diff --git a/.github/workflows/build_linux_profiler.yml b/.github/workflows/build_linux_profiler.yml index d6e641b7a..bb5a18fb4 100644 --- a/.github/workflows/build_linux_profiler.yml +++ b/.github/workflows/build_linux_profiler.yml @@ -20,7 +20,7 @@ jobs: name: ['glibc', 'musl'] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: submodules: 'true' persist-credentials: false @@ -34,7 +34,7 @@ jobs: name: ['glibc', 'musl'] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: submodules: 'true' persist-credentials: false diff --git a/.github/workflows/build_managed_helper.yml b/.github/workflows/build_managed_helper.yml index 9221f4f25..a24f586c6 100644 --- a/.github/workflows/build_managed_helper.yml +++ b/.github/workflows/build_managed_helper.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-x64-small steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: submodules: 'true' persist-credentials: false @@ -25,7 +25,7 @@ jobs: - run: dotnet build -c Release working-directory: Pyroscope - name: Publish NuGet packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: packages path: ./Pyroscope/artifacts/package/release diff --git a/.github/workflows/build_tracing_packages.yml b/.github/workflows/build_tracing_packages.yml index 0e074bd00..6befd7f94 100644 --- a/.github/workflows/build_tracing_packages.yml +++ b/.github/workflows/build_tracing_packages.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-x64-small steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: submodules: 'true' persist-credentials: false @@ -25,7 +25,7 @@ jobs: - run: dotnet build -c Release working-directory: Pyroscope/Pyroscope.OpenTracing - name: Publish NuGet packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: packages-OpenTracing path: ./Pyroscope/artifacts/package/release @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-x64-small steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: submodules: 'true' persist-credentials: false @@ -44,7 +44,7 @@ jobs: - run: dotnet build -c Release working-directory: Pyroscope/Pyroscope.OpenTelemetry - name: Publish NuGet packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: packages-OpenTelemetry path: ./Pyroscope/artifacts/package/release diff --git a/.github/workflows/tag_linux.yml b/.github/workflows/tag_linux.yml index b3a0eabd0..86e73856e 100644 --- a/.github/workflows/tag_linux.yml +++ b/.github/workflows/tag_linux.yml @@ -22,7 +22,7 @@ jobs: name: ['glibc', 'musl'] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: submodules: 'true' persist-credentials: false @@ -59,7 +59,7 @@ jobs: name: ['glibc', 'musl'] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: submodules: 'true' persist-credentials: false @@ -96,7 +96,7 @@ jobs: name: ['glibc', 'musl'] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: submodules: 'true' persist-credentials: false diff --git a/.github/workflows/tag_managed_helper.yml b/.github/workflows/tag_managed_helper.yml index c27133ebe..65ba753d3 100644 --- a/.github/workflows/tag_managed_helper.yml +++ b/.github/workflows/tag_managed_helper.yml @@ -18,7 +18,7 @@ jobs: RELEASE_VERSION: ${{ github.ref_name }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: submodules: 'true' persist-credentials: false @@ -29,7 +29,7 @@ jobs: - run: dotnet build -c Release working-directory: Pyroscope - name: Publish NuGet packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: packages path: ./Pyroscope/artifacts/package/release diff --git a/.github/workflows/tag_tracing_opentelemetry_helper.yml b/.github/workflows/tag_tracing_opentelemetry_helper.yml index 279c67361..86205e662 100644 --- a/.github/workflows/tag_tracing_opentelemetry_helper.yml +++ b/.github/workflows/tag_tracing_opentelemetry_helper.