From bac413d3c06eb47dd4801a17affcad7b660da41b Mon Sep 17 00:00:00 2001
From: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
Date: Sun, 10 Oct 2021 19:18:58 -0500
Subject: [PATCH] Pinned tag using SHA.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Pinned docker images by SHA instead of a tag because tags can be moved while SHA can’t.
---
 Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 1e1bb97603..b3e1420c57 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,10 @@
 # the officially-released binary from releases.hashicorp.com and are
 # built by the (closed-source) official release process.
 
-FROM docker.mirror.hashicorp.services/golang:alpine
+# Pinned tag using SHA
+# sha256:c2335038e2230960f81cb2f9f1fc5eca45e23b765de1848c7bbfaebcfd32d90d
+# https://github.com/google/go-containerregistry/blob/main/cmid/crane/README.md
+FROM docker.mirror.hashicorp.services/golang@sha256:c2335038e2230960f81cb2f9f1fc5eca45e23b765de1848c7bbfaebcfd32d90d
 LABEL maintainer="HashiCorp Terraform Team <terraform@hashicorp.com>"
 
 RUN apk add --no-cache git bash openssh