docs: Add note to pin Docker image by its digest for enhanced security

2025-07-06 22:00:40 +08:00 · 2024-07-16 18:17:01 +09:00
parent 05f3fa5ebc
commit 80bbe23ad5
1 changed files with 10 additions and 0 deletions
--- a/docs/docs/installation/github.md
+++ b/docs/docs/installation/github.md
@ -38,6 +38,16 @@ if you want to pin your action to a specific release (v0.23 for example) for sta
 ...
 ```

+For enhanced security, you can also specify the Docker image by its digest:
+```yaml
+...
+    steps:
+      - name: PR Agent action step
+        id: pragent
+        uses: docker://codiumai/pr-agent@sha256:14165e525678ace7d9b51cda8652c2d74abb4e1d76b57c4a6ccaeba84663cc64
+...
+```
+
 2) Add the following secret to your repository under `Settings > Secrets and variables > Actions > New repository secret > Add secret`:

 ```