Would people be open to a PR that adds support for...
# announcements
Would people be open to a PR that adds support for specifying the shasum of a docker image in addition to the tag? Seems like a pretty minor change to
that'd enable specifying images like `docker.io/my-image@sha256:...`/is helpful to ensure that a specific workflow is locked to an exact image. Happy to make the PR later this week.
cc @Haytham Abuelfutuh
i feel like this is something we’ve discussed in the past.
more from a security standpoint than anything else but yeah this is why we some users will just set the image to the git sha
Yeah that too. I tried this on the most recent version of
and the image specified w/ the shasum failed a parsing step (looks like the regex is only looking for
). This is a pretty important feature for us since it's how we ensure dependency compatibility between a workflow & the corresponding container image in our existing Argo setup.
Yes, @Rahul Mehta that sounds like a great step… as Yee said, we’ve discussed this in the past but never got around to supporting it… Thank you!