Image digest update #720

	name: Image digest update

	on:
	workflow_dispatch:
	schedule:
	- cron: "0 1 * * *"

	permissions: {}

	jobs:
	image-update:
	name: Image digest update
	runs-on: ubuntu-latest
	if: github.repository == 'wolfi-dev/actions'

	permissions:
	contents: read # To clone the repo
	id-token: write # To gitsign and federate

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
	with:
	egress-policy: audit

	- uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1
	id: octo-sts
	with:
	scope: ${{ github.repository }}
	identity: digestabot

	- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	with:
	token: ${{ steps.octo-sts.outputs.token }}
	persist-credentials: false

	- uses: chainguard-dev/digestabot@a3b776c1ca57d3127c85578cde8fef6eed3c75d3 # v1.2.3
	with:
	token: ${{ steps.octo-sts.outputs.token }}
	author: "octo-sts[bot] <157150467+octo-sts[bot]@users.noreply.github.com>"
	committer: "octo-sts[bot] <157150467+octo-sts[bot]@users.noreply.github.com>"

Provide feedback