This is an automated email from the ASF dual-hosted git repository. wu-sheng pushed a commit to branch fix-docker-login-action-pin in repository https://gitbox.apache.org/repos/asf/skywalking-cli.git
commit 4a0a3cbf026fac314de82170463c5c24e97349d6 Author: Wu Sheng <[email protected]> AuthorDate: Wed Jun 3 15:10:04 2026 +0800 Pin docker/login-action to an approved commit SHA The ASF GitHub Actions policy only allows third-party actions pinned to an allowed commit SHA, so `docker/[email protected]` is rejected. Pin it to `c94ce9fb468520275223c153574b00df6fe4bcc9`, the same revision the apache/skywalking workflows use. The inputs (registry/username/password) are unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> --- .github/workflows/publish-docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-docker.yaml b/.github/workflows/publish-docker.yaml index 3030c85..e72414a 100644 --- a/.github/workflows/publish-docker.yaml +++ b/.github/workflows/publish-docker.yaml @@ -45,7 +45,7 @@ jobs: with: go-version: "1.26" - name: Log in to the Container registry - uses: docker/[email protected] + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 with: registry: ${{ env.HUB }} username: ${{ github.actor }}
