Merge pull request #955 from crazy-max/zizmor

tonistiigi · web-flow · commit bb9683dca29f · 2026-03-30T18:49:37.000-07:00
ci: zizmor workflow
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,13 +4,21 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
+    cooldown:
+      default-days: 2
+    groups:
+      crazy-max-dot-github:
+        patterns:
+          - "crazy-max/.github/*"
     labels:
       - "dependencies"
       - "bot"
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "daily"
+    cooldown:
+      default-days: 2
     versioning-strategy: "increase"
     groups:
       aws-sdk-dependencies:
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,5 +1,8 @@
 name: ci
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -19,7 +22,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Stop docker
         run: |
@@ -43,7 +46,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to GitHub Container Registry
         uses: ./
@@ -60,7 +63,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to GitHub Container Registry
         uses: ./
@@ -70,7 +73,7 @@ jobs:
           password: ${{ secrets.GHCR_PAT }}
       -
         name: DinD
-        uses: docker://docker
+        uses: docker://docker:29.3@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
         with:
           entrypoint: docker
           args: pull ghcr.io/docker-ghactiontest/test
@@ -85,7 +88,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to ACR
         uses: ./
@@ -105,7 +108,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to Docker Hub
         uses: ./
@@ -124,7 +127,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to ECR
         uses: ./
@@ -144,10 +147,10 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v6
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -169,7 +172,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to Public ECR
         continue-on-error: ${{ matrix.os == 'windows-latest' }}
@@ -192,10 +195,10 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v6
+        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -218,7 +221,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to GitHub Container Registry
         uses: ./
@@ -238,7 +241,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to GitLab
         uses: ./
@@ -258,7 +261,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to Google Artifact Registry
         uses: ./
@@ -278,7 +281,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to Google Container Registry
         uses: ./
@@ -292,7 +295,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to registries
         uses: ./
@@ -315,7 +318,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to registries
         uses: ./
@@ -336,7 +339,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to registries
         id: login
@@ -368,7 +371,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to Docker Hub
         uses: ./
@@ -398,7 +401,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to Docker Hub
         uses: ./
@@ -428,7 +431,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to GitHub Container Registry
         uses: ./
@@ -459,7 +462,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Login to GitHub Container Registry
         uses: ./
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -1,45 +1,46 @@
 name: codeql
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:
       - 'master'
       - 'releases/v*'
   pull_request:
 
-permissions:
-  actions: read
-  contents: read
-  security-events: write
-
 env:
   NODE_VERSION: "24"
 
 jobs:
   analyze:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Enable corepack
         run: |
           corepack enable
           yarn --version
       -
         name: Set up Node
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: ${{ env.NODE_VERSION }}
       -
         name: Initialize CodeQL
-        uses: github/codeql-action/init@v4
+        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           languages: javascript-typescript
           build-mode: none
       -
         name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v4
+        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           category: "/language:javascript-typescript"
diff --git a/.github/workflows/pr-assign-author.yml b/.github/workflows/pr-assign-author.yml
@@ -4,7 +4,7 @@ permissions:
   contents: read
 
 on:
-  pull_request_target:
+  pull_request_target: # zizmor: ignore[dangerous-triggers] safe to use without checkout
     types:
       - opened
       - reopened
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -1,5 +1,12 @@
 name: publish
 
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   release:
     types:
@@ -15,7 +22,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Publish
-        uses: actions/publish-immutable-action@v0.0.4
+        uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,5 +1,8 @@
 name: test
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -17,16 +20,16 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Test
-        uses: docker/bake-action@v7
+        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
         with:
           source: .
           targets: test
       -
         name: Upload coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5.5.4
         with:
           files: ./coverage/clover.xml
           token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/update-dist.yml b/.github/workflows/update-dist.yml
@@ -1,5 +1,12 @@
 name: update-dist
 
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   pull_request:
     types:
@@ -8,27 +15,27 @@ on:
 
 jobs:
   update-dist:
-    if: github.actor == 'dependabot[bot]'
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
     runs-on: ubuntu-latest
     steps:
       -
         name: GitHub auth token from GitHub App
         id: docker-read-app
-        uses: actions/create-github-app-token@v3
+        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
         with:
           app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
           private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
           owner: docker
       -
         name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           fetch-depth: 0
-          token: ${{ steps.docker-read-app.outputs.token || github.token }}
+          token: ${{ steps.docker-read-app.outputs.token }}
       -
         name: Build
-        uses: docker/bake-action@v7
+        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
         with:
           source: .
           targets: build
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
diff --git a/.github/zizmor.yml b/.github/zizmor.yml

