Pin base image digests and add Renovate for automated updates
Renovate will open PRs automatically when debian:bookworm-slim or debian:sid-slim receive updates (e.g. security patches), keeping the container current without relying solely on scheduled rebuilds.
This commit is contained in:
Dan C Williams
parent
160d10da37
commit
82bd9081c8
3 changed files with 19 additions and 4 deletions
|
|
@ -1,10 +1,10 @@
|
|||
# ARG before any FROM is global and available in FROM instructions.
|
||||
# debian:bookworm-slim is the default; the workflow overrides to debian:sid-slim for riscv64
|
||||
# since bookworm has no riscv64 image.
|
||||
ARG RUNTIME_IMAGE=debian:bookworm-slim
|
||||
ARG RUNTIME_IMAGE=debian:bookworm-slim@sha256:74a21da88cf4b2e8fde34558376153c5cd80b00ca81da2e659387e76524edc73
|
||||
|
||||
# debian:sid-slim is required for the build stage to support riscv64 (golang:bookworm does not).
|
||||
FROM debian:sid-slim AS build
|
||||
FROM debian:sid-slim@sha256:a145cf2bc72431523b8f5d152e9cbcc20cfaeccdb7626802f5ce6fb31a6f58bb AS build
|
||||
|
||||
ARG version
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue