From b1e12c3f353f9c7baddf22b606333fc5961c74d3 Mon Sep 17 00:00:00 2001 From: kaitoyama Date: Wed, 3 Jun 2026 23:24:20 +0900 Subject: [PATCH 1/2] =?UTF-8?q?ci:=20GitHub=20Actions=20=E3=82=92=20SHA=20?= =?UTF-8?q?=E5=9B=BA=E5=AE=9A=20/=20lockfile=20=E5=B0=8A=E9=87=8D=E3=82=A4?= =?UTF-8?q?=E3=83=B3=E3=82=B9=E3=83=88=E3=83=BC=E3=83=AB=EF=BC=88=E6=8F=90?= =?UTF-8?q?=E6=A1=88=E3=83=BB=E8=87=AA=E5=8B=95=E7=94=9F=E6=88=90=EF=BC=89?= =?UTF-8?q?\n\nCo-Authored-By:=20Claude=20Opus=204.8=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build.yml | 8 ++++---- .github/workflows/release.yml | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e59906b..0b8402c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,8 +7,8 @@ jobs: name: Mod runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 with: go-version-file: "./go.mod" - run: go mod download @@ -20,8 +20,8 @@ jobs: env: CGO_ENABLED: "0" steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 with: go-version-file: "./go.mod" - run: go build diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e2ce103..0e136d3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,15 +15,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 with: go-version-file: "./go.mod" - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v6 + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 with: args: release --clean version: "~> v2" @@ -34,31 +34,31 @@ jobs: name: Build Docker Image runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Set IMAGE_TAG env run: echo "IMAGE_TAG=$(echo ${GITHUB_REF:11})" >> $GITHUB_ENV - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 with: platforms: all - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Show available platforms run: echo ${{ steps.buildx.outputs.platforms }} - name: Get lowercased owner name run: echo "REPO_OWNER=${GITHUB_REPOSITORY_OWNER@L}" >> $GITHUB_ENV - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ env.REPO_OWNER }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 with: context: . push: true From c1467f724b8ff4144c4d3c8b0892d169c7c6a137 Mon Sep 17 00:00:00 2001 From: kaitoyama Date: Wed, 3 Jun 2026 23:24:20 +0900 Subject: [PATCH 2/2] =?UTF-8?q?build:=20Docker=20=E3=83=99=E3=83=BC?= =?UTF-8?q?=E3=82=B9=E3=82=A4=E3=83=A1=E3=83=BC=E3=82=B8=E3=82=92=20digest?= =?UTF-8?q?=20=E5=9B=BA=E5=AE=9A=EF=BC=88=E6=8F=90=E6=A1=88=E3=83=BB?= =?UTF-8?q?=E8=87=AA=E5=8B=95=E7=94=9F=E6=88=90=EF=BC=89\n\nCo-Authored-By?= =?UTF-8?q?:=20Claude=20Opus=204.8=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 96b7f24..fb7da54 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$BUILDPLATFORM golang:1-alpine AS builder +FROM --platform=$BUILDPLATFORM golang:1-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS builder ENV CGO_ENABLED 0 @@ -18,7 +18,7 @@ ENV GOARCH=$TARGETARCH RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build \ go build -o /dev-ops-bot -ldflags="-s -w -X github.com/traPtitech/DevOpsBot/pkg/utils.version=$VERSION" . -FROM alpine:3 +FROM alpine:3@sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11 WORKDIR /work