This is an automated email from the ASF dual-hosted git repository.
wu-sheng pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-horizon-ui.git
The following commit(s) were added to refs/heads/main by this push:
new ef66f70 chore(ci): pin docker actions to the ASF-allow-listed SHAs
(#59)
ef66f70 is described below
commit ef66f70173970b165a0bf837d9219bfd4270a426
Author: 吴晟 Wu Sheng <[email protected]>
AuthorDate: Thu Jun 18 19:44:24 2026 +0800
chore(ci): pin docker actions to the ASF-allow-listed SHAs (#59)
ASF tightened the GitHub Actions allow-list, and the
docker/setup-buildx-action
and docker/login-action SHAs in publish-image.yaml are no longer permitted —
the image-publish workflow now fails with "actions ... are not allowed in
apache/skywalking-horizon-ui".
Bump both to the SHAs the main apache/skywalking repo pins (vetted under the
same enterprise allow-list):
docker/setup-buildx-action 8d2750c → d7f5e7f5 (v4.1.0)
docker/login-action c94ce9f → 650006c6 (v4.2.0)
---
.github/workflows/publish-image.yaml | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/publish-image.yaml
b/.github/workflows/publish-image.yaml
index 7d69466..908abbe 100644
--- a/.github/workflows/publish-image.yaml
+++ b/.github/workflows/publish-image.yaml
@@ -207,10 +207,10 @@ jobs:
persist-credentials: false
- name: Set up Docker Buildx
- uses:
docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f
+ uses:
docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
- name: Log in to GHCR
- uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
+ uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee #
v4.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -251,10 +251,10 @@ jobs:
TAG_NAME: ${{ needs.tags.outputs.tag_name }}
steps:
- name: Set up Docker Buildx
- uses:
docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f
+ uses:
docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
- name: Log in to GHCR
- uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
+ uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee #
v4.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -287,7 +287,7 @@ jobs:
# across registries via the registry-to-registry mount API.
- name: Log in to Docker Hub (release only)
if: needs.tags.outputs.is_tag == 'true'
- uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
+ uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee #
v4.2.0
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}