Retain docker image tag when pinning in Actions workflows
varunsh-coder opened this issue · 2 comments
@Devils-Knight I noticed that when we pin docker images in Github Actions workflows, we do not retain the tag.
On the other hand, when we pin docker images in dockerfiles, we do retain the tag. Here is an example:
The 3.7 tag part is retained.
As next steps:
- Can you please investigate that if the tag is retained for docker images in GitHub Actions workflows, does it work fine, and does dependabot update it?
- If yes, make changes to retain the tag in GitHub Actions workflows.
In this case, the test cases would also need to be updated.
I think we can retain tag for docker image in the given format that you mentioned and the retained tag would act as a fallback option in case referencing the pinned tag version fails, view here.
And for the dependabot part, The functionality for bumping docker actions isn't added yet. There is an open issue tracking this functionality. dependabot/dependabot-core/issues/5541
I have created a pr updating the format and test cases for the same.
Update Format for Pinning Docker Actions #2014
This is done and released. Thanks!