrote.net/mkdocs diff --git a/.woodpecker/lint.yml b/.woodpecker/lint.yml index ba36496..1045cd3 100644 --- a/.woodpecker/lint.yml +++ b/.woodpecker/lint.yml @@ -1,7 +1,7 @@ --- steps: gitleaks: - image: zricethezav/gitleaks:latest + image: zricethezav/gitleaks:latest@sha256:6945c62ca019ead32bc337ab0c9fd055e98d82961765d38b7ccccc84dae95d0f commands: - gitleaks detect --no-git --verbose --source $CI_WORKSPACE when: @@ -10,7 +10,7 @@ steps: - tag hadolint: - image: hadolint/hadolint:latest-debian + image: hadolint/hadolint:latest-debian@sha256:9cef74a390694cdc01dd119cbba9adac5bb6671ce67d8d79eb7ec68f497a3684 commands: - hadolint Dockerfile when: @@ -19,7 +19,7 @@ steps: - tag shellcheck: - image: koalaman/shellcheck-alpine:stable + image: koalaman/shellcheck-alpine:stable@sha256:f73b035c8ebfc8a66ba54e07af5cc41e790cf41fff45317914b1ce677dd9cada commands: - "find . -name *.sh -exec shellcheck -x {} +" when: diff --git a/Dockerfile b/Dockerfile index f35bb8b..02ce2c7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM squidfunk/mkdocs-material:9.5.5 +FROM squidfunk/mkdocs-material:9.5.5@sha256:9aad7af2f62950826f57928e984ea8aa77a561f67b7f5fc251ced67d52a2a5fe # Beispiel; https://squidfunk.github.io/mkdocs-material/getting-started/ # hadolint ignore=DL3013