centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-27 06:18:55 +07:00
Code Issues Packages Projects Releases Wiki Activity

chore: pin GitHub Actions to full commit SHA; lock npm exact versions

Browse Source 
All mutable action tags replaced with verified commit SHAs to prevent
supply-chain attacks via tag mutation. package.json ^ ranges replaced
with exact versions from package-lock.json.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
David Karlsson
2026-03-24 17:16:06 +01:00
parent 464a44a6e7
commit 00aefd5eae
8 changed files with 43 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/agent-writer.yml vendored
View File

@@ -13,16 +13,16 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
- name: Install dependencies
run: npm ci
- name: Run agent
uses: docker/cagent-action@latest
uses: docker/cagent-action@3a12dbd0c6cd7dda3d4e05f24f0143c9701456de # latest
timeout-minutes: 15
with:
agent: ./tech_writer.yml

18
.github/workflows/build.yml vendored
View File

@@ -25,13 +25,13 @@ jobs:
steps:
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
with:
version: ${{ env.SETUP_BUILDX_VERSION }}
driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
-
name: Build
uses: docker/bake-action@v7
uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7
with:
files: |
docker-bake.hcl
@@ -44,13 +44,13 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
-
name: Build
uses: docker/bake-action@v7
uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7
with:
source: .
files: |
@@ -58,7 +58,7 @@ jobs:
targets: release
-
name: Check Cloudfront config
uses: docker/bake-action@v7
uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7
with:
source: .
targets: aws-cloudfront-update
@@ -85,13 +85,13 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
-
name: Validate
uses: docker/bake-action@v7
uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7
with:
source: .
files: |

12
.github/workflows/deploy.yml vendored
View File

@@ -30,12 +30,12 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
with:
fetch-depth: 0
-
name: Set environment variables
uses: actions/github-script@v8
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
env:
INPUT_GITHUB-REF: ${{ github.ref }}
with:
@@ -52,13 +52,13 @@ jobs:
}
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
with:
version: ${{ env.SETUP_BUILDX_VERSION }}
driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
-
name: Build website
uses: docker/bake-action@v7
uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7
with:
source: .
files: |
@@ -68,7 +68,7 @@ jobs:
-
name: Configure AWS Credentials
if: ${{ env.DOCS_AWS_IAM_ROLE != '' }}
uses: aws-actions/configure-aws-credentials@v5
uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5
with:
role-to-assume: ${{ env.DOCS_AWS_IAM_ROLE }}
aws-region: ${{ env.DOCS_AWS_REGION }}
@@ -106,7 +106,7 @@ jobs:
-
name: Update Cloudfront config
if: ${{ env.DOCS_CLOUDFRONT_ID != '' }}
uses: docker/bake-action@v7
uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7
with:
source: .
files: |

4
.github/workflows/nightly-docs-scan.yml vendored
View File

@@ -28,7 +28,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v5
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
with:
fetch-depth: 1
@@ -55,7 +55,7 @@ jobs:
private_key: ${{ secrets.CAGENT_REVIEWER_APP_PRIVATE_KEY }}
- name: Run documentation scan
uses: docker/cagent-action@latest
uses: docker/cagent-action@3a12dbd0c6cd7dda3d4e05f24f0143c9701456de # latest
env:
GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }}
with:

2
.github/workflows/pr-review.yml vendored
View File

@@ -15,7 +15,7 @@ permissions:
jobs:
review:
uses: docker/cagent-action/.github/workflows/review-pr.yml@latest
uses: docker/cagent-action/.github/workflows/review-pr.yml@3a12dbd0c6cd7dda3d4e05f24f0143c9701456de # latest
secrets: inherit
with:
add-prompt-files: STYLE.md,COMPONENTS.md

4
.github/workflows/sync-cli-docs.yml vendored
View File

@@ -28,7 +28,7 @@ jobs:
steps:
-
name: Checkout docs repo
uses: actions/checkout@v5
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
with:
fetch-depth: 0
-
@@ -45,7 +45,7 @@ jobs:
echo "Docker CLI version: **$VERSION**" | tee -a "$GITHUB_STEP_SUMMARY"
-
name: Checkout docker/cli repo
uses: actions/checkout@v5
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
with:
repository: docker/cli
path: cli-source

10
.github/workflows/validate-upstream.yml vendored
View File

@@ -34,12 +34,12 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
with:
repository: docker/docs
-
name: Download data files
uses: actions/download-artifact@v5
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
if: ${{ inputs.data-files-id != '' && inputs.data-files-folder != '' }}
with:
name: ${{ inputs.data-files-id }}
@@ -51,7 +51,7 @@ jobs:
# that folder. If not, create a placeholder stub file for the data file.
name: Copy data files
if: ${{ inputs.data-files-id != '' && inputs.data-files-folder != '' }}
uses: actions/github-script@v8
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
script: |
const fs = require('fs');
@@ -84,13 +84,13 @@ jobs:
}
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
with:
version: ${{ env.SETUP_BUILDX_VERSION }}
driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
-
name: Validate
uses: docker/bake-action@v7
uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7
with:
source: .
files: |

30
package.json
View File

@@ -14,22 +14,22 @@
},
"homepage": "https://docs.docker.com/",
"dependencies": {
"@alpinejs/collapse": "^3.15.8",
"@alpinejs/focus": "^3.15.8",
"@alpinejs/persist": "^3.15.8",
"@floating-ui/dom": "^1.7.6",
"@material-symbols/svg-400": "^0.40.2",
"@tailwindcss/cli": "^4.2.1",
"@tailwindcss/typography": "^0.5.19",
"alpinejs": "^3.15.8",
"highlight.js": "^11.11.1",
"marked": "^17.0.4",
"tailwindcss": "^4.2.1"
"@alpinejs/collapse": "3.15.8",
"@alpinejs/focus": "3.15.8",
"@alpinejs/persist": "3.15.8",
"@floating-ui/dom": "1.7.6",
"@material-symbols/svg-400": "0.40.2",
"@tailwindcss/cli": "4.2.1",
"@tailwindcss/typography": "0.5.19",
"alpinejs": "3.15.8",
"highlight.js": "11.11.1",
"marked": "17.0.4",
"tailwindcss": "4.2.1"
},
"devDependencies": {
"markdownlint": "^0.40.0",
"prettier": "^3.8.1",
"prettier-plugin-go-template": "^0.0.15",
"prettier-plugin-tailwindcss": "^0.7.2"
"markdownlint": "0.40.0",
"prettier": "3.8.1",
"prettier-plugin-go-template": "0.0.15",
"prettier-plugin-tailwindcss": "0.7.2"
}
}