This is an automated email from the ASF dual-hosted git repository.
wu-sheng pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-java.git
The following commit(s) were added to refs/heads/main by this push:
new a9b0cf4ca1 Pin docker/login-action to an ASF-approved commit SHA (#811)
a9b0cf4ca1 is described below
commit a9b0cf4ca1a424dcd8b1cdad7beb6289465ea363
Author: 吴晟 Wu Sheng <[email protected]>
AuthorDate: Wed Jul 1 20:05:22 2026 +0800
Pin docker/login-action to an ASF-approved commit SHA (#811)
The ASF org-wide GitHub Actions allow-list requires third-party actions to
be
pinned to a reviewed commit SHA rather than a floating version tag.
publish-docker.yaml
referenced docker/[email protected], which the allow-list rejects. Pin
it to
650006c6eb7dba73a995cc03b0b2d7f5ca915bee (v4.2.0) — the same approved SHA
used by
the apache/skywalking repo and present in apache/infrastructure-actions'
approved_patterns.yml.
---
.github/workflows/publish-docker.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/publish-docker.yaml
b/.github/workflows/publish-docker.yaml
index 1eb75de778..13dd95e4ae 100644
--- a/.github/workflows/publish-docker.yaml
+++ b/.github/workflows/publish-docker.yaml
@@ -91,7 +91,7 @@ jobs:
docker info
echo "DOCKER_API_VERSION=$(docker version --format
'{{.Server.APIVersion}}')" >> "$GITHUB_ENV"
- name: Log in to the Container registry
- uses: docker/[email protected]
+ uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee #
v4.2.0
with:
registry: ${{ env.HUB }}
username: ${{ github.actor }}