From 2ea508d432461bdcdb60ca2601c7caf73412a9a6 Mon Sep 17 00:00:00 2001 From: Enji Cooper Date: Mon, 16 Mar 2026 18:18:09 -0700 Subject: [PATCH] Allow the docker image to be overridden by callers Some enterprise environments / on-prem environments may want to roll their own versions of tools from scratch and keep local caches of things to ensure that the sources persist and release artifacts aren't modified after the fact. This is done in the hope that certain supply chain attacks can be avoided. Allow the docker image to be overridden by the `docker_image` parameter to give those end-users a bit more control over the release process/artifacts when mirroring this GHA workflow internally. Signed-off-by: Enji Cooper --- action.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 2dae83d..4e1b4f2 100644 --- a/action.yml +++ b/action.yml @@ -1,8 +1,14 @@ +--- name: "GitHub CODEOWNERS Validator" description: "GitHub action to ensure the correctness of your CODEOWNERS file." author: "szostok.mateusz@gmail.com" inputs: + docker_image: + description: "Docker image to use when running the GitHub Workflow. The value defaults to the latest publicly released GitHub Docker image, but this can/should be overridden in scenarios where supply chain attacks are a concern. Some examples: GitHub Enterprise environments, when using an internal Docker Hub instance, etc." + required: false + default: "docker://ghcr.io/mszostok/codeowners-validator:v0.7.4" + github_access_token: description: "The GitHub access token. Instruction for creating a token can be found here: https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/#creating-a-token. If not provided then validating owners functionality could not work properly, e.g. you can reach the API calls quota or if you are setting GitHub Enterprise base URL then an unauthorized error can occur." required: false @@ -80,7 +86,7 @@ inputs: runs: using: 'docker' - image: 'docker://ghcr.io/mszostok/codeowners-validator:v0.7.4' + image: "${{ inputs.docker_image }}" env: ENVS_PREFIX: "INPUT"