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,8 @@`
`1`	`1`	`name: ci`
`2`	`2`
	`3`	`+permissions:`
	`4`	`+ contents: read`
	`5`	`+`
`3`	`6`	`concurrency:`
`4`	`7`	`group: ${{ github.workflow }}-${{ github.ref }}`
`5`	`8`	`cancel-in-progress: true`
`@@ -19,7 +22,7 @@ jobs:`
`19`	`22`	`steps:`
`20`	`23`	`-`
`21`	`24`	`name: Checkout`
`22`		`- uses: actions/checkout@v6`
	`25`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`23`	`26`	`-`
`24`	`27`	`name: Stop docker`
`25`	`28`	`run: \|`
`@@ -43,7 +46,7 @@ jobs:`
`43`	`46`	`steps:`
`44`	`47`	`-`
`45`	`48`	`name: Checkout`
`46`		`- uses: actions/checkout@v6`
	`49`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`47`	`50`	`-`
`48`	`51`	`name: Login to GitHub Container Registry`
`49`	`52`	`uses: ./`
`@@ -60,7 +63,7 @@ jobs:`
`60`	`63`	`steps:`
`61`	`64`	`-`
`62`	`65`	`name: Checkout`
`63`		`- uses: actions/checkout@v6`
	`66`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`64`	`67`	`-`
`65`	`68`	`name: Login to GitHub Container Registry`
`66`	`69`	`uses: ./`
`@@ -70,7 +73,7 @@ jobs:`
`70`	`73`	`password: ${{ secrets.GHCR_PAT }}`
`71`	`74`	`-`
`72`	`75`	`name: DinD`
`73`		`- uses: docker://docker`
	`76`	`+ uses: docker://docker:29.3@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029`
`74`	`77`	`with:`
`75`	`78`	`entrypoint: docker`
`76`	`79`	`args: pull ghcr.io/docker-ghactiontest/test`
`@@ -85,7 +88,7 @@ jobs:`
`85`	`88`	`steps:`
`86`	`89`	`-`
`87`	`90`	`name: Checkout`
`88`		`- uses: actions/checkout@v6`
	`91`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`89`	`92`	`-`
`90`	`93`	`name: Login to ACR`
`91`	`94`	`uses: ./`
`@@ -105,7 +108,7 @@ jobs:`
`105`	`108`	`steps:`
`106`	`109`	`-`
`107`	`110`	`name: Checkout`
`108`		`- uses: actions/checkout@v6`
	`111`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`109`	`112`	`-`
`110`	`113`	`name: Login to Docker Hub`
`111`	`114`	`uses: ./`
`@@ -124,7 +127,7 @@ jobs:`
`124`	`127`	`steps:`
`125`	`128`	`-`
`126`	`129`	`name: Checkout`
`127`		`- uses: actions/checkout@v6`
	`130`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`128`	`131`	`-`
`129`	`132`	`name: Login to ECR`
`130`	`133`	`uses: ./`
`@@ -144,10 +147,10 @@ jobs:`
`144`	`147`	`steps:`
`145`	`148`	`-`
`146`	`149`	`name: Checkout`
`147`		`- uses: actions/checkout@v6`
	`150`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`148`	`151`	`-`
`149`	`152`	`name: Configure AWS Credentials`
`150`		`- uses: aws-actions/configure-aws-credentials@v6`
	`153`	`+ uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0`
`151`	`154`	`with:`
`152`	`155`	`aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}`
`153`	`156`	`aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}`
`@@ -169,7 +172,7 @@ jobs:`
`169`	`172`	`steps:`
`170`	`173`	`-`
`171`	`174`	`name: Checkout`
`172`		`- uses: actions/checkout@v6`
	`175`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`173`	`176`	`-`
`174`	`177`	`name: Login to Public ECR`
`175`	`178`	`continue-on-error: ${{ matrix.os == 'windows-latest' }}`
`@@ -192,10 +195,10 @@ jobs:`
`192`	`195`	`steps:`
`193`	`196`	`-`
`194`	`197`	`name: Checkout`
`195`		`- uses: actions/checkout@v6`
	`198`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`196`	`199`	`-`
`197`	`200`	`name: Configure AWS Credentials`
