diff --git a/tekton/customtask-release-pipeline.yaml b/tekton/customtask-release-pipeline.yaml index 524cffdc8..ce29129dd 100644 --- a/tekton/customtask-release-pipeline.yaml +++ b/tekton/customtask-release-pipeline.yaml @@ -172,7 +172,7 @@ spec: description: The full URL of the release file (no tag) in the bucket steps: - name: create-results - image: alpine + image: docker.io/library/alpine:3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d script: | echo "$(params.releaseBucket)/previous/$(params.versionTag)/release.yaml" > $(results.release.path) echo "$(params.releaseBucket)/previous/$(params.versionTag)/release.notag.yaml" > $(results.release-no-tag.path) diff --git a/tekton/publish-customtask.yaml b/tekton/publish-customtask.yaml index 9119ae964..8cd74abf9 100644 --- a/tekton/publish-customtask.yaml +++ b/tekton/publish-customtask.yaml @@ -48,7 +48,7 @@ spec: steps: - name: create-ko-yaml - image: busybox + image: docker.io/library/busybox@sha256:c230832bd3b0be59a6c47ed64294f9ce71e91b327957920b6929a0caa8353140 script: | #!/bin/sh set -ex @@ -64,7 +64,7 @@ spec: cat ${PROJECT_ROOT}/.ko.yaml - name: container-registry-auth - image: gcr.io/go-containerregistry/crane:debug + image: gcr.io/go-containerregistry/crane:debug@sha256:ff0e08eeae8097d28b2381c7f7123bf542757abc68d11bff58fb882b72843785 script: | #!/busybox/sh set -ex @@ -83,7 +83,7 @@ spec: cp ${DOCKER_CONFIG} /workspace/docker-config.json - name: run-ko - image: gcr.io/tekton-releases/dogfooding/ko:latest + image: gcr.io/tekton-releases/dogfooding/ko:v20240926-3daa55a03e@sha256:393155dbdd7c8d920925b202c88e4846f46a70c1e1dc218b0ea5e2d7e388b576 env: - name: KO_DOCKER_REPO value: $(params.imageRegistry)/$(params.imageRegistryPath) @@ -132,7 +132,7 @@ spec: ko resolve --platform=$(params.platforms) --preserve-import-paths -f ${PROJECT_ROOT}/config/ > $OUTPUT_RELEASE_DIR/release.notags.yaml - name: koparse - image: gcr.io/tekton-releases/dogfooding/koparse:latest + image: gcr.io/tekton-releases/dogfooding/koparse:v20240910-ec3cf3c749@sha256:5e8a522fc1e587fc00b69a6d73e0bfdf7a29ca143537a5542eb224680d2dbf2f script: | set -ex @@ -151,7 +151,7 @@ spec: --base ${IMAGES_PATH} --images ${IMAGES} > /workspace/built_images - name: tag-images - image: gcr.io/go-containerregistry/crane:debug + image: gcr.io/go-containerregistry/crane:debug@sha256:ff0e08eeae8097d28b2381c7f7123bf542757abc68d11bff58fb882b72843785 script: | #!/busybox/sh set -ex