From 3b9dc434acd6e2c31d8cce8bede15ddd416f8719 Mon Sep 17 00:00:00 2001
From: Ivan Dyachkov <dev@dyachkov.org>
Date: Fri, 12 Jan 2024 11:55:51 +0100
Subject: [PATCH] ci: pin dockerfiles by digest

---
 .ci/docker-compose-file/openldap/Dockerfile | 2 +-
 .ci/docker-compose-file/pgsql/Dockerfile    | 2 +-
 Dockerfile.ubuntu20.04.runner               | 2 +-
 deploy/docker/Dockerfile                    | 4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.ci/docker-compose-file/openldap/Dockerfile b/.ci/docker-compose-file/openldap/Dockerfile
index 9eba7b3a5..d9fe7cd9b 100644
--- a/.ci/docker-compose-file/openldap/Dockerfile
+++ b/.ci/docker-compose-file/openldap/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/zmstone/openldap:2.5.16
+FROM docker.io/zmstone/openldap:2.5.16@sha256:a813922115a1d1f1b974399595921d1778fae22b3f1ee15dcfa8cfa89700dbc7
 
 COPY .ci/docker-compose-file/openldap/slapd.conf /usr/local/etc/openldap/slapd.conf
 COPY apps/emqx_ldap/test/data/emqx.io.ldif /usr/local/etc/openldap/schema/emqx.io.ldif
diff --git a/.ci/docker-compose-file/pgsql/Dockerfile b/.ci/docker-compose-file/pgsql/Dockerfile
index 94e9239ec..42e927095 100644
--- a/.ci/docker-compose-file/pgsql/Dockerfile
+++ b/.ci/docker-compose-file/pgsql/Dockerfile
@@ -1,4 +1,4 @@
-ARG BUILD_FROM=public.ecr.aws/docker/library/postgres:13
+ARG BUILD_FROM=public.ecr.aws/docker/library/postgres:13@sha256:fa69de30d02652cfdfb68166692e5186f6972c17f83c89c71ac8ff0916d46ae3
 FROM ${BUILD_FROM}
 ARG POSTGRES_USER=postgres
 COPY --chown=$POSTGRES_USER ./pgsql/pg_hba_tls.conf /var/lib/postgresql/pg_hba.conf
diff --git a/Dockerfile.ubuntu20.04.runner b/Dockerfile.ubuntu20.04.runner
index 1b340aaf8..8d32edd8a 100644
--- a/Dockerfile.ubuntu20.04.runner
+++ b/Dockerfile.ubuntu20.04.runner
@@ -1,5 +1,5 @@
 ## This is a fast-build Dockerfile only for testing
-FROM ubuntu:20.04
+FROM ubuntu:20.04@sha256:f2034e7195f61334e6caff6ecf2e965f92d11e888309065da85ff50c617732b8
 ARG PROFILE=emqx
 
 RUN apt-get update; \
diff --git a/deploy/docker/Dockerfile b/deploy/docker/Dockerfile
index 4a06ea591..b86220334 100644
--- a/deploy/docker/Dockerfile
+++ b/deploy/docker/Dockerfile
@@ -1,5 +1,5 @@
-ARG BUILD_FROM=ghcr.io/emqx/emqx-builder/5.3-2:1.15.7-26.2.1-2-debian11
-ARG RUN_FROM=public.ecr.aws/debian/debian:11-slim
+ARG BUILD_FROM=ghcr.io/emqx/emqx-builder/5.3-2:1.15.7-26.2.1-2-debian11@sha256:48b62a5636bd6bc59688fc98a498401fccf456fa63d843aa0b7279f3bc20b22e
+ARG RUN_FROM=public.ecr.aws/debian/debian:11-slim@sha256:22cfb3c06a7dd5e18d86123a73405664475b9d9fa209cbedcf4c50a25649cc74
 FROM ${BUILD_FROM} AS builder
 ARG DEBUG=0