`198`		`- uses: aws-actions/configure-aws-credentials@v6`
	`201`	`+ uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0`
`199`	`202`	`with:`
`200`	`203`	`aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}`
`201`	`204`	`aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}`
`@@ -218,7 +221,7 @@ jobs:`
`218`	`221`	`steps:`
`219`	`222`	`-`
`220`	`223`	`name: Checkout`
`221`		`- uses: actions/checkout@v6`
	`224`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`222`	`225`	`-`
`223`	`226`	`name: Login to GitHub Container Registry`
`224`	`227`	`uses: ./`
`@@ -238,7 +241,7 @@ jobs:`
`238`	`241`	`steps:`
`239`	`242`	`-`
`240`	`243`	`name: Checkout`
`241`		`- uses: actions/checkout@v6`
	`244`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`242`	`245`	`-`
`243`	`246`	`name: Login to GitLab`
`244`	`247`	`uses: ./`
`@@ -258,7 +261,7 @@ jobs:`
`258`	`261`	`steps:`
`259`	`262`	`-`
`260`	`263`	`name: Checkout`
`261`		`- uses: actions/checkout@v6`
	`264`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`262`	`265`	`-`
`263`	`266`	`name: Login to Google Artifact Registry`
`264`	`267`	`uses: ./`
`@@ -278,7 +281,7 @@ jobs:`
`278`	`281`	`steps:`
`279`	`282`	`-`
`280`	`283`	`name: Checkout`
`281`		`- uses: actions/checkout@v6`
	`284`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`282`	`285`	`-`
`283`	`286`	`name: Login to Google Container Registry`
`284`	`287`	`uses: ./`
`@@ -292,7 +295,7 @@ jobs:`
`292`	`295`	`steps:`
`293`	`296`	`-`
`294`	`297`	`name: Checkout`
`295`		`- uses: actions/checkout@v6`
	`298`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`296`	`299`	`-`
`297`	`300`	`name: Login to registries`
`298`	`301`	`uses: ./`
`@@ -315,7 +318,7 @@ jobs:`
`315`	`318`	`steps:`
`316`	`319`	`-`
`317`	`320`	`name: Checkout`
`318`		`- uses: actions/checkout@v6`
	`321`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`319`	`322`	`-`
`320`	`323`	`name: Login to registries`
`321`	`324`	`uses: ./`
`@@ -336,7 +339,7 @@ jobs:`
`336`	`339`	`steps:`
`337`	`340`	`-`
`338`	`341`	`name: Checkout`
`339`		`- uses: actions/checkout@v6`
	`342`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`340`	`343`	`-`
`341`	`344`	`name: Login to registries`
`342`	`345`	`id: login`
`@@ -368,7 +371,7 @@ jobs:`
`368`	`371`	`steps:`
`369`	`372`	`-`
`370`	`373`	`name: Checkout`
`371`		`- uses: actions/checkout@v6`
	`374`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`372`	`375`	`-`
`373`	`376`	`name: Login to Docker Hub`
`374`	`377`	`uses: ./`
`@@ -398,7 +401,7 @@ jobs:`
`398`	`401`	`steps:`
`399`	`402`	`-`
`400`	`403`	`name: Checkout`
`401`		`- uses: actions/checkout@v6`
	`404`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`402`	`405`	`-`
`403`	`406`	`name: Login to Docker Hub`
`404`	`407`	`uses: ./`
`@@ -428,7 +431,7 @@ jobs:`
`428`	`431`	`steps:`
`429`	`432`	`-`
`430`	`433`	`name: Checkout`
`431`		`- uses: actions/checkout@v6`
	`434`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`432`	`435`	`-`
`433`	`436`	`name: Login to GitHub Container Registry`
`434`	`437`	`uses: ./`
`@@ -459,7 +462,7 @@ jobs:`
`459`	`462`	`steps:`
`460`	`463`	`-`
`461`	`464`	`name: Checkout`
`462`		`- uses: actions/checkout@v6`
	`465`	`+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2`
`463`	`466`	`-`
`464`	`467`	`name: Login to GitHub Container Registry`
`465`	`468`	`uses: ./`