Skip to content

ci: use shasum for action and images#97

Merged
NicolasCARPi merged 3 commits into
masterfrom
elsa/260403-ci-shasum
Apr 3, 2026
Merged

ci: use shasum for action and images#97
NicolasCARPi merged 3 commits into
masterfrom
elsa/260403-ci-shasum

Conversation

@eltouma
Copy link
Copy Markdown
Collaborator

@eltouma eltouma commented Apr 3, 2026
edited by coderabbitai Bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated CI workflows to pin referenced actions to specific, immutable releases for more reliable builds.
    • Updated container build configuration to pin base images by content digest to ensure reproducible, deterministic images.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 3, 2026
edited
Loading

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Free

Run ID: a3b14d2d-c5d4-4eae-b256-25069159f649

📥 Commits

Reviewing files that changed from the base of the PR and between d7dee87 and 3b500e9.

📒 Files selected for processing (1)
  • .github/workflows/push_to_registry.yml
✅ Files skipped from review due to trivial changes (1)
  • .github/workflows/push_to_registry.yml
📝 Walkthrough

Walkthrough

CI/CD workflows and Docker build stages were updated to pin upstream references: GitHub Actions uses: entries now point to specific commit SHAs, and Dockerfile base images are locked to image digests. No functional workflow logic or build arguments were changed.

Changes

Cohort / File(s) Summary
GitHub Actions Workflows
.github/workflows/push_to_registry.yml, .github/workflows/release.yml		 Replaced action tags with pinned commit SHAs for actions/checkout, docker/setup-buildx-action, docker/login-action, and docker/build-push-action. No changes to step inputs, job logic, or build/push configuration.
Docker Build Configuration
Dockerfile		 Base images for build stages updated from tag-only references to digest-pinned references (e.g., node:23-alpine@sha256:..., golang:1.24-alpine@sha256:...). Build steps and artifacts unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped through lines of YAML bright,

Pinned shas and digests snug and tight,
No drifting tags to make me fret,
Repro builds — a perfect set,
Thump-thump, I celebrate the light!

Note

🎁 Summarized by CodeRabbit Free

Your organization is on the Free plan. CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please upgrade your subscription to CodeRabbit Pro by visiting https://app.coderabbit.ai/login.

Comment @coderabbitai help to get the list of available commands and usage tips.

@NicolasCARPi NicolasCARPi merged commit a9bc8f4 into master Apr 3, 2026
3 checks passed
@NicolasCARPi NicolasCARPi deleted the elsa/260403-ci-shasum branch April 3, 2026 19:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NicolasCARPi NicolasCARPi NicolasCARPi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eltouma @NicolasCARPi