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-x64-small steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: submodules: 'true' persist-credentials: false @@ -24,7 +24,7 @@ jobs: - run: dotnet build -c Release working-directory: Pyroscope/Pyroscope.OpenTelemetry - name: Publish NuGet packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: packages path: ./Pyroscope/artifacts/package/release diff --git a/.github/workflows/tag_tracing_opentracing_helper.yml b/.github/workflows/tag_tracing_opentracing_helper.yml index 3cd63f69f..cc094bca3 100644 --- a/.github/workflows/tag_tracing_opentracing_helper.yml +++ b/.github/workflows/tag_tracing_opentracing_helper.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-x64-small steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: submodules: 'true' persist-credentials: false @@ -24,7 +24,7 @@ jobs: - run: dotnet build -c Release working-directory: Pyroscope/Pyroscope.OpenTracing - name: Publish NuGet packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: packages path: ./Pyroscope/artifacts/package/release diff --git a/IntegrationTest/Dockerfile.load-generator b/IntegrationTest/Dockerfile.load-generator index 5c55f3d27..1b4db7bf0 100644 --- a/IntegrationTest/Dockerfile.load-generator +++ b/IntegrationTest/Dockerfile.load-generator @@ -1,4 +1,4 @@ -FROM python:3.9 +FROM python:3.9@sha256:61c518a24fa2c5e6c2ead2b29bc0c81ff7691d6f36459d2e399d4e25ddc0db38 RUN pip3 install requests diff --git a/Pyroscope.Dockerfile b/Pyroscope.Dockerfile index fb186b966..f0db1b792 100644 --- a/Pyroscope.Dockerfile +++ b/Pyroscope.Dockerfile @@ -1,4 +1,4 @@ -FROM debian:11 AS builder +FROM debian:11@sha256:5e2b4654ea0dc0bc22434199dace15adf9799f292857679fa79f9395e6d4dafd AS builder RUN apt-get update && apt-get -y install cmake make git curl golang libtool wget @@ -32,7 +32,7 @@ RUN mkdir build-${CMAKE_BUILD_TYPE} && \ RUN cd build-${CMAKE_BUILD_TYPE} && make -j16 Pyroscope.Profiler.Native Datadog.Linux.ApiWrapper.x64 -FROM busybox:1.36.1-glibc +FROM busybox:1.36.1-glibc@sha256:fea9e0f09e8cbbe7b2d2ca2ebb6e8da1e2e1d7c6ca7a4cf297eb2fcf5afda5ed COPY --from=builder /profiler/profiler/_build/DDProf-Deploy/linux/Pyroscope.Profiler.Native.so /Pyroscope.Profiler.Native.so COPY --from=builder /profiler/profiler/_build/DDProf-Deploy/linux/Datadog.Linux.ApiWrapper.x64.so /Pyroscope.Linux.ApiWrapper.x64.so diff --git a/Pyroscope.musl.Dockerfile b/Pyroscope.musl.Dockerfile index 7249220e0..5a4f795c7 100644 --- a/Pyroscope.musl.Dockerfile +++ b/Pyroscope.musl.Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.15 AS builder +FROM alpine:3.15@sha256:19b4bcc4f60e99dd5ebdca0cbce22c503bbcff197549d7e19dab4f22254dc864 AS builder RUN apk add \ clang \ @@ -40,7 +40,7 @@ RUN mkdir build-${CMAKE_BUILD_TYPE} && \ RUN cd build-${CMAKE_BUILD_TYPE} && make -j16 Pyroscope.Profiler.Native Datadog.Linux.ApiWrapper.x64 -FROM busybox:1.36.1-musl +FROM busybox:1.36.1-musl@sha256:2f9af5cf39068ec3a9e124feceaa11910c511e23a1670dcfdff0bc16793545fb COPY --from=builder /profiler/profiler/_build/DDProf-Deploy/linux-musl/Pyroscope.Profiler.Native.so /Pyroscope.Profiler.Native.so COPY --from=builder /profiler/profiler/_build/DDProf-Deploy/linux-musl/Datadog.Linux.ApiWrapper.x64.so /Pyroscope.Linux.ApiWrapper.x64.so diff --git a/docker-compose-itest.yml b/docker-compose-itest.yml index 280e38162..57cdf4b07 100644 --- a/docker-compose-itest.yml +++ b/docker-compose-itest.yml @@ -1,7 +1,7 @@ services: pyroscope: platform: linux/amd64 - image: grafana/pyroscope + image: grafana/pyroscope@sha256:5fba997646c53584799b6beca768dae6358e807020aa98c04cb7db11f0d55681 ports: - "4040:4040" @@ -86,7 +86,7 @@ services: SERVICE_NAME: $SERVICE_NAME grafana: - image: grafana/grafana:latest + image: grafana/grafana:latest@sha256:35c41e0fd0295f5d0ee5db7e780cf33506abfaf47686196f825364889dee878b environment: - GF_INSTALL_PLUGINS=grafana-pyroscope-app - GF_AUTH_ANONYMOUS_ENABLED=true diff --git a/docker-compose.serverless.yml b/docker-compose.serverless.yml index f7ae65285..d1bf9db42 100644 --- a/docker-compose.serverless.yml +++ b/docker-compose.serverless.yml @@ -84,7 +84,7 @@ services: - DUMMY_API_HOST=http://serverless-dummy-api:9005 StartDependencies.Serverless: - image: andrewlock/wait-for-dependencies + image: andrewlock/wait-for-dependencies@sha256:5d87561de8c019c3954298f707c1f6d7087f620a1ce36c3ec38cdfbc1ec4066e depends_on: - serverless-lambda-no-param-sync - serverless-lambda-one-param-sync @@ -1044,7 +1044,7 @@ services: # The serverless function calls this API, which always returns 200 OK serverless-dummy-api: - image: andrewlock/ok-api:latest + image: andrewlock/ok-api:latest@sha256:ca0149fef76574b72116add387a1b395e3bafc56cb58b5e45b3c825f742e3911 ports: - "9005:9005" environment: diff --git a/docker-compose.yml b/docker-compose.yml index be0e1399d..4aa43260e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '3.4' services: # ARM64 dependencies localstack_arm64: - image: localstack/localstack + image: localstack/localstack@sha256:6cf30a8d29b54e6329d23a0dd6957f3142a21ce1767d58d8dd0bb7a35622db84 environment: - SERVICES=sns,sqs,kinesis,dynamodb,events - DEBUG=1 @@ -14,7 +14,7 @@ services: - "./artifacts/build_data/localstack:/tmp" elasticsearch7_arm64: - image: elasticsearch:7.10.1 + image: elasticsearch:7.10.1@sha256:7cd88158f6ac75d43b447fdd98c4eb69483fa7bf1be5616a85fe556262dc864a ports: - "9200" - "9300" @@ -23,13 +23,13 @@ services: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" mongo_arm64: - image: mongo:4.0.9 + image: mongo:4.0.9@sha256:515b7b4b3762c8f2b1b50b701c086de76356f45c2a2847a74990bf5915251704 ports: - "27017" command: mongod mysql_arm64: - image: mysql/mysql-server:8.0 + image: mysql/mysql-server:8.0@sha256:d6c8301b7834c5b9c2b733b10b7e630f441af7bc917c74dba379f24eeeb6a313 environment: - MYSQL_DATABASE=world - MYSQL_ROOT_PASSWORD=mysqldb @@ -39,7 +39,7 @@ services: - "3306" postgres_arm64: - image: postgres:10.5-alpine + image: postgres:10.5-alpine@sha256:295a08ddd9efa1612c46033f0b96c3976f80f49c7ce29e05916b0af557806117 environment: - POSTGRES_PASSWORD=postgres - POSTGRES_USER=postgres @@ -48,20 +48,20 @@ services: - "5432" rabbitmq_arm64: - image: rabbitmq:3-management + image: rabbitmq:3-management@sha256:3b65f271d3e6028ef7609dadbc36e41c2fc29f67ab62103099ae44792c8dbda8 command: rabbitmq-server ports: - "5672" - "15672" servicestackredis_arm64: - image: redis:4-alpine + image: redis:4-alpine@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20 command: redis-server --bind 0.0.0.0 ports: - "6379" sqledge_arm64: - image: mcr.microsoft.com/azure-sql-edge:latest + image: mcr.microsoft.com/azure-sql-edge:latest@sha256:902628a8be89e35dfb7895ca31d602974c7bafde4d583a0d0873844feb1c42cf ports: - "1433" environment: @@ -69,21 +69,21 @@ services: - SA_PASSWORD=Strong!Passw0rd stackexchangeredis_arm64: - image: redis:4-alpine + image: redis:4-alpine@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20 hostname: stackexchangeredis_arm64 command: redis-server --bind 0.0.0.0 ports: - "6379" stackexchangeredis_arm64-replica: - image: redis:4-alpine + image: redis:4-alpine@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20 hostname: stackexchangeredis_arm64-replica command: redis-server --bind 0.0.0.0 --slaveof stackexchangeredis_arm64 6379 ports: - "127.0.0.1:6390:6379" stackexchangeredis_arm64-single: - image: redis:4-alpine + image: redis:4-alpine@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20 hostname: stackexchangeredis_arm64-single