gitea_admin/ci-templates
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

harden: pin container image digest, document ARM64 QEMU trade-offs

Browse Source 
- Pin catthehacker/ubuntu:act-22.04 to digest sha256:52581951... to
  prevent supply-chain drift from mutable tags
- Add ARM64 builds section to README documenting QEMU emulation
  trade-offs and when to switch to native ARM64 runners (Rust builds)
- Update Notes section to reference new ARM64 docs and digest pinning

Ref: CON-578
This commit is contained in:
Platform Engineer
2026-03-31 20:03:29 +03:00
parent 290b9a9eb9
commit 6df68e0495
2 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/build-push.yaml
View File

@@ -49,7 +49,7 @@ jobs:
name: Build & Push
runs-on: ${{ inputs.runner }}
container:
image: catthehacker/ubuntu:act-22.04
image: catthehacker/ubuntu:act-22.04@sha256:52581951350bf4f1137d44883626850bdfa35a8e5318b95dcb22226caece3bc9
options: --privileged
outputs:
image-tag: ${{ steps.tag.outputs.tag }}