chainguard-dev / digestabot Goto Github PK
View Code? Open in Web Editor NEWGithub Action to automatically update digests for container images.
License: Apache License 2.0
Github Action to automatically update digests for container images.
License: Apache License 2.0
Hi! Thanks for making this project; it looks extremely useful!
Could you add a license to this project? It would help me leverage it for professional projects.
At the moment, all relevant files in a repo are checked and a single PR is created updating all instances.
This works well for small projects, but is untenable for large repos (e.g. monorepos). We need a way to control the granularity of checks and PRs. For example, a configuration option to limit checks to certain directories or full control over the "find" command.
It would be great to add an optional extra step to verify provenance.
This could work by using cosign and taking issuer and identity arguments. (I'm not sure if issuer/identity regexps would also need to be supported). If these arguments are present and a new image is found, it should be verified with cosign. It's not clear what should happen after the failed verification; either open the PR and make the failure clear or don't open and log the error somehow?
Error
Failed to retrive digest info for 'cgr.dev/chainguard/node-lts:latest-dev
2024/01/02 00:13:18 HEAD request failed, falling back on GET: Get "https://'cgr.dev/v2/": dial tcp: lookup 'cgr.dev: no such host
Error: Get "https://'cgr.dev/v2/": dial tcp: lookup 'cgr.dev: no such host
These are in cloudbuild files and the image name is in single quotes as recommended by google. I believe that's why this is failing.
Also the word retrieve is spelt incorrectly above.
Really like the idea of this bot
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.