{"id":20148209,"url":"https://github.com/chainguard-dev/digestabot","last_synced_at":"2025-07-30T02:09:51.704Z","repository":{"id":209623908,"uuid":"715324491","full_name":"chainguard-dev/digestabot","owner":"chainguard-dev","description":"Github Action to automatically update digests for container images.","archived":false,"fork":false,"pushed_at":"2025-05-16T00:54:09.000Z","size":69,"stargazers_count":58,"open_issues_count":9,"forks_count":13,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-05-16T01:29:07.180Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chainguard-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-11-06T23:06:52.000Z","updated_at":"2025-04-25T12:13:46.000Z","dependencies_parsed_at":"2023-11-28T11:24:36.060Z","dependency_job_id":"fa793ac5-3dd8-4dc8-97cc-ae7a0004df48","html_url":"https://github.com/chainguard-dev/digestabot","commit_stats":null,"previous_names":["chainguard-dev/digestabot"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/chainguard-dev/digestabot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fdigestabot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fdigestabot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fdigestabot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fdigestabot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chainguard-dev","download_url":"https://codeload.github.com/chainguard-dev/digestabot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fdigestabot/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267797588,"owners_count":24145707,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-30T02:00:09.044Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T22:35:23.622Z","updated_at":"2025-07-30T02:09:51.683Z","avatar_url":"https://github.com/chainguard-dev.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Image Digest Update (digestabot)\n\nThis action updates a image digest when using the tag+digest pattern.\nIf the tag is mutable it will have a new digest when the tag is updated.\nIf there is a change in the digest this action will update to the latest digest\nand open a PR.\n\nGiven an image in the format `\u003crepo\u003e:\u003ctag\u003e@sha256:\u003cdigest\u003e`\ne.g. `cgr.dev/chainguard/nginx:latest@sha256:81bed54c9e507503766c0f8f030f869705dae486f37c2a003bb5b12bcfcc713f`, digesta-bot\nwill look up the digest of the tag on the registry and,\nif it doesn't match, open a PR to update it.\nThis can be used to keep tags up-to-date whilst maintaining a reproducible build and providing an opportunity to test updates.\n\n## Usage\n\nBasic usage:\n\n```yaml\n    - uses: chainguard-dev/digestabot@v1.0.2\n        with:\n          token: ${{ secrets.GITHUB_TOKEN }}\n```\n\n## Scenarios\n\nAlso you will need to enable the setting to allow GitHub Actions to create Pull Requests if you are not using a PAT Token\n\n```\nsettings -\u003e actions -\u003e Allow GitHub Actions to create and approve pull requests\n```\n\n```yaml\nname: Image digest update\n\non:\n  workflow_dispatch:\n  schedule:\n    # At the end of every day\n    - cron: \"0 0 * * *\"\n\njobs:\n  image-update:\n    name: Image digest update\n    runs-on: ubuntu-latest\n\n    permissions:\n      contents: write # to push the updates\n      pull-requests: write # to open Pull requests\n      id-token: write # used to sign the commits using gitsign\n\n    steps:\n    - uses: actions/checkout@v4\n    - uses: chainguard-dev/digestabot@v1.0.2\n      with:\n        token: ${{ secrets.GITHUB_TOKEN }}\n        signoff: true # optional\n        author: ${{ github.actor }} \u003c${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com\u003e # optional\n        committer: github-actions[bot] \u003c41898282+github-actions[bot]@users.noreply.github.com\u003e # optional\n        labels-for-pr: automated pr, kind/cleanup, release-note-none # optional\n        branch-for-pr: update-digests # optional\n        title-for-pr: Update images digests # optional\n        description-for-pr: Update images digests # optional\n        commit-message: Update images digests # optional\n```\n\nThe `json` output describes the updates that `digestabot` has made and makes it\npossible to extend the functionality of the action and act on the updates in\nsubsequent steps.