{"id":21816581,"url":"https://github.com/5monkeys/docker-image-context-hash-action","last_synced_at":"2025-10-05T09:57:27.599Z","repository":{"id":65157360,"uuid":"526564323","full_name":"5monkeys/docker-image-context-hash-action","owner":"5monkeys","description":"Calculate a hash from the maximal Docker image context.","archived":false,"fork":false,"pushed_at":"2024-12-20T09:34:10.000Z","size":466,"stargazers_count":3,"open_issues_count":5,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-05-01T10:39:10.011Z","etag":null,"topics":["context","docker","docker-image","github-action","hash"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace/actions/docker-image-context-hash","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/5monkeys.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-08-19T10:34:56.000Z","updated_at":"2024-09-09T10:01:50.000Z","dependencies_parsed_at":"2024-09-09T11:42:03.454Z","dependency_job_id":"3a5baa03-57e6-436a-8407-495f08a3591e","html_url":"https://github.com/5monkeys/docker-image-context-hash-action","commit_stats":{"total_commits":9,"total_committers":2,"mean_commits":4.5,"dds":"0.11111111111111116","last_synced_commit":"ee6ac48fd3507dc3f6481416dea263317b6b23e5"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/5monkeys/docker-image-context-hash-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5monkeys%2Fdocker-image-context-hash-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5monkeys%2Fdocker-image-context-hash-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5monkeys%2Fdocker-image-context-hash-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5monkeys%2Fdocker-image-context-hash-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/5monkeys","download_url":"https://codeload.github.com/5monkeys/docker-image-context-hash-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5monkeys%2Fdocker-image-context-hash-action/sbom","scorecard":{"id":5197,"data":{"date":"2025-08-11","repo":{"name":"github.com/5monkeys/docker-image-context-hash-action","commit":"047fc62f166a3a09b6d127bc19441eaf07789cdd"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/1 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/validate.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/5monkeys/docker-image-context-hash-action/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/5monkeys/docker-image-context-hash-action/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/5monkeys/docker-image-context-hash-action/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/5monkeys/docker-image-context-hash-action/validate.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/5monkeys/docker-image-context-hash-action/validate.yml/main?enable=pin","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"12 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq","Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3","Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672","Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T13:23:35.613Z","repository_id":65157360,"created_at":"2025-08-14T13:23:35.613Z","updated_at":"2025-08-14T13:23:35.613Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278437950,"owners_count":25986760,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-05T02:00:06.059Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["context","docker","docker-image","github-action","hash"],"created_at":"2024-11-27T15:35:21.062Z","updated_at":"2025-10-05T09:57:27.576Z","avatar_url":"https://github.com/5monkeys.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![GitHub release](https://img.shields.io/github/release/5monkeys/docker-image-context-hash-action.svg?style=flat-square)](https://github.com/5monkeys/docker-image-context-hash-action/releases/latest)\n[![GitHub marketplace](https://img.shields.io/badge/marketplace-docker_image_context_hash-blue?style=flat-square\u0026logo=github)](https://github.com/marketplace/actions/docker-image-context-hash)\n[![CI workflow](https://img.shields.io/github/actions/workflow/status/5monkeys/docker-image-context-hash-action/ci.yml?branch=main\u0026label=ci\u0026logo=github\u0026style=flat-square)](https://github.com/5monkeys/docker-image-context-hash-action/actions?workflow=ci)\n\n## About\n\nThis GitHub Action calculates a hash from the _maximal_ Docker image context. Which can\nbe useful to get a reproducible value for an arbitrary Git\n[tree-ish object](https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-aiddeftree-ishatree-ishalsotreeish).\n\nHash inputs are taken from [git ls-tree](https://git-scm.com/docs/git-ls-tree). Which\nmeans that when any object name or path that is part of the Docker image context\nchanges, the calculated hash changes.\n\nThis could be leveraged to e.g.\n\n- Push docker images with tags that can be found in different contexts, across the Git\n  repository as a whole. For example: a release workflow could find an image built by a\n  test workflow.\n- Skip unnecessary image builds if there has been no changes to any files included in\n  the maximal Docker image context.\n\nWhile using e.g. a Git commit hash could work correspondingly it is more sensitive. For\nexample: if contents of a Docker image context hasn't changed between 2 commits, the\nhash calculation produces identical output.\n\nNote that `docker-image-context-hash-action` does _not_ calculate the hash of the\n_actual_ Docker image context.\n\n---\n\n## Inputs\n\n- `build_context`: (optional) The path to the Docker image context. Defaults to the\n  current working directory.\n\n- `extra_tree_objects`: (optional) Additional Git tree objects, outside of the Docker\n  image context, that should also be included when calculating the hash.\n\n## Outputs\n\n`hash`: The hash of the Docker image context.\n\n## Usage\n\n```yaml\non:\n  pull_request:\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout code\n        uses: actions/checkout@v4\n\n      - name: Calculate Docker image context hash\n        id: context-hash\n        uses: 5monkeys/docker-image-context-hash-action@main\n        with:\n          extra_tree_objects: |\n            .dockerignore\n            Dockerfile\n\n      - name: Build and push Docker image\n        uses: docker/build-push-action@v5.1.0\n        with:\n          context: .\n          push: true\n          tags: your-image:${{ steps.context-hash.outputs.hash }}\n```\n\nIn this example, the `docker-image-context-hash-action` is used to calculate the hash\nof the current path as Docker image context, and the resulting hash is used as part\nof the Docker image tag when building and pushing the image.\n\nThe files `.dockerignore` and `Dockerfile` are added as extra Git tree objects since\nthey are implicitly excluded from the image context by Docker. Having them as extra Git\ntree objects results in tracking changes to them identically to files included in the\nimage context.\n\nNote that the [docker/build-push-action](https://github.com/docker/build-push-action) is\nused in the example to build and push the Docker image, but this can be replaced with\nany other action or script that builds and pushes Docker images.\n\n## Development\n\n- Install deps: `npm ci`\n- Run tests: `npm run test`\n- Run lint: `npm run lint`\n- Package application: `npm run package`. Remember to run this before committing anything.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F5monkeys%2Fdocker-image-context-hash-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F5monkeys%2Fdocker-image-context-hash-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F5monkeys%2Fdocker-image-context-hash-action/lists"}