pin image digests (immich-app#2754)

Manifest list digests can be found with: ```sh docker buildx imagetools inspect python:3.11.4-bullseye docker buildx imagetools inspect python:3.11.4-slim-bullseye docker buildx imagetools inspect ghcr.io/nginxinc/nginx-unprivileged:1.25.0-alpine3.17 ``` The node images are pinned in immich-app#2736 Fixes immich-app#2751 Partially fixes immich-app#2752
SZW36 · Jun 16, 2023 · 16171ee · 16171ee
1 parent d3c1781
commit 16171ee
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/machine-learning/Dockerfile b/machine-learning/Dockerfile
@@ -1,4 +1,5 @@
-FROM python:3.11 as builder
+FROM python:3.11.4-bullseye@sha256:bede19c9a8999a5461a01a6c0e0893eaf3e712fccb28f547ba9d3391310f378b as builder
+
 ENV PYTHONDONTWRITEBYTECODE=1 \
   PYTHONUNBUFFERED=1 \
   PIP_NO_CACHE_DIR=true
@@ -12,7 +13,8 @@ ENV VIRTUAL_ENV="/opt/venv" PATH="/opt/venv/bin:${PATH}"
 COPY poetry.lock pyproject.toml ./
 RUN poetry install --sync --no-interaction --no-ansi --no-root --only main
 
-FROM python:3.11-slim
+FROM python:3.11.4-slim-bullseye@sha256:4102cb4b15a5c0c52068d3128f87b1d43e6a3b431714f4a65e8b8e91750c7c54
+
 WORKDIR /usr/src/app
 ENV NODE_ENV=production \
   TRANSFORMERS_CACHE=/cache \

diff --git a/nginx/Dockerfile b/nginx/Dockerfile
@@ -1,4 +1,4 @@
-FROM ghcr.io/nginxinc/nginx-unprivileged:1.23
+FROM ghcr.io/nginxinc/nginx-unprivileged:1.25.0-alpine3.17@sha256:e57300e9f60e521c5af3ec8fdc710285a371647e8033bcb8a36020c4394db3e3
 
 COPY LICENSE /licenses/LICENSE.txt
 COPY LICENSE /LICENSE