diff --git a/taskcluster/docker/fetch/Dockerfile b/taskcluster/docker/fetch/Dockerfile index 4257c6d6d..c27c117d0 100644 --- a/taskcluster/docker/fetch/Dockerfile +++ b/taskcluster/docker/fetch/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:12-slim +FROM debian:12-slim@sha256:60eac759739651111db372c07be67863818726f754804b8707c90979bda511df LABEL maintainer="Release Engineering " ### Add worker user and setup its workspace. diff --git a/taskcluster/docker/index-task/Dockerfile b/taskcluster/docker/index-task/Dockerfile index 83264db3c..02191f842 100644 --- a/taskcluster/docker/index-task/Dockerfile +++ b/taskcluster/docker/index-task/Dockerfile @@ -1,4 +1,4 @@ -FROM node:18-alpine +FROM node:18-alpine@sha256:8d6421d663b4c28fd3ebc498332f249011d118945588d0a35cb9bc4b8ca09d9e ENV NODE_ENV production RUN mkdir /app diff --git a/taskcluster/docker/run-task/Dockerfile b/taskcluster/docker/run-task/Dockerfile index fd324bf8d..28b298d3f 100644 --- a/taskcluster/docker/run-task/Dockerfile +++ b/taskcluster/docker/run-task/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:13-slim +FROM debian:13-slim@sha256:28de0877c2189802884ccd20f15ee41c203573bd87bb6b883f5f46362d24c5c2 LABEL maintainer="Release Engineering " # Add worker user diff --git a/taskcluster/docker/skopeo/Dockerfile b/taskcluster/docker/skopeo/Dockerfile index f843b76ca..d9f098b2d 100644 --- a/taskcluster/docker/skopeo/Dockerfile +++ b/taskcluster/docker/skopeo/Dockerfile @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -FROM golang:1.14 as skopeo +FROM golang:1.14@sha256:1a7173b5b9a3af3e29a5837e0b2027e1c438fd1b83bbee8f221355087ad416d6 as skopeo WORKDIR /go/src/ RUN ["/usr/bin/git", "clone", "--no-checkout", "--depth=1", "--branch=v1.1.0", "https://github.com/containers/skopeo", "."] @@ -15,7 +15,7 @@ RUN ["/usr/local/go/bin/go", "build", \ "./cmd/skopeo"] -FROM golang:1.14 as umoci +FROM golang:1.14@sha256:1a7173b5b9a3af3e29a5837e0b2027e1c438fd1b83bbee8f221355087ad416d6 as umoci WORKDIR /go/src/ RUN ["/usr/bin/git", "clone", "--no-checkout", "--depth=1", "--branch=v0.4.6", "https://github.com/opencontainers/umoci", "."] @@ -27,7 +27,7 @@ RUN ["/usr/local/go/bin/go", "build", \ "./cmd/umoci"] -FROM debian:12-slim +FROM debian:12-slim@sha256:60eac759739651111db372c07be67863818726f754804b8707c90979bda511df MAINTAINER Release Engineering # %include-run-task diff --git a/template/{{cookiecutter.project_name}}/taskcluster/docker/linux/Dockerfile b/template/{{cookiecutter.project_name}}/taskcluster/docker/linux/Dockerfile index 40d2d6275..4e1786887 100644 --- a/template/{{cookiecutter.project_name}}/taskcluster/docker/linux/Dockerfile +++ b/template/{{cookiecutter.project_name}}/taskcluster/docker/linux/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:latest +FROM alpine:latest@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b # Add worker user RUN mkdir -p /builds && \