github/openclaw
1
1
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-02-19 18:39:20 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
openclaw/scripts
History
Coy Geek 8ae2d5110f fix(docker): pin base images to SHA256 digests (#7734) 
* fix(docker): pin base images to SHA256 digests for supply chain security

Pin all 9 Dockerfiles to immutable SHA256 digests to prevent supply chain
attacks where a compromised upstream image could be silently pulled into
production builds.

Also add Docker ecosystem to Dependabot configuration for automated
digest updates.

Images pinned:
- node:22-bookworm@sha256:cd7bcd2e7a1e6f72052feb023c7f6b722205d3fcab7bbcbd2d1bfdab10b1e935
- node:22-bookworm-slim@sha256:3cfe526ec8dd62013b8843e8e5d4877e297b886e5aace4a59fec25dc20736e45
- debian:bookworm-slim@sha256:98f4b71de414932439ac6ac690d7060df1f27161073c5036a7553723881bffbe
- ubuntu:24.04@sha256:cd1dba651b3080c3686ecf4e3c4220f026b521fb76978881737d24f200828b2b

Fixes #7731

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* test(docker): add digest pinning regression coverage

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-19 12:42:07 -08:00
..
dev
refactor: dedupe shared helpers across ui/gateway/extensions
2026-02-15 03:34:14 +00:00
docker
fix(docker): pin base images to SHA256 digests (#7734)
2026-02-19 12:42:07 -08:00
docs-i18n
chore(security): bump qs and golang.org/x/net
2026-02-14 21:22:46 +01:00
e2e
fix(docker): pin base images to SHA256 digests (#7734)
2026-02-19 12:42:07 -08:00
podman
feat(podman): add optional Podman setup and documentation (#16273)
2026-02-14 17:39:06 +01:00
pre-commit
refactor: centralize pre-commit file filtering
2026-02-16 03:42:11 +01:00
repro
fix: run cli scripts via node build runner
2026-01-18 18:43:39 +00:00
shell-helpers
fix(clawdock): include docker-compose.extra.yml in helper commands (#17094)
2026-02-19 03:40:47 -08:00
systemd
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
auth-monitor.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
bench-model.ts
chore: apply local workspace updates (#9911)
2026-02-05 16:54:44 -05:00
build_icon.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
build-and-run-mac.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
build-docs-list.mjs
chore: Enable linting in scripts.
2026-01-31 21:29:14 +09:00
bundle-a2ui.sh
Docker: include A2UI sources for bundle (#13114)
2026-02-09 22:44:59 -06:00
canvas-a2ui-copy.ts
chore: Also format scripts and skills.
2026-01-31 21:21:25 +09:00
changelog-to-html.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
check-composite-action-input-interpolation.py
ci: harden workflow action input handling
2026-02-19 15:27:48 +01:00
check-ts-max-loc.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
claude-auth-status.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
clawlog.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
clawtributors-map.json
🤖 Feishu: expand channel support
2026-02-05 12:29:04 -08:00
codesign-mac-app.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
committer
chore: block node_modules commits
2026-01-18 22:28:59 +00:00
copy-export-html-templates.ts
refactor: bundle export-html templates instead of reading from node_modules
2026-02-17 00:00:57 +01:00
copy-hook-metadata.ts
fix: all bundled hooks broken since 2026.2.2 (tsdown migration) (#9295)
2026-02-09 11:35:47 +09:00
create-dmg.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
cron_usage_report.ts
fix(ci): restore main lint/typecheck after direct merges
2026-02-16 23:26:11 +00:00
debug-claude-usage.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
docs-link-audit.mjs
fix: docs broken links and improve link checker (#13056)
2026-02-09 18:45:06 -08:00
docs-list.js
chore: Enable linting in scripts.
2026-01-31 21:29:14 +09:00
firecrawl-compare.ts
chore: Enable linting in scripts.
2026-01-31 21:29:14 +09:00
ios-configure-signing.sh
fix(ios): auto-generate local signing overrides (#20716)
2026-02-19 15:48:46 +08:00
ios-team-id.sh
feat(ios): auto-select local signing team (#18421)
2026-02-18 03:16:10 +08:00
label-open-issues.ts
Scripts: add issue labeler state + PR support
2026-02-12 15:28:12 -06:00
make_appcast.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
