Skip to content

Image digest update #94

Image digest update

Image digest update #94

Workflow file for this run

# Copyright 2026 Chainguard, Inc.
# SPDX-License-Identifier: Apache-2.0
name: Image digest update
on:
workflow_dispatch:
schedule:
- cron: "0 1 * * *"
permissions: {}
jobs:
image-update:
name: Image digest update
runs-on: ubuntu-latest
if: github.repository == 'chainguard-dev/malcontent'
permissions:
contents: read
id-token: write
steps:
- uses: step-security/harden-runner@bf7454d06d71f1098171f2acdf0cd4708d7b5920 # v2.20.0
with:
egress-policy: block
allowed-endpoints: >
*.blob.core.windows.net:443
*.githubapp.com:443
api.github.com:443
cgr.dev:443
fulcio.sigstore.dev:443
github.com:443
octo-sts.dev:443
rekor.sigstore.dev:443
release-assets.githubusercontent.com:443
tuf-repo-cdn.sigstore.dev:443
- uses: chainguard-dev/actions/setup-gitsign@f0be69916b439d0fcced2451b23d0f27cd46d545 # main
- uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1
id: octo-sts
with:
scope: ${{ github.repository }}
identity: digestabot
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
# zizmor: ignore[artipacked] - credentials needed for digestabot to push and create PRs
with:
token: ${{ steps.octo-sts.outputs.token }}
- uses: chainguard-dev/digestabot@33d0b78e580aa0c83fe188eb3dfad6611b662479 # v1.3.2
with:
token: ${{ steps.octo-sts.outputs.token }}
include-files: ".github/workflows/*.yaml"