Go back to referencing by SHA

It appears that it is legal to reference the docker image using both its tag and its SHA, but the tag is totally ignored in that case. Since there is no error checking that the tag matches the SHA, it seems better to just use the SHA and rely on a comment to document which tag this corresponds to.
gmlueck · Jul 1, 2024 · fc92027 · fc92027
1 parent 783d815
commit fc92027
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -26,9 +26,10 @@ jobs:
     runs-on: ubuntu-latest
 
     # Use the Khronos container with the asciidoctor toolchain preinstalled.  We
-    # reference the image by both its SHA and its tag because they sometimes
-    # overwrite a tag with a different image (which has a different SHA).
-    container: khronosgroup/docker-images:asciidoctor-spec.20240630@sha256:bd30a83285a2ea062598f053b5bd8ebc843e16c639c0e4cd88ab4bbb4e63ead3
+    # reference the image its SHA rather than its tag because they sometimes
+    # overwrite a tag with a different image (which has a different SHA).  This
+    # SHA corresponds to tag "asciidoctor-spec.20240630".
+    container: khronosgroup/docker-images@sha256:bd30a83285a2ea062598f053b5bd8ebc843e16c639c0e4cd88ab4bbb4e63ead3
 
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it