fix: Implement dependency digest tracking for nightly builds

- Updated Docker Compose files to use digest-pinned images for CI contexts.
- Enhanced Dockerfile to pin Go tool installations and verify external downloads with SHA256 checksums.
- Added Renovate configuration for tracking Go tool versions and digest updates.
- Introduced a new design document outlining the architecture and data flow for dependency tracking.
- Created tasks and requirements documentation to ensure compliance with the new digest pinning policy.
- Updated security documentation to reflect the new digest pinning policy and exceptions.
This commit is contained in:
GitHub Actions
2026-01-30 06:38:56 +00:00
parent dcb3e704a3
commit 6675f2a169
19 changed files with 545 additions and 70 deletions

View File

@@ -509,7 +509,7 @@ jobs:
docker run -d \
--name whoami \
--network charon-test-net \
traefik/whoami
traefik/whoami:latest@sha256:200689790a0a0ea48ca45992e0450bc26ccab5307375b41c84dfc4f2475937ab
- name: Run Charon Container
timeout-minutes: 3