.github/workflows/build-iso.yml

@@ -43,7 +43,9 @@ jobs:
       - name: Run build inside Fedora 43 container
         uses: addnab/docker-run-action@v3
         with:
-          image: registry.fedoraproject.org/fedora:43
+          # Pinned to digest from `skopeo inspect --raw` on 2026-05-06.
+          # Refresh by re-running skopeo against fedora:43 and bumping.
+          image: registry.fedoraproject.org/fedora:43@sha256:72e874e771b953c6357c7a5823c6fc1e3e3253b90121e795febe01380e32269b
           options: |
             --privileged
             -v ${{ github.workspace }}:/work