diff --git a/wait-task/tekton/publish.yaml b/wait-task/tekton/publish.yaml index f0d105b77..2375456c1 100644 --- a/wait-task/tekton/publish.yaml +++ b/wait-task/tekton/publish.yaml @@ -46,7 +46,7 @@ spec: steps: - name: create-ko-yaml - image: busybox + image: docker.io/library/busybox@sha256:c230832bd3b0be59a6c47ed64294f9ce71e91b327957920b6929a0caa8353140 script: | #!/bin/sh set -ex @@ -62,7 +62,7 @@ spec: cat ${PROJECT_ROOT}/.ko.yaml - name: container-registy-auth - image: gcr.io/go-containerregistry/crane:debug + image: gcr.io/go-containerregistry/crane:debug@sha256:ff0e08eeae8097d28b2381c7f7123bf542757abc68d11bff58fb882b72843785 script: | #!/busybox/sh set -ex @@ -81,7 +81,7 @@ spec: cp ${DOCKER_CONFIG} /workspace/docker-config.json - name: run-ko - image: gcr.io/tekton-releases/dogfooding/ko:latest + image: gcr.io/tekton-releases/dogfooding/ko:v20240926-3daa55a03e@sha256:393155dbdd7c8d920925b202c88e4846f46a70c1e1dc218b0ea5e2d7e388b576 env: - name: KO_DOCKER_REPO value: $(params.imageRegistry)/$(params.imageRegistryPath) @@ -128,7 +128,7 @@ spec: ko resolve --platform=$(params.platforms) --preserve-import-paths -f ${PROJECT_ROOT}/config/ > $OUTPUT_RELEASE_DIR/release.notags.yam. - name: koparse - image: gcr.io/tekton-releases/dogfooding/koparse:latest + image: gcr.io/tekton-releases/dogfooding/koparse:v20240910-ec3cf3c749@sha256:5e8a522fc1e587fc00b69a6d73e0bfdf7a29ca143537a5542eb224680d2dbf2f script: | set -ex @@ -145,7 +145,7 @@ spec: --base ${IMAGES_PATH} --images ${IMAGES} > /workspace/built_images - name: tag-images - image: gcr.io/go-containerregistry/crane:debug + image: gcr.io/go-containerregistry/crane:debug@sha256:ff0e08eeae8097d28b2381c7f7123bf542757abc68d11bff58fb882b72843785 script: | #!/busybox/sh set -ex diff --git a/wait-task/tekton/release-pipeline.yaml b/wait-task/tekton/release-pipeline.yaml index af3ee5af6..547d14426 100644 --- a/wait-task/tekton/release-pipeline.yaml +++ b/wait-task/tekton/release-pipeline.yaml @@ -166,7 +166,7 @@ spec: description: The full URL of the release file (no tag) in the bucket steps: - name: create-results - image: alpine + image: docker.io/library/alpine:3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d script: | echo "$(params.releaseBucket)/previous/$(params.versionTag)/release.yaml" > $(results.release.path) echo "$(params.releaseBucket)/previous/$(params.versionTag)/release.notag.yaml" > $(results.release-no-tag.path)