This is an automated email from the ASF dual-hosted git repository. wu-sheng pushed a commit to branch ci/allowlist-docker-actions in repository https://gitbox.apache.org/repos/asf/skywalking-horizon-ui.git
commit 290c463a4893dbf79423acae8a5326ec1cd82986 Author: Wu Sheng <[email protected]> AuthorDate: Thu Jun 18 19:12:13 2026 +0800 chore(ci): pin docker actions to the ASF-allow-listed SHAs ASF tightened the GitHub Actions allow-list, and the docker/setup-buildx-action and docker/login-action SHAs in publish-image.yaml are no longer permitted — the image-publish workflow now fails with "actions ... are not allowed in apache/skywalking-horizon-ui". Bump both to the SHAs the main apache/skywalking repo pins (vetted under the same enterprise allow-list): docker/setup-buildx-action 8d2750c → d7f5e7f5 (v4.1.0) docker/login-action c94ce9f → 650006c6 (v4.2.0) No behaviour change — same actions, allow-listed revisions. --- .github/workflows/publish-image.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish-image.yaml b/.github/workflows/publish-image.yaml index 7d69466..908abbe 100644 --- a/.github/workflows/publish-image.yaml +++ b/.github/workflows/publish-image.yaml @@ -207,10 +207,10 @@ jobs: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Log in to GHCR - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -251,10 +251,10 @@ jobs: TAG_NAME: ${{ needs.tags.outputs.tag_name }} steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Log in to GHCR - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -287,7 +287,7 @@ jobs: # across registries via the registry-to-registry mount API. - name: Log in to Docker Hub (release only) if: needs.tags.outputs.is_tag == 'true' - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_TOKEN }}
