This is an automated email from the ASF dual-hosted git repository.

wu-sheng pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-horizon-ui.git


The following commit(s) were added to refs/heads/main by this push:
     new ef66f70  chore(ci): pin docker actions to the ASF-allow-listed SHAs 
(#59)
ef66f70 is described below

commit ef66f70173970b165a0bf837d9219bfd4270a426
Author: 吴晟 Wu Sheng <[email protected]>
AuthorDate: Thu Jun 18 19:44:24 2026 +0800

    chore(ci): pin docker actions to the ASF-allow-listed SHAs (#59)
    
    ASF tightened the GitHub Actions allow-list, and the 
docker/setup-buildx-action
    and docker/login-action SHAs in publish-image.yaml are no longer permitted —
    the image-publish workflow now fails with "actions ... are not allowed in
    apache/skywalking-horizon-ui".
    
    Bump both to the SHAs the main apache/skywalking repo pins (vetted under the
    same enterprise allow-list):
      docker/setup-buildx-action  8d2750c → d7f5e7f5 (v4.1.0)
      docker/login-action         c94ce9f → 650006c6 (v4.2.0)
---
 .github/workflows/publish-image.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/publish-image.yaml 
b/.github/workflows/publish-image.yaml
index 7d69466..908abbe 100644
--- a/.github/workflows/publish-image.yaml
+++ b/.github/workflows/publish-image.yaml
@@ -207,10 +207,10 @@ jobs:
           persist-credentials: false
 
       - name: Set up Docker Buildx
-        uses: 
docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f
+        uses: 
docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
 
       - name: Log in to GHCR
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # 
v4.2.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -251,10 +251,10 @@ jobs:
       TAG_NAME: ${{ needs.tags.outputs.tag_name }}
     steps:
       - name: Set up Docker Buildx
-        uses: 
docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f
+        uses: 
docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
 
       - name: Log in to GHCR
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # 
v4.2.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -287,7 +287,7 @@ jobs:
       # across registries via the registry-to-registry mount API.
       - name: Log in to Docker Hub (release only)
         if: needs.tags.outputs.is_tag == 'true'
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # 
v4.2.0
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}

Reply via email to