sneak/upaas
1
0
Fork 0
Code Issues 14 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix: pin Docker images and Go tool versions (closes #118)

Browse Source 
- Pin golang:1.25-alpine to sha256:f6751d823c26342f9506c03797d2527668d095b0a15f1862cddb4d927a7a4ced
- Pin alpine:3.19 to sha256:6baf43584bcb78f2e5847d1de515f23499913ac9f12bdf834811a3145eb11ca1
- Pin golangci-lint to v2.10.1 (was @latest)
- Pin goimports to v0.42.0 (was @latest)

Go module verification via go.sum provides cryptographic hash checking,
so version pinning is sufficient for go install commands.
This commit is contained in:
user 2026-02-20 10:45:58 -08:00
parent ab526fc93d
commit 6d286faabd
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfile
View File

@ -1,11 +1,11 @@
# Build stage # Build stage
FROM golang:1.25-alpine AS builder FROM golang:1.25-alpine@sha256:f6751d823c26342f9506c03797d2527668d095b0a15f1862cddb4d927a7a4ced AS builder
RUN apk add --no-cache git make gcc musl-dev RUN apk add --no-cache git make gcc musl-dev
# Install golangci-lint v2 # Install golangci-lint v2
RUN go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest RUN go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.10.1
RUN go install golang.org/x/tools/cmd/goimports@latest RUN go install golang.org/x/tools/cmd/goimports@v0.42.0
WORKDIR /src WORKDIR /src
COPY go.mod go.sum ./ COPY go.mod go.sum ./
@ -20,7 +20,7 @@ RUN make check
RUN make build RUN make build
# Runtime stage # Runtime stage
FROM alpine:3.19 FROM alpine:3.19@sha256:6baf43584bcb78f2e5847d1de515f23499913ac9f12bdf834811a3145eb11ca1
RUN apk add --no-cache ca-certificates tzdata git openssh-client docker-cli RUN apk add --no-cache ca-certificates tzdata git openssh-client docker-cli