From 8855f7cc103376deb73297ededfe1174706e4efa Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Fri, 18 Nov 2022 17:12:13 +0100
Subject: [PATCH] :ambulance: Pin Dokuwiki container to specific digest

There seem to be compatibility issues with container updates within the
same tag. These updates happen every time we run Ansible and are usually
desired, as they can fix security issues (esp. in the base image).

However, if the update cannot be trusted to run without manual intervention,
we have to pin the version and check for updates manually.
---
 host-tau.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/host-tau.yml b/host-tau.yml
index cbaae34..a9ace8c 100644
--- a/host-tau.yml
+++ b/host-tau.yml
@@ -12,7 +12,9 @@
 
     dokuwiki_domain: "wiki.netz39.de"
     dokuwiki_port: 9005
-    dokuwiki_image: "bitnami/dokuwiki:20220731"
+    # This container is pinned, because there are issues
+    # with backwards compatibility within the same tag!
+    dokuwiki_image: "bitnami/dokuwiki:20220731@sha256:989ab52cf2d2e0f84166e114ca4ce88f59546b8f6d34958905f8d81c18cbd759"
 
   roles:
     - role: docker_setup