\n\nThe schema of the output is described in [`action.yml`](action.yml).\n\n```yaml\n    # Run digestabot\n    - uses: chainguard-dev/digestabot@v1\n      id: digestabot\n      with:\n        token: ${{ secrets.GITHUB_TOKEN }}\n\n    # Iterate over the updates in the `json` output\n    - shell: bash\n      run: |\n        while read -r update; do\n          updated_image=$(jq -r '.image + \"@\" + .updated_digest' \u003c\u003c\u003c\"${update}\")\n\n          echo \"Do something with ${updated_image} here.\"\n        done \u003c \u003c(jq -c '.updates // [] | .[]' \u003c\u003c\u003c'${{ steps.digestabot.outputs.json }}')\n```\n\n## File examples\n\nHere are some examples of files that digestabot can update:\n\n- `.ko.yaml`:\n\n```yaml\ndefaultBaseImage: cgr.dev/chainguard/kubectl:latest-dev@sha256:d5f340d044438351413d6cb110f6f8a2abc45a7149aa53e6ade719f069fc3b0a\n```\n\n- any Kubernetes manifest with an image field e.g: Job:\n\n```yaml\napiVersion: batch/v1\nkind: Job\nmetadata:\n  namespace: default\n  name: myjob\nspec:\n  template:\n    spec:\n      restartPolicy: Never\n      initContainers:\n      - image: cgr.dev/chainguard/cosign:latest-dev@sha256:09653ac03c1ac1502c3e3a8831ee79252414e4d659b423b71fb7ed8b097e9c88\n...\n```\n\n- Dockerfile:\n\n```\nFROM cgr.dev/chainguard/busybox:latest@sha256:257157f6c6aa88dd934dcf6c2f140e42c2653207302788c0ed3bebb91c5311e1\n```\n\n- Kustomizations:\n\n```\napiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nresources:\n  - \"https://github.com/cert-manager/cert-manager/releases/download/v1.11.1/cert-manager.yaml\"\npatchesJSON6902:\n  - target:\n      group: apps\n      version: v1\n      kind: Deployment\n      name: cert-manager\n    patch: |-\n      - op: replace\n        path: /spec/template/spec/containers/0/image\n        value: cgr.dev/chainguard/cert-manager-controller:1.11.1@sha256:819a8714fc52fe3ecf3d046ba142e02ce2a95d1431b7047b358d23df6759de6c\n...\n```\n\n## Inputs / Outputs\n\n\u003c!-- begin automated updates do not change --\u003e\n### Inputs\n\n| Name | Description | Default |\n|------|-------------|--------|\n| `working-dir` | Working directory to run the digestabot, to run in a specific path, if not set will run from the root  | `.` |\n| `token` | GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)  | `${{ github.token }}` |\n| `signoff` | Add `Signed-off-by` line by the committer at the end of the commit log message.  | `false` |\n| `author` | The author name and email address in the format `Display Name \u003cemail@address.com\u003e`. Defaults to the user who triggered the workflow run.  | `${{ github.actor }} \u003c${{ github.actor_id }}+${{...` |\n| `committer` | The committer name and email address in the format `Display Name \u003cemail@address.com\u003e`. Defaults to the GitHub Actions bot user.  | `github-actions[bot] \u003c41898282+github-actions[bo...` |\n| `labels-for-pr` | A comma or newline separated list of labels to be used in the pull request.  | `automated pr, kind/cleanup, release-note-none` |\n| `branch-for-pr` | The pull request branch name.  | `update-digests` |\n| `title-for-pr` | The title of the pull request.  | `Update images digests` |\n| `description-for-pr` | The description of the pull request.  | `Update images digests ...` |\n| `commit-message` | The message to use when committing changes.  | `Update images digests` |\n| `create-pr` | Create a PR or just keep the changes locally.  | `true` |\n| `use-gitsign` | Use gitsign to sign commits.  | `true` |\n\n### Outputs\n\n| Name | Description |\n|------|-------------|\n| `pull_request_number` | Pull Request Number  |\n| `json` | The changes made by this action, in JSON format. Contains information about updated files, images, and digests. |\n\n\u003e **Note:** For complete details on inputs and outputs, please refer to the [action.yml](./action.yml) file.\n\u003c!-- end automated updates do not change --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainguard-dev%2Fdigestabot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchainguard-dev%2Fdigestabot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainguard-dev%2Fdigestabot/lists"}