• Salamander@mander.xyz
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    Ah, thank you! I’ve edited my comment to make sure that if someone else reads what I wrote, they see your reply too.

    I was trying to help others, but now I’m the confused one that needs help.

    I was looking at the site ghcr.io, and my impression is that this site is similar to dockerhub but run by github, and I (perhaps wrongly) assumed that it guarantees that the container is built from the source that is accessible through the github repository.

    This puts me in the uncomfortable situation that my comment could misguide someone when my intention is to help, but I hope that with the help of your comment and the edit it is enough to avoid that.

    • Masterofballs@exploding-heads.comOP
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      I was looking at the site ghcr.io, and my impression is that this site is similar to dockerhub but run by github, and I (perhaps wrongly) assumed that it guarantees that the container is built from the source that is accessible through the github repository.

      I’m actually not sure if github has a auto build system. It might somewhere. But he should be able to override it with a

      docker push ghcr.io/OWNER/IMAGE_NAME:VERSION
      

      Maybe there are some safeguards in github somewhere I don’t know about.

      • Salamander@mander.xyz
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Maybe there are some safeguards in github somewhere I don’t know about.

        I don’t know either, as I haven’t published my own docker containers via dockerhub nor this github site. So I’ve edited my comment even more to warn people of this potential risk. Thank you!