0
0
Fork 0
mirror of https://github.com/atmoz/sftp.git synced 2024-11-24 12:59:24 -05:00

Using git sha tags does not make much sense

If you pin to one sha, you won't get security updates after new commits are made
This commit is contained in:
Adrian Dvergsdal 2020-07-19 23:01:41 +02:00
parent f406c062c0
commit e8a5d67e43
No known key found for this signature in database
GPG key ID: C1E9E2D9552A42D2

View file

@ -39,7 +39,6 @@ jobs:
--file=Dockerfile \
--tag="$IMAGE_NAME:latest" \
--tag="$IMAGE_NAME:debian" \
--tag="$IMAGE_NAME:debian-$GITHUB_SHA" \
--label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
--label="org.opencontainers.image.revision=$GITHUB_SHA" \
--label="org.opencontainers.image.created=$(date --rfc-3339=seconds)"
@ -53,7 +52,6 @@ jobs:
--pull=true \
--file=Dockerfile-alpine \
--tag="$IMAGE_NAME:alpine" \
--tag="$IMAGE_NAME:alpine-$GITHUB_SHA" \
--label="org.opencontainers.image.source=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
--label="org.opencontainers.image.revision=$GITHUB_SHA" \
--label="org.opencontainers.image.created=$(date --rfc-3339=seconds)"