mobile-reauth.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
notarize-mac-artifact.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
package-mac-app.sh
fix: Fix Mac app build step.
2026-02-03 22:14:11 +09:00
package-mac-dist.sh
chore: add mac dSYM zip to release artifacts
2026-02-03 17:15:02 -08:00
pr
chore: polish PR review skills
2026-02-18 22:24:41 -05:00
pr-merge
chore: fix root_dir resolution/stale scripts during PR review
2026-02-13 15:09:39 -05:00
pr-prepare
chore: fix root_dir resolution/stale scripts during PR review
2026-02-13 15:09:39 -05:00
pr-review
chore: fix root_dir resolution/stale scripts during PR review
2026-02-13 15:09:39 -05:00
protocol-gen-swift.ts
fix(whatsapp): allow media-only sends and normalize leading blank payloads (#14408)
2026-02-11 23:21:21 -06:00
protocol-gen.ts
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
readability-basic-compare.ts
chore: Enable linting in scripts.
2026-01-31 21:29:14 +09:00
recover-orphaned-processes.sh
fix: reset stale execution state after SIGUSR1 in-process restart (#15195)
2026-02-13 15:30:09 -05:00
release-check.ts
fix(docker): support .mjs entrypoints in images and e2e
2026-02-07 00:22:34 -08:00
restart-mac.sh
Switch from TypeScript to TypeScript Go. Use pnpm tsgo for Typechecks.
2026-01-31 15:33:15 +09:00
run-node.d.mts
chore: Fix types in tests 33/N.
2026-02-17 15:50:07 +09:00
run-node.mjs
fix(gateway): remove watch-mode build/start race (#18782)
2026-02-17 11:24:08 +09:00
run-openclaw-podman.sh
fix(podman): bootstrap config and token
2026-02-14 18:07:05 +01:00
sandbox-browser-entrypoint.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
sandbox-browser-setup.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
sandbox-common-setup.sh
refactor(sandbox): add sandbox-common dockerfile
2026-02-15 00:57:13 +01:00
sandbox-setup.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
setup-auth-system.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
sqlite-vec-smoke.mjs
chore: Also format scripts and skills.
2026-01-31 21:21:25 +09:00
sync-labels.ts
CI: add PR size autolabel workflow (#14410)
2026-02-11 21:12:27 -06:00
sync-moonshot-docs.ts
Docs: fix Moonshot sync markers (#6789)
2026-02-02 03:38:14 +01:00
sync-plugin-versions.ts
chore: Enable linting in scripts.
2026-01-31 21:29:14 +09:00
termux-auth-widget.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
termux-quick-auth.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
termux-sync-widget.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
test-cleanup-docker.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
test-force.ts
chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts.
2026-02-01 10:03:47 +09:00
test-install-sh-docker.sh
fix(ci): force npm install path in smoke docker tests
2026-02-18 03:25:14 +00:00
test-install-sh-e2e-docker.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
test-live-gateway-models-docker.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
test-live-models-docker.sh
refactor: rename to openclaw
2026-01-30 03:16:21 +01:00
test-parallel.mjs
test: rebalance isolated unit test lane
2026-02-16 05:22:00 +00:00
test-shell-completion.ts
style: align formatting with oxfmt 0.33
2026-02-18 01:34:35 +00:00
ui.js
fix(scripts): harden Windows UI spawn behavior
2026-02-16 20:49:09 -05:00
update-clawtributors.ts
fix(scripts): harden clawtributors updater
2026-02-14 23:25:32 +01:00
update-clawtributors.types.ts
feat: add prek pre-commit hooks and dependabot (#1720)
2026-01-25 10:53:23 +00:00
vitest-slowest.mjs
perf(test): add vitest slowest report artifact
2026-02-12 17:16:42 +00:00
watch-node.d.mts
chore: Fix types in tests 33/N.
2026-02-17 15:50:07 +09:00
watch-node.mjs
fix(gateway): remove watch-mode build/start race (#18782)
2026-02-17 11:24:08 +09:00
write-build-info.ts
chore: Enable linting in scripts.
2026-01-31 21:29:14 +09:00
write-cli-compat.ts
fix (cli): harden daemon compat shim for minimal bundle exports
2026-02-14 20:53:32 -08:00
write-plugin-sdk-entry-dts.ts
fix(slack): download all files in multi-image messages (#15447)
2026-02-14 14:16:02 +01:00
zai-fallback-repro.ts
chore: apply local workspace updates (#9911)
2026-02-05 16:54:44 -05:00