From 05f3fa5ebcfded9e5946a5074b93e7cabe3d6ee4 Mon Sep 17 00:00:00 2001 From: Hiroshi Sugawara <5000164@users.noreply.github.com> Date: Tue, 16 Jul 2024 18:15:56 +0900 Subject: [PATCH 1/2] docs: Update GitHub Action documentation to specify Docker image on Docker Hub --- docs/docs/installation/github.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/installation/github.md b/docs/docs/installation/github.md index 0a8bcda32..38339d945 100644 --- a/docs/docs/installation/github.md +++ b/docs/docs/installation/github.md @@ -28,13 +28,13 @@ jobs: ``` -if you want to pin your action to a specific release (v2.0 for example) for stability reasons, use: +if you want to pin your action to a specific release (v0.23 for example) for stability reasons, use: ```yaml ... steps: - name: PR Agent action step id: pragent - uses: Codium-ai/pr-agent@v2.0 + uses: docker://codiumai/pr-agent:0.23-github_action ... ``` From 80bbe23ad546e64fcaa07d6f3da67fbd10bd62c0 Mon Sep 17 00:00:00 2001 From: Hiroshi Sugawara <5000164@users.noreply.github.com> Date: Tue, 16 Jul 2024 18:17:01 +0900 Subject: [PATCH 2/2] docs: Add note to pin Docker image by its digest for enhanced security --- docs/docs/installation/github.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/docs/installation/github.md b/docs/docs/installation/github.md index 38339d945..70c691d30 100644 --- a/docs/docs/installation/github.md +++ b/docs/docs/installation/github.md @@ -38,6 +38,16 @@ if you want to pin your action to a specific release (v0.23 for example) for sta ... ``` +For enhanced security, you can also specify the Docker image by its digest: +```yaml +... + steps: + - name: PR Agent action step + id: pragent + uses: docker://codiumai/pr-agent@sha256:14165e525678ace7d9b51cda8652c2d74abb4e1d76b57c4a6ccaeba84663cc64 +... +``` + 2) Add the following secret to your repository under `Settings > Secrets and variables > Actions > New repository secret > Add secret`: ```