romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-16 20:16:22 +03:00
Code Issues Projects Releases Packages Wiki Activity

GHA: pin containers to hash (where missing)

Browse source 
Fixing this with zizmor v1.25.0:
```
error[unpinned-images]: unpinned image references
  --> .github/workflows/linux-old.yml:59:5
59 |     container: 'debian:stretch'
   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^ container image is not pinned to a SHA256 hash
   = help: audit documentation -> https://docs.zizmor.sh/audits/#unpinned-images
[...]
```
Ref: https://github.com/curl/curl/actions/runs/25890035949/job/76090925291?pr=21618

Sadly there is no automatic mechanism to bump them..

Also:
- replace `debian-stretch` with its slim variant.
- bump one of the two Alpine jobs from 3.20 to 3.23.4.

Closes #21619
This commit is contained in:
Viktor Szakats 2026-05-15 00:50:18 +02:00
parent cc5eb4aba9
commit ef068fc8b7
No known key found for this signature in database
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/linux-old.yml vendored
View file

@ -56,7 +56,7 @@ jobs:
cmake-autotools:
name: 'autotools & cmake'
runs-on: ubuntu-latest
container: 'debian:stretch'
container: debian:stretch-20220622-slim@sha256:c5cd3ffceeb25b683bf5111ea89bf8049a177e00fb237235d48076a19cc80097
steps:
- name: 'install prereqs'

6
.github/workflows/linux.yml vendored
View file

@ -440,15 +440,15 @@ jobs:
# https://ftpmirror.infania.net/slackware/slackware64-current/source/n/curl/curl.SlackBuild
configure: --enable-debug --without-ssl --with-libssh2 --with-gssapi --enable-ares --without-ca-bundle --with-ca-path=/etc/ssl/certs
# Docker Hub image that `container-job` executes in
container: 'andy5995/slackware-build-essential:15.0'
container: andy5995/slackware-build-essential:15.0@sha256:f4f2242999038a2c2deb4e5727187caaae92502a7daf8353068932621e1ec92f
- name: 'Alpine MUSL https-rr'
configure: --enable-debug --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl --enable-httpsrr --enable-ares --enable-threaded-resolver
container: 'alpine:3.20'
container: alpine:3.23@sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11 # 3.23.4
- name: 'Alpine MUSL https-rr c-ares'
configure: --enable-debug --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl --enable-httpsrr --enable-ares --disable-threaded-resolver
container: 'alpine:3.20'
container: alpine:3.20@sha256:d9e853e87e55526f6b2917df91a2115c36dd7c696a35be12163d44e6e2a4b6bc # 3.20.10
steps:
- name: 'install prereqs'