diff --git a/.github/actions/docker-run/action.yaml b/.github/actions/docker-run/action.yaml index 426862c2426..52eab9a43fb 100644 --- a/.github/actions/docker-run/action.yaml +++ b/.github/actions/docker-run/action.yaml @@ -6,7 +6,7 @@ inputs: required: true image: description: "The image to use" - default: "ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110" + default: "ghcr.io/wolfi-dev/sdk:latest@sha256:0261d1674ca81f0cbce1e813e9cd0dd9e8e0a91371b1e822fa6718582c3dd4bb" required: false workdir: description: "The images working directory" diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 478e1f4a875..55334463ad3 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -29,7 +29,7 @@ jobs: contents: read container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:0261d1674ca81f0cbce1e813e9cd0dd9e8e0a91371b1e822fa6718582c3dd4bb # TODO: Deprivilege options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined @@ -175,7 +175,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:0261d1674ca81f0cbce1e813e9cd0dd9e8e0a91371b1e822fa6718582c3dd4bb steps: - name: Harden Runner @@ -303,7 +303,7 @@ jobs: container: # NOTE: This step only signs and uploads, so it doesn't need any privileges - image: ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:0261d1674ca81f0cbce1e813e9cd0dd9e8e0a91371b1e822fa6718582c3dd4bb steps: - name: Harden Runner diff --git a/Makefile b/Makefile index 65e01078cf9..ad0dda94d0c 100644 --- a/Makefile +++ b/Makefile @@ -167,7 +167,7 @@ dev-container: -v "${PWD}:${PWD}" \ -w "${PWD}" \ -e SOURCE_DATE_EPOCH=0 \ - ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110 + ghcr.io/wolfi-dev/sdk:latest@sha256:0261d1674ca81f0cbce1e813e9cd0dd9e8e0a91371b1e822fa6718582c3dd4bb PACKAGES_CONTAINER_FOLDER ?= /work/packages # This target spins up a docker container that is helpful for testing local @@ -235,6 +235,6 @@ dev-container-wolfi: --mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \ --mount type=bind,source="$(TMP_REPOS_FILE)",destination="/etc/apk/repositories",readonly \ -w "$(PACKAGES_CONTAINER_FOLDER)" \ - ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110 + ghcr.io/wolfi-dev/sdk:latest@sha256:0261d1674ca81f0cbce1e813e9cd0dd9e8e0a91371b1e822fa6718582c3dd4bb @rm "$(TMP_REPOS_FILE)" @rmdir "$(TMP_REPOS_DIR)"