diff --git a/config/ansible/roles/ferrarimarco_home_lab_node/files/config/dependency-updates-helper/Dockerfile b/config/ansible/roles/ferrarimarco_home_lab_node/files/config/dependency-updates-helper/Dockerfile index 267ed9839..b8715e260 100644 --- a/config/ansible/roles/ferrarimarco_home_lab_node/files/config/dependency-updates-helper/Dockerfile +++ b/config/ansible/roles/ferrarimarco_home_lab_node/files/config/dependency-updates-helper/Dockerfile @@ -3,47 +3,47 @@ # We then fetch these identifiers for use in templates. # backup -FROM ngosang/restic-exporter:1.5.0 as restic-exporter +FROM ngosang/restic-exporter:1.5.0@sha256:920271a90bfc7396024d76bff780a80b90da7c907937d36ac3d71900df1bf86c as restic-exporter # frigate -FROM ghcr.io/blakeblackshear/frigate:0.13.2 as frigate +FROM ghcr.io/blakeblackshear/frigate:0.13.2@sha256:2906991ccad85035b176941f9dedfd35088ff710c39d45ef1baa9a49f2b16734 as frigate # home-assistant -FROM ghcr.io/home-assistant/home-assistant:2024.6.4 as home-assistant +FROM ghcr.io/home-assistant/home-assistant:2024.6.4@sha256:17d159928122e6f374bd39b0e75904522bc7d7c2a64e88b248948734e4c4d444 as home-assistant # media-stack -FROM jellyfin/jellyfin:10.9.7.20240625-002012 as jellyfin -FROM fallenbagel/jellyseerr:1.9.2 as jellyseerr -FROM ghcr.io/flaresolverr/flaresolverr:v3.3.21 as flaresolverr -FROM lscr.io/linuxserver/lidarr:2.3.3 as lidarr -FROM lscr.io/linuxserver/prowlarr:1.18.0 as prowlarr -FROM lscr.io/linuxserver/radarr:5.6.0 as radarr -FROM lscr.io/linuxserver/readarr:0.3.32-nightly as readarr -FROM lscr.io/linuxserver/sonarr:4.0.8 as sonarr +FROM jellyfin/jellyfin:10.9.7.20240625-002012@sha256:76930362d2c266e8f0b2f51f1c6b039a5207525d0e138a1cdbec870c66c34b0f as jellyfin +FROM fallenbagel/jellyseerr:1.9.2@sha256:8f708df0ce3f202056bde5d7bff625eb59efe38f4ee47bdddc7560b6e4a5a214 as jellyseerr +FROM ghcr.io/flaresolverr/flaresolverr:v3.3.21@sha256:f104ee51e5124d83cf3be9b37480649355d223f7d8f9e453d0d5ef06c6e3b31b as flaresolverr +FROM lscr.io/linuxserver/lidarr:2.3.3@sha256:32ddd032d57d7e996052b0fe68c651e88f87909eaab26935dc0160ea468a936e as lidarr +FROM lscr.io/linuxserver/prowlarr:1.18.0@sha256:237e9a72c11c5350bf22e355759436ecd4fd660e820d5b556d9a9e436f25f6b9 as prowlarr +FROM lscr.io/linuxserver/radarr:5.6.0@sha256:79053c07400eec909d04ac97db760c30bf61471ec37465a50f126a3c825a92bc as radarr +FROM lscr.io/linuxserver/readarr:0.3.32-nightly@sha256:9885cf0129d5b790db15db2b97a0e7bd9352fce0e3af8395d5f0ff3bb3a32558 as readarr +FROM lscr.io/linuxserver/sonarr:4.0.8@sha256:fbee5770f688e4f89dd073534feda11251bfde0e0a4e6ac74dd8c33bb856b505 as sonarr # monitoring -FROM gcr.io/cadvisor/cadvisor:v0.49.1 as cadvisor -FROM ghcr.io/druggeri/nut_exporter:3.1.1 as nut-exporter -FROM prom/blackbox-exporter:v0.25.0 as prometheus-blackbox-exporter -FROM prom/prometheus:v2.52.0 as prometheus -FROM quay.io/prometheus/node-exporter:v1.8.2 as prometheus-node-exporter +FROM gcr.io/cadvisor/cadvisor:v0.49.1@sha256:3cde6faf0791ebf7b41d6f8ae7145466fed712ea6f252c935294d2608b1af388 as cadvisor +FROM ghcr.io/druggeri/nut_exporter:3.1.1@sha256:0d9a0a00554081876178369ab9d46717e002fcf550b18dcd85f98c315438b524 as nut-exporter +FROM prom/blackbox-exporter:v0.25.0@sha256:b04a9fef4fa086a02fc7fcd8dcdbc4b7b35cc30cdee860fdc6a19dd8b208d63e as prometheus-blackbox-exporter +FROM prom/prometheus:v2.52.0@sha256:5c435642ca4d8427ca26f4901c11114023004709037880cd7860d5b7176aa731 