command: redis-server --bind 0.0.0.0 ports: @@ -91,7 +91,7 @@ services: # Dependencies localstack: - image: localstack/localstack + image: localstack/localstack@sha256:6cf30a8d29b54e6329d23a0dd6957f3142a21ce1767d58d8dd0bb7a35622db84 environment: - SERVICES=sns,sqs,kinesis,dynamodb,events - DEBUG=1 @@ -105,58 +105,58 @@ services: aerospike: # pinning to a known good version because latest version (6.3.0.5 at time of issue) # causes 'Server memory error' and flake - image: aerospike/aerospike-server:6.2.0.6 + image: aerospike/aerospike-server:6.2.0.6@sha256:ec8959a17598dd1e2a254489c127f9cba2172a51272f0ba4cb26194028e28324 ports: - "127.0.0.1:3000:3000" rabbitmq: - image: rabbitmq:3-management + image: rabbitmq:3-management@sha256:3b65f271d3e6028ef7609dadbc36e41c2fc29f67ab62103099ae44792c8dbda8 command: rabbitmq-server ports: - "127.0.0.1:5672:5672" - "127.0.0.1:15672:15672" servicestackredis: - image: redis:4-alpine + image: redis:4-alpine@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20 command: redis-server --bind 0.0.0.0 ports: - "127.0.0.1:6379:6379" stackexchangeredis: - image: redis:4-alpine + image: redis:4-alpine@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20 hostname: stackexchangeredis command: redis-server --bind 0.0.0.0 ports: - "127.0.0.1:6389:6379" stackexchangeredis-replica: - image: redis:4-alpine + image: redis:4-alpine@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20 hostname: stackexchangeredis-replica command: redis-server --bind 0.0.0.0 --slaveof stackexchangeredis 6379 ports: - "127.0.0.1:6390:6379" stackexchangeredis-single: - image: redis:4-alpine + image: redis:4-alpine@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20 hostname: stackexchangeredis-single command: redis-server --bind 0.0.0.0 ports: - "127.0.0.1:6391:6379" mongo: - image: mongo:4.0.9 + image: mongo:4.0.9@sha256:515b7b4b3762c8f2b1b50b701c086de76356f45c2a2847a74990bf5915251704 ports: - "127.0.0.1:27017:27017" command: mongod couchbase: - image: bentonam/couchbase-docker:community-5.0.1 + image: bentonam/couchbase-docker:community-5.0.1@sha256:847440848c80b95d82b12c8834856a14b1bfde854bd03b6acd0f9d0ac3484c63 ports: - "8091-8094:8091-8094" - "11210:11210" elasticsearch7: - image: docker.elastic.co/elasticsearch/elasticsearch:7.14.1 + image: docker.elastic.co/elasticsearch/elasticsearch:7.14.1@sha256:2dcd2f31e246a8b13995ba24922da2edc3d88e65532ff301d0b92cb1be358af5 ports: - "127.0.0.1:9210:9200" - "127.0.0.1:9310:9300" @@ -165,7 +165,7 @@ services: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" elasticsearch6: - image: docker.elastic.co/elasticsearch/elasticsearch:6.4.2 + image: docker.elastic.co/elasticsearch/elasticsearch:6.4.2@sha256:3da16b2f3b1d4e151c44f1a54f4f29d8be64884a64504b24ebcbdb4e14c80aa1 ports: - "127.0.0.1:9200:9200" - "127.0.0.1:9300:9300" @@ -174,7 +174,7 @@ services: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" elasticsearch5: - image: docker.elastic.co/elasticsearch/elasticsearch:5.6.16 + image: docker.elastic.co/elasticsearch/elasticsearch:5.6.16@sha256:9ffbb6d9d0f383d70b8249117e5758dcf9c628a5ab3a78fd6a520ef1d0f416a2 ports: - "127.0.0.1:9205:9200" - "127.0.0.1:9305:9300" @@ -183,7 +183,7 @@ services: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" postgres: - image: postgres:10.5-alpine + image: postgres:10.5-alpine@sha256:295a08ddd9efa1612c46033f0b96c3976f80f49c7ce29e05916b0af557806117 environment: - POSTGRES_PASSWORD=postgres - POSTGRES_USER=postgres @@ -192,7 +192,7 @@ services: - "127.0.0.1:5432:5432" mysql: - image: mysql/mysql-server:8.0 + image: mysql/mysql-server:8.0@sha256:d6c8301b7834c5b9c2b733b10b7e630f441af7bc917c74dba379f24eeeb6a313 environment: - MYSQL_DATABASE=world - MYSQL_ROOT_PASSWORD=mysqldb @@ -202,7 +202,7 @@ services: - "127.0.0.1:3307:3306" mysql57: - image: mysql/mysql-server:5.7 + image: mysql/mysql-server:5.7@sha256:1178cdd375f758968cd834ac4057bae41307e64b7c69a9e145896e7b11f48064 environment: - MYSQL_DATABASE=world - MYSQL_ROOT_PASSWORD=mysqldb @@ -212,7 +212,7 @@ services: - "127.0.0.1:3407:3306" sqlserver: - image: mcr.microsoft.com/mssql/server:latest + image: mcr.microsoft.com/mssql/server:latest@sha256:b1395aa51b4ec39981883560f1379ea9eba2a1c0719bf8e6477902769316bb79 ports: - "127.0.0.1:1433:1433" environment: @@ -221,21 +221,21 @@ services: # this docker image doesn't work on arm64. It can still be tested on Mac using colima, see https://github.com/abiosoft/colima oracle: - image: container-registry.oracle.com/database/free:latest + image: container-registry.oracle.com/database/free:latest@sha256:cd2778b58358bb936015843d45fd277a199d055d5daae8a79b63f7b4073eeeb9 ports: - "127.0.0.1:1521:1521" environment: - ORACLE_PWD=testpassword wcfservice: - image: mcr.microsoft.com/dotnet/framework/wcf:4.8 + image: mcr.microsoft.com/dotnet/framework/wcf:4.8@sha256:59e2cdd15119a3aaff6a33e4a083c2dfc69da030aec553f52494eb7929b4ec6d ports: - "127.0.0.1:8585:8585" # See https://github.com/confluentinc/cp-all-in-one/blob/6.1.1-post/cp-all-in-one/docker-compose.yml # For original definitions kafka-zookeeper: - image: confluentinc/cp-zookeeper:6.1.1 + image: confluentinc/cp-zookeeper:6.1.1@sha256:a7c0a20dce46a705300cd464e511e9c70ac55ec7e62c024867470a19ce210563 hostname: kafka-zookeeper container_name: kafka-zookeeper ports: @@ -246,7 +246,7 @@ services: ZOOKEEPER_TICK_TIME: 2000 kafka-broker: - image: confluentinc/cp-server:6.1.1 + image: confluentinc/cp-server:6.1.1@sha256:4a1ff92bd03e361759ba339c97b4c4b7dbb52d7cea478dda22d034261a8991e4 hostname: kafka-broker container_name: kafka-broker depends_on: @@ -277,7 +277,7 @@ services: CONFLUENT_SUPPORT_CUSTOMER_ID: 'anonymous' kafka-schema-registry: - image: confluentinc/cp-schema-registry:6.1.1 + image: confluentinc/cp-schema-registry:6.1.1@sha256:d6c951b2157d015469f2968da678c84953b859d04a81efbf2fa39e6adec0693e hostname: kafka-schema-registry container_name: kafka-schema-registry depends_on: @@ -291,7 +291,7 @@ services: SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:8081 kafka-control-center: - image: confluentinc/cp-enterprise-control-center:6.1.1 + image: confluentinc/cp-enterprise-control-center:6.1.1@sha256:08657b278c96809aa16efb840e35b2334e1f15791e2e6d75c60cdb685a6e2140 hostname: kafka-control-center container_name: kafka-control-center depends_on: @@ -310,7 +310,7 @@ services: PORT: 9021 kafka-rest-proxy: - image: confluentinc/cp-kafka-rest:6.1.1 + image: confluentinc/cp-kafka-rest:6.1.1@sha256:0c973f3d02090a8e667382f52e8d68ccf6f9002db60ea97557113f221c1ed7eb depends_on: - kafka-broker - kafka-schema-registry @@ -326,7 +326,7 @@ services: KAFKA_REST_SCHEMA_REGISTRY_URL: 'http://kafka-schema-registry:8081' openldap: - image: osixia/openldap:latest + image: osixia/openldap:latest@sha256:3f68751292b43564a2586fc29fb7337573e2dad692b92d4e78e49ad5c22e567b ports: - "389:369" - "636:636" @@ -683,7 +683,7 @@ services: - IS_SSI_RUN StartDependencies: - image: andrewlock/wait-for-dependencies + image: andrewlock/wait-for-dependencies@sha256:5d87561de8c019c3954298f707c1f6d7087f620a1ce36c3ec38cdfbc1ec4066e depends_on: - aerospike - servicestackredis @@ -788,7 +788,7 @@ services: - localstack_arm64 StartDependencies.ARM64: - image: andrewlock/wait-for-dependencies + image: andrewlock/wait-for-dependencies@sha256:5d87561de8c019c3954298f707c1f6d7087f620a1ce36c3ec38cdfbc1ec4066e depends_on: - servicestackredis_arm64 - stackexchangeredis_arm64 @@ -854,7 +854,7 @@ services: - IS_SSI_RUN start-test-agent: - image: andrewlock/wait-for-dependencies + image: andrewlock/wait-for-dependencies@sha256:5d87561de8c019c3954298f707c1f6d7087f620a1ce36c3ec38cdfbc1ec4066e depends_on: - test-agent environment: @@ -862,7 +862,7 @@ services: command: test-agent:8126 test-agent: - image: ghcr.io/datadog/dd-apm-test-agent/ddapm-test-agent:latest + image: ghcr.io/datadog/dd-apm-test-agent/ddapm-test-agent:latest@sha256:a383a72dbbe99e723094e8b25c45eab4dfa9d3afc3cb58233d95953782c51ec8 volumes: - ./tracer/build/smoke_test_snapshots:/snapshots - ./artifacts/build_data/snapshots:/debug_snapshots @@ -1090,7 +1090,7 @@ services: - test-agent StartDependencies.OSXARM64: - image: andrewlock/wait-for-dependencies + image: andrewlock/wait-for-dependencies@sha256:5d87561de8c019c3954298f707c1f6d7087f620a1ce36c3ec38cdfbc1ec4066e depends_on: - servicestackredis_osx_arm64 - stackexchangeredis_osx_arm64 @@ -1110,7 +1110,7 @@ services: # OSX ARM64 dependencies localstack_osx_arm64: - image: localstack/localstack + image: localstack/localstack@sha256:6cf30a8d29b54e6329d23a0dd6957f3142a21ce1767d58d8dd0bb7a35622db84 environment: - SERVICES=sns,sqs,kinesis,dynamodb,events - DEBUG=1 @@ -1122,7 +1122,7 @@ services: - "./.localstack:/tmp" elasticsearch7_osx_arm64: - image: elasticsearch:7.10.1 + image: elasticsearch:7.10.1@sha256:7cd88158f6ac75d43b447fdd98c4eb69483fa7bf1be5616a85fe556262dc864a ports: - "9200:9200" - "9300:9300" @@ -1131,13 +1131,13 @@ services: - "ES_JAVA_OPTS=-Xms512m -Xmx512m" mongo_osx_arm64: - image: mongo:4.0.9 + image: mongo:4.0.9@sha256:515b7b4b3762c8f2b1b50b701c086de76356f45c2a2847a74990bf5915251704 ports: - "27017:27017" command: mongod mysql_osx_arm64: - image: mysql/mysql-server:8.0 + image: mysql/mysql-server:8.0@sha256:d6c8301b7834c5b9c2b733b10b7e630f441af7bc917c74dba379f24eeeb6a313 environment: - MYSQL_DATABASE=world - MYSQL_ROOT_PASSWORD=mysqldb @@ -1147,7 +1147,7 @@ services: - "3306:3306" postgres_osx_arm64: - image: postgres:10.5-alpine + image: postgres:10.5-alpine@sha256:295a08ddd9efa1612c46033f0b96c3976f80f49c7ce29e05916b0af557806117 environment: - POSTGRES_PASSWORD=postgres - POSTGRES_USER=postgres @@ -1156,41 +1156,41 @@ services: - "5432:5432" rabbitmq_osx_arm64: - image: rabbitmq:3-management + image: rabbitmq:3-management@sha256:3b65f271d3e6028ef7609dadbc36e41c2fc29f67ab62103099ae44792c8dbda8 command: rabbitmq-server ports: - "5672:5672" - "15672:15672" servicestackredis_osx_arm64: - image: redis:4-alpine + image: redis:4-alpine@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20 command: redis-server --bind 0.0.0.0 ports: - "6379:6379" stackexchangeredis_osx_arm64: - image: redis:4-alpine + image: redis:4-alpine@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20 hostname: stackexchangeredis_osx_arm64 command: redis-server --bind 0.0.0.0 ports: - "6392:6379" stackexchangeredis_osx_arm64-replica: - image: redis:4-alpine + image: redis:4-alpine@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20 hostname: stackexchangeredis_osx_arm64-replica command: redis-server --bind 0.0.0.0 --slaveof stackexchangeredis_osx_arm64 6379 ports: - "6390:6379" stackexchangeredis_osx_arm64-single: - image: redis:4-alpine + image: redis:4-alpine@sha256:aaf7c123077a5e45ab2328b5ef7e201b5720616efac498d55e65a7afbb96ae20 hostname: stackexchangeredis_osx_arm64-single command: redis-server --bind 0.0.0.0 ports: - "6391:6379" sqledge_osx_arm64: - image: mcr.microsoft.com/azure-sql-edge:latest + image: mcr.microsoft.com/azure-sql-edge:latest@sha256:902628a8be89e35dfb7895ca31d602974c7bafde4d583a0d0873844feb1c42cf ports: - "1433:1433" environment: diff --git a/tracer/build/_build/docker/alpine.build.arm64.dockerfile b/tracer/build/_build/docker/alpine.build.arm64.dockerfile index 5df37cb9b..2c85a3f50 100644 --- a/tracer/build/_build/docker/alpine.build.arm64.dockerfile +++ b/tracer/build/_build/docker/alpine.build.arm64.dockerfile @@ -1,6 +1,6 @@ -# syntax=docker/dockerfile:1.6 +# syntax=docker/dockerfile:1.6@sha256:ac85f380a63b13dfcefa89046420e1781752bab202122f8f50032edf31be0021 -FROM alpine:3.18 as base +FROM alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f as base RUN apk update \ && apk upgrade \ diff --git a/tracer/build/_build/docker/alpine.build.dockerfile b/tracer/build/_build/docker/alpine.build.dockerfile index 21255a669..515869559 100644 --- a/tracer/build/_build/docker/alpine.build.dockerfile +++ b/tracer/build/_build/docker/alpine.build.dockerfile @@ -1,6 +1,6 @@ -# syntax=docker/dockerfile:1.6 +# syntax=docker/dockerfile:1.6@sha256:ac85f380a63b13dfcefa89046420e1781752bab202122f8f50032edf31be0021 -FROM alpine:3.14 as base +FROM alpine:3.14@sha256:0f2d5c38dd7a4f4f733e688e3a6733cb5ab1ac6e3cb4603a5dd564e5bfb80eed as base RUN apk update \ && apk upgrade \ diff --git a/tracer/build/_build/docker/alpine.dockerfile b/tracer/build/_build/docker/alpine.dockerfile index 0214d12b5..f05d3a917 100644 --- a/tracer/build/_build/docker/alpine.dockerfile +++ b/tracer/build/_build/docker/alpine.dockerfile @@ -1,4 +1,4 @@ -FROM andrewlockdd/alpine-clang:1.0 as base +FROM andrewlockdd/alpine-clang:1.0@sha256:cb350dbbe9b9faac570357461e2db806c54f8535451829cf6827b5ab0c2d2d53 as base ARG DOTNETSDK_VERSION ENV \ diff --git a/tracer/build/_build/docker/centos7.build.dockerfile b/tracer/build/_build/docker/centos7.build.dockerfile index cfc155a50..7ed4b7e2b 100644 --- a/tracer/build/_build/docker/centos7.build.dockerfile +++ b/tracer/build/_build/docker/centos7.build.dockerfile @@ -1,6 +1,6 @@ -# syntax=docker/dockerfile:1.6 +# syntax=docker/dockerfile:1.6@sha256:ac85f380a63b13dfcefa89046420e1781752bab202122f8f50032edf31be0021 -FROM centos:7 as base +FROM centos:7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4 as base # replace the centos repository with vault.centos.org because they shut down the original RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo \ diff --git a/tracer/build/_build/docker/centos7.dockerfile b/tracer/build/_build/docker/centos7.dockerfile index f7b80d79a..c87fd075d 100644 --- a/tracer/build/_build/docker/centos7.dockerfile +++ b/tracer/build/_build/docker/centos7.dockerfile @@ -1,4 +1,4 @@ -FROM gleocadie/centos7-clang16 as base +FROM gleocadie/centos7-clang16@sha256:0d654543a9bdbdcf55e9c1a05ee2da1ac5355aaca07727f82171b03b3ab76998 as base ARG DOTNETSDK_VERSION diff --git a/tracer/build/_build/docker/debian.dockerfile b/tracer/build/_build/docker/debian.dockerfile index c97b00c7c..0cef02cbd 100644 --- a/tracer/build/_build/docker/debian.dockerfile +++ b/tracer/build/_build/docker/debian.dockerfile @@ -1,5 +1,5 @@ # We used a fixed, older version of debian for linking reasons -FROM mcr.microsoft.com/dotnet/runtime-deps:5.0-buster-slim as base +FROM mcr.microsoft.com/dotnet/runtime-deps:5.0-buster-slim@sha256:e69543c230fbf59e049ce9eb6ef2cd57f0da09a5d0b849130344c27e363e7f41 as base ARG DOTNETSDK_VERSION # Based on https://github.com/dotnet/dotnet-docker/blob/34c81d5f9c8d56b36cc89da61702ccecbf00f249/src/sdk/6.0/bullseye-slim/amd64/Dockerfile diff --git a/tracer/build/_build/docker/gitlab/gitlab.windows.dockerfile b/tracer/build/_build/docker/gitlab/gitlab.windows.dockerfile index 10cc016c3..7f3437e49 100644 --- a/tracer/build/_build/docker/gitlab/gitlab.windows.dockerfile +++ b/tracer/build/_build/docker/gitlab/gitlab.windows.dockerfile @@ -3,7 +3,7 @@ # docker build -f gitlab.windows.dockerfile --tag datadog/dd-trace-dotnet-docker-build:latest . # docker push datadog/dd-trace-dotnet-docker-build:latest -ARG BASE_IMAGE=mcr.microsoft.com/dotnet/framework/runtime:4.8-windowsservercore-ltsc2019 +ARG BASE_IMAGE=mcr.microsoft.com/dotnet/framework/runtime:4.8-windowsservercore-ltsc2019@sha256:82ad6502a2c49275bfe1670a37a6eeb298d06e31e75fd41531ddfca22bb0c25a FROM ${BASE_IMAGE} SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] diff --git a/tracer/build/_build/docker/iis.dockerfile b/tracer/build/_build/docker/iis.dockerfile index f3a33c711..e98aa1522 100644 --- a/tracer/build/_build/docker/iis.dockerfile +++ b/tracer/build/_build/docker/iis.dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8-windowsservercore-ltsc2022 +FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8-windowsservercore-ltsc2022@sha256:ec04e733695f49a0dc9132184f6b06704866b34f422004093c1972512c86259e SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] # Copy IIS websites diff --git a/tracer/build/_build/docker/system-tests.dockerfile b/tracer/build/_build/docker/system-tests.dockerfile index 2be7a4d19..048331b9d 100644 --- a/tracer/build/_build/docker/system-tests.dockerfile +++ b/tracer/build/_build/docker/system-tests.dockerfile @@ -1,4 +1,4 @@ -FROM busybox as collect +FROM busybox@sha256:2f590fc602ce325cbff2ccfc39499014d039546dc400ef8bbf5c6ffb860632e7 as collect ARG LINUX_AMD64_PACKAGE ARG LINUX_ARM64_PACKAGE ARG LIBRARY_VERSION diff --git a/tracer/build/_build/docker/test-agent.windows.dockerfile b/tracer/build/_build/docker/test-agent.windows.dockerfile index eb5cad882..a2d10c58b 100644 --- a/tracer/build/_build/docker/test-agent.windows.dockerfile +++ b/tracer/build/_build/docker/test-agent.windows.dockerfile @@ -1,4 +1,4 @@ -FROM python:3.10.5-windowsservercore-ltsc2022 +FROM python:3.10.5-windowsservercore-ltsc2022@sha256:cf357e769124547c6f1a44e291d98c5b55528bf9aaac62909135840e6e220869 WORKDIR / diff --git a/tracer/build/_build/docker/universal.dockerfile b/tracer/build/_build/docker/universal.dockerfile index 899dd8642..cf31b95ea 100644 --- a/tracer/build/_build/docker/universal.dockerfile +++ b/tracer/build/_build/docker/universal.dockerfile @@ -1,4 +1,4 @@ -FROM datadog/libddwaf:toolchain as base +FROM datadog/libddwaf:toolchain@sha256:dce2db6683e462e9ac170027f4121e8eb532e60ef503b85fbe1ac592a3de2b4f as base ARG DOTNETSDK_VERSION diff --git a/tracer/build/_build/docker/wait-for-dependencies-windows.dockerfile b/tracer/build/_build/docker/wait-for-dependencies-windows.dockerfile index 377aff1af..886bcd452 100644 --- a/tracer/build/_build/docker/wait-for-dependencies-windows.dockerfile +++ b/tracer/build/_build/docker/wait-for-dependencies-windows.dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/windows/servercore:ltsc2022-amd64 +FROM mcr.microsoft.com/windows/servercore:ltsc2022-amd64@sha256:3cb78c3597cfba529128d6c5f3e0edfb5547aa9075f1ba6759d4f86a869324e5 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] WORKDIR /app diff --git a/tracer/tools/Samples.Transport.UnixDomainSocket/Dockerfile b/tracer/tools/Samples.Transport.UnixDomainSocket/Dockerfile index 8138c469f..21d63faaf 100644 --- a/tracer/tools/Samples.Transport.UnixDomainSocket/Dockerfile +++ b/tracer/tools/Samples.Transport.UnixDomainSocket/Dockerfile @@ -1,5 +1,5 @@ #See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging. -FROM mcr.microsoft.com/dotnet/aspnet:3.1 AS appbase +FROM mcr.microsoft.com/dotnet/aspnet:3.1@sha256:31740421c9c67f0cb99f31b16ae3d2fab4e2b5443ffb605a700e6e4a7369ad09 AS appbase ARG DD_API_KEY ENV DD_API_KEY=$DD_API_KEY @@ -7,7 +7,7 @@ EXPOSE 80 EXPOSE 443 WORKDIR /app -FROM mcr.microsoft.com/dotnet/runtime-deps:5.0-buster-slim as builder +FROM mcr.microsoft.com/dotnet/runtime-deps:5.0-buster-slim@sha256:e69543c230fbf59e049ce9eb6ef2cd57f0da09a5d0b849130344c27e363e7f41 as builder ARG DOTNETSDK_VERSION=6.0.100 ENV DOTNETSDK_VERSION=$DOTNETSDK_VERSION