Pin base image digests and add Renovate for automated updates
Renovate will open PRs automatically when debian:bookworm-slim or debian:sid-slim receive updates (e.g. security patches), keeping the container current without relying solely on scheduled rebuilds.
This commit is contained in:
Dan C Williams
parent
160d10da37
commit
82bd9081c8
3 changed files with 19 additions and 4 deletions
4
.github/workflows/build.yaml
vendored
4
.github/workflows/build.yaml
vendored
|
|
@ -98,9 +98,9 @@ jobs:
|
|||
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
|
||||
# debian:bookworm-slim has no riscv64 image; fall back to sid-slim for that platform
|
||||
if [ "$platform" = "linux/riscv64" ]; then
|
||||
echo "RUNTIME_IMAGE=debian:sid-slim" >> $GITHUB_ENV
|
||||
echo "RUNTIME_IMAGE=debian:sid-slim@sha256:a145cf2bc72431523b8f5d152e9cbcc20cfaeccdb7626802f5ce6fb31a6f58bb" >> $GITHUB_ENV
|
||||
else
|
||||
echo "RUNTIME_IMAGE=debian:bookworm-slim" >> $GITHUB_ENV
|
||||
echo "RUNTIME_IMAGE=debian:bookworm-slim@sha256:74a21da88cf4b2e8fde34558376153c5cd80b00ca81da2e659387e76524edc73" >> $GITHUB_ENV
|
||||
fi
|
||||
|
||||
- name: Set version
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue