.github: update workflow actions

- bump docker/login-action from 3.1.0 to 3.4.0 - bump docker/metadata-action from 5.5.1 to 5.7.0 - bump docker/setup-buildx-action from 3.3.0 to 3.10.0 - bump docker/build-push-action from 5.3.0 to 6.16.0 - bump sigstore/cosign-installer from 3.5.0 to 3.8.2
2026-04-24 20:36:24 +02:00 · 2025-04-21 05:13:56 +00:00 · 2025-04-21 05:13:56 +00:00 · 5a27a2ec45
commit 5a27a2ec45
parent 5b619de74f
1 changed files with 5 additions and 5 deletions
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -25,10 +25,10 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Log into registry ${{ env.REGISTRY }}
-        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        if: github.event_name == 'push'
        with:
          registry: ${{ env.REGISTRY }}
@ -37,7 +37,7 @@ jobs:
      - name: Extract Docker metadata
        id: meta
-        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
@ -48,7 +48,7 @@ jobs:
      - name: Build and push Docker image
        id: build-and-push
-        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: .
          push: ${{ github.event_name == 'push' }}
@ -59,7 +59,7 @@ jobs:
      # Sign the Docker image
      - name: Install cosign
        if: github.event_name == 'push'
-        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
+        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb #v3.8.2
      - name: Sign the published Docker image
        if: github.event_name == 'push'
        env: