From 690aabfbe1b97c205aa12aee72f8f886c05017c9 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 4 Sep 2023 03:10:35 +0200
Subject: [PATCH] ci: Use pinned images for mirrors

---
 images/mirror/Earthfile | 7 ++++---
 renovate.json           | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/images/mirror/Earthfile b/images/mirror/Earthfile
index 0c164dd6d..9c0a0f4de 100644
--- a/images/mirror/Earthfile
+++ b/images/mirror/Earthfile
@@ -7,10 +7,10 @@ MIRROR:
     SAVE IMAGE --cache-hint
 
 distroless-static-debug:
-    DO +MIRROR --image=gcr.io/distroless/static:debug-nonroot
+    DO +MIRROR --image=gcr.io/distroless/static:debug-nonroot@sha256:a8017a4f68c33e1489b4ad2b88dd0e8ddbe420b0c7a5c60716c19304b0f5883e
 
 distroless-static:
-    DO +MIRROR --image=gcr.io/distroless/static:nonroot
+    DO +MIRROR --image=gcr.io/distroless/static:nonroot@sha256:92d40eea0b5307a94f2ebee3e94095e704015fb41e35fc1fcbd1d151cc282222
 
 golang:
     DO +MIRROR --image=docker.io/library/golang:1.20.5-alpine
@@ -22,4 +22,5 @@ trivy:
     DO +MIRROR --image=docker.io/aquasec/trivy:0.37.3
 
 fedora:
-    DO +MIRROR --image=quay.io/fedora/fedora:38
\ No newline at end of file
+    DO +MIRROR --image=quay.io/fedora/fedora:38@sha256:1972716109b1c906120061063bd4cb50a46c2138d95002ccb90126928d98e013
+
diff --git a/renovate.json b/renovate.json
index 5d59a732c..f43773670 100644
--- a/renovate.json
+++ b/renovate.json
@@ -35,7 +35,7 @@
     {
       "fileMatch": ["images/mirror/Earthfile$"],
       "matchStrings": [
-        "DO \\+MIRROR --image=\"?'?(?<depName>[^:\\s]+?):(?<currentValue>[^\"]*?)\"?'?\\s"
+        "DO \\+MIRROR --image=\"?'?(?<depName>[^:\\s]+?):(?<currentValue>[^\"]*?)@?(?<currentDigest>sha256:[a-f0-9]+)?\"?'?\\s"
       ],
       "datasourceTemplate": "docker",
       "versioningTemplate": "docker"
-- 
GitLab