as prometheus +FROM quay.io/prometheus/node-exporter:v1.8.2@sha256:4032c6d5bfd752342c3e631c2f1de93ba6b86c41db6b167b9a35372c139e7706 as prometheus-node-exporter # monitoring-backend -FROM grafana/grafana-oss:10.4.3 as grafana +FROM grafana/grafana-oss:10.4.3@sha256:b7fcb534f7b3512801bb3f4e658238846435804deb479d105b5cdc680847c272 as grafana # mosquitto -FROM eclipse-mosquitto:2.0.18-openssl as mosquitto +FROM eclipse-mosquitto:2.0.18-openssl@sha256:2f1c61fc5af49d0b589978e146dcfc60248d93d88292ff9373c4e6d083a63c72 as mosquitto # network-stack -FROM klutchell/unbound:1.20.0 as unbound -FROM coredns/coredns:1.11.1 as coredns -FROM traefik:3.0.4 as traefik +FROM klutchell/unbound:1.20.0@sha256:7f8bd396b3b82e0502803f0b1c2e7a635ec8bccd973763a5a95a3c9d2b72e07d as unbound +FROM coredns/coredns:1.11.1@sha256:1eeb4c7316bacb1d4c8ead65571cd92dd21e27359f0d4917f1a5822a73b75db1 as coredns +FROM traefik:3.0.4@sha256:a208c74fd80a566d4ea376053bff73d31616d7af3f1465a7747b8b89ee34d97e as traefik # syncthing -FROM syncthing/syncthing:1.27.9 as syncthing +FROM syncthing/syncthing:1.27.9@sha256:9f16c4aaf678add90a85bd53e324bfbb57d1e704e6a07b54c446e4a67e590dbf as syncthing # torrent -FROM linuxserver/qbittorrent:4.6.5 as qbittorrent +FROM linuxserver/qbittorrent:4.6.5@sha256:a4bd829f509cfef396b3e12f3a605e66a9d2e8f1e5e2d2da80cfdd846aaa4c80 as qbittorrent # zigbee2mqtt -FROM koenkk/zigbee2mqtt:1.37.1 as zigbee2mqtt +FROM koenkk/zigbee2mqtt:1.37.1@sha256:d37f2f8227d9c2763ddbe06e48328f9ec3a9b8cf081dfcbda44c9b0af4c0c634 as zigbee2mqtt diff --git a/config/ansible/roles/ferrarimarco_home_lab_node/files/config/restic/Dockerfile b/config/ansible/roles/ferrarimarco_home_lab_node/files/config/restic/Dockerfile index ff863c34e..14dcd24a0 100644 --- a/config/ansible/roles/ferrarimarco_home_lab_node/files/config/restic/Dockerfile +++ b/config/ansible/roles/ferrarimarco_home_lab_node/files/config/restic/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/restic/restic:0.16.5 +FROM ghcr.io/restic/restic:0.16.5@sha256:66d5b38b78fe3226e1f70159ffd87f7579aace84d333e70969b5b1aa8747479e COPY ./entrypoint.sh /bin/entrypoint.sh diff --git a/docker/ansible/Dockerfile b/docker/ansible/Dockerfile index 075744825..b97c6cc28 100644 --- a/docker/ansible/Dockerfile +++ b/docker/ansible/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.12.4-bookworm as ansible +FROM python:3.12.4-bookworm@sha256:3d87cd922e0349f0c19676f492091cce77d79bf9bc9507e42e03bdb8e51126e1 as ansible ENV PYTHONFAULTHANDLER=1 \ PYTHONHASHSEED=random \ diff --git a/docker/arduino-cli/Dockerfile b/docker/arduino-cli/Dockerfile index e46d55e5c..6c90483fd 100644 --- a/docker/arduino-cli/Dockerfile +++ b/docker/arduino-cli/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye +FROM debian:bullseye@sha256:7aef2e7d061743fdb57973dac3ddbceb0b0912746ca7e0ee7535016c38286561 SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] diff --git a/docker/release-please-commitlint/Dockerfile b/docker/release-please-commitlint/Dockerfile index 97a408eda..62c4c5a1d 100644 --- a/docker/release-please-commitlint/Dockerfile +++ b/docker/release-please-commitlint/Dockerfile @@ -1,4 +1,4 @@ -FROM node:22.5.1-bookworm +FROM node:22.5.1-bookworm@sha256:86915971d2ce1548842315fcce7cda0da59319a4dab6b9fc0827e762ef04683a SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]