use container with sha value to be sure that the container could not change over time.

[stbischof]

hetzner-github-runner/docker-compose.yml.tmpl

Line 5 in c35460d

image: ghcr.io/stonemaster/github-actions-runner:main

[stonemaster]

Actually I am owning stonemaster/github-actions-runner which right now is updated on a regular basis.
Having an explicit SHA key here would also mean that this repository needs an update every time the upstream container is updated. The way it is now, always the most recent one (implicitly meaning only after a successful build) is used. I still think this is a sane default.

The stonemaster/github-actions-runner repository itself is based on the official GitHub docker container, adding a thin layer of customisation scripts that are needed for this marketplace action.

Let me know your opinion, and why you think an explicit SHA value could be useful 🤔

[stbischof]

if i use the setup and is is not linked to the sha, then you could change the contains, this way you can get access to my setup

[stonemaster]

What about having an option that defaults to main but would allow you to keep a distinct sha value?
Having to change this every time the base image changes would be tedious for me.

[stbischof]

would help.