diff --git a/.github/workflows/docker-main.yaml b/.github/workflows/docker-main.yaml index f359b9ecf..d4cd18b2f 100644 --- a/.github/workflows/docker-main.yaml +++ b/.github/workflows/docker-main.yaml @@ -47,7 +47,7 @@ jobs: echo ::set-output name=sha-tag::${SHA_TAG} - name: Docker Publish - Main - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 + uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 with: context: . file: ./Dockerfile @@ -60,7 +60,7 @@ jobs: org.opencontainers.image.revision=${{ github.sha }} - name: Docker Publish - Debug - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 + uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 with: context: . file: ./Dockerfile.debug diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 23bf4a298..383640e2a 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -209,7 +209,7 @@ jobs: uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 - name: Docker Build - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 + uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 with: context: . file: ./Dockerfile diff --git a/Dockerfile b/Dockerfile index 13ef0d41b..5a3ce5816 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,7 +30,7 @@ RUN make build-go NAME=pomerium RUN touch /config.yaml # build our own root trust store from current stable -FROM debian:stable@sha256:7ca0fecd790bd1297cb92c4405906b0c4d7df22c8a5f0367a2697daf73c99cd7 as casource +FROM debian:stable@sha256:12931ad2bfd4a9609cf8ef7898f113d67dce8058f0c27f01c90ef7bdd5a61bfb as casource RUN apt-get update && apt-get install -y ca-certificates # Remove expired root (https://github.com/pomerium/pomerium/issues/2653) RUN rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt && update-ca-certificates