Merge pull request 'ci(bluebuild): pin blue-build/github-action to commit SHA' (#6) from feat/a1-bluebuild-pin into v0.7-bluebuild-spike
Some checks failed
Build veilor-os OCI (BlueBuild) / Build + sign + push OCI (push) Failing after 0s
Some checks failed
Build veilor-os OCI (BlueBuild) / Build + sign + push OCI (push) Failing after 0s
This commit is contained in:
commit
420bc08ecd
1 changed files with 4 additions and 4 deletions
8
.github/workflows/build-bluebuild.yml
vendored
8
.github/workflows/build-bluebuild.yml
vendored
|
|
@ -57,12 +57,12 @@ jobs:
|
||||||
df -h
|
df -h
|
||||||
|
|
||||||
# BlueBuild action wraps: image build, cosign sign (keyless via
|
# BlueBuild action wraps: image build, cosign sign (keyless via
|
||||||
# Sigstore), GHCR push. To pin to a commit SHA in a follow-up
|
# Sigstore), GHCR push. Pinned to a commit SHA per CI hardening
|
||||||
# once the workflow shape stabilises (CI hardening agent 8,
|
# agent 8 (2026-05-05 wave). The trailing comment records the
|
||||||
# 2026-05-05 wave).
|
# tag the SHA resolved from, so future bumps stay legible.
|
||||||
- name: Build + push veilor-os OCI
|
- name: Build + push veilor-os OCI
|
||||||
id: bluebuild
|
id: bluebuild
|
||||||
uses: blue-build/github-action@v1
|
uses: blue-build/github-action@24d146df25adc2cf579e918efe2d9bff6adea408 # v1
|
||||||
with:
|
with:
|
||||||
recipe: bluebuild/recipe.yml
|
recipe: bluebuild/recipe.yml
|
||||||
registry_token: ${{ secrets.GITHUB_TOKEN }}
|
registry_token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue