From 96f448a985d47e6377c97b674dd30da24faeb5da Mon Sep 17 00:00:00 2001
From: tfurmston <tfurmston@googlemail.com>
Date: Mon, 14 Aug 2023 20:59:28 +0100
Subject: [PATCH 1/2] upgrade github actions used in dockerimage action

---
 .github/workflows/dockerimage.yml | 40 ++++++++++++++++++++++---------
 1 file changed, 29 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml
index 9c8e446b..cd41ce78 100644
--- a/.github/workflows/dockerimage.yml
+++ b/.github/workflows/dockerimage.yml
@@ -2,22 +2,40 @@ name: Docker Image CI
 
 on:
   release:
-    branches: [ master ]    
+    branches: [ master ]
 
 jobs:
-
   build:
-
     runs-on: ubuntu-latest
-
     steps:
-      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
-      - uses: docker/build-push-action@3e7a4f6646880c6f63758d73ac32392d323eaf8f # v1.1.2
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            netflixoss/metaflow_metadata_service
+          tags: |
+            type=semver,pattern={{raw}}
+            type=sha
+            type=raw,value=latest
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKER_USERNAME_NETFLIX_OSS }}
           password: ${{ secrets.DOCKER_AUTH_TOKEN_NETFLIX_OSS }}
-          repository: netflixoss/metaflow_metadata_service
-          tag_with_ref: true
-          tag_with_sha: true
-          tags: "latest"
-          dockerfile: ${{ github.workspace }}/Dockerfile
+      -
+        name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

From bcb2ca1b8d05820d105320955cb9ded7cdaf5e83 Mon Sep 17 00:00:00 2001
From: tfurmston <tfurmston@googlemail.com>
Date: Tue, 29 Aug 2023 06:51:11 -0400
Subject: [PATCH 2/2] remove setup-buildx-action and pin to hashes.

---
 .github/workflows/dockerimage.yml | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml
index cd41ce78..523d311b 100644
--- a/.github/workflows/dockerimage.yml
+++ b/.github/workflows/dockerimage.yml
@@ -10,11 +10,11 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0
         with:
           images: |
             netflixoss/metaflow_metadata_service
@@ -22,18 +22,15 @@ jobs:
             type=semver,pattern={{raw}}
             type=sha
             type=raw,value=latest
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
       -
         name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
         with:
           username: ${{ secrets.DOCKER_USERNAME_NETFLIX_OSS }}
           password: ${{ secrets.DOCKER_AUTH_TOKEN_NETFLIX_OSS }}
       -
-        name: Build and push
-        uses: docker/build-push-action@v4
+        name: Build and push # We have a single-platform build, so use of setup-buildx-action is currently omitted.
+        uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
         with:
           context: .
           push: true