Update GitHub Action documentation for Docker image stability and security

[5000164]

User description

This pull request updates the GitHub Action documentation to improve clarity and enhance security measures.

• Changed the example tag from v2.0 to v0.23 to use an existing Docker image version as a sample.
• Changed uses to show how to use a specific version directly from Docker Hub.
• Added an example of specifying the Docker image by its digest to ensure enhanced security.

ref. #1034

---

PR Type

Documentation

---

Description

• Updated the GitHub Action documentation to improve clarity and enhance security measures.
• Changed the example tag from v2.0 to v0.23 to use an existing Docker image version as a sample.
• Changed uses to show how to use a specific version directly from Docker Hub.
• Added an example of specifying the Docker image by its digest to ensure enhanced security.

---

Changes walkthrough 📝

	Relevant files
Documentation	github.md Update GitHub Action documentation for Docker image stability and security docs/docs/installation/github.md Updated example tag from v2.0 to v0.23 for Docker image version. Changed uses to demonstrate using a specific version directly from Docker Hub. Added an example of specifying the Docker image by its digest for enhanced security. +12/-2

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-pro]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🏅 Score: 95

🧪 No relevant tests

🔒 No security concerns identified

🔀 No multiple PR themes

⚡ No key issues to review

[codiumai-pr-agent-pro]

PR Code Suggestions ✨

Category	Suggestion	Score
Best practice	Explain the security benefits of using Docker image digests It's a good practice to explain why using a Docker image by its digest enhances security. This could be briefly mentioned in the documentation to provide clarity and justification for this practice. docs/docs/installation/github.md [41] -For enhanced security, you can also specify the Docker image by its digest: +For enhanced security, specifying the Docker image by its digest ensures that the image is exactly the one reviewed and approved, as digests are unique to each image build: Apply this suggestion Suggestion importance[1-10]: 9 Why: The suggestion enhances the documentation by explaining the security benefits of using Docker image digests, providing clarity and justification for this practice. This is a significant improvement for users concerned with security.	9
Maintainability	Standardize Docker image naming convention in documentation To ensure consistency in the documentation, consider using a consistent naming convention for Docker images. The original image name uses a different format (Codium-ai/pr-agent@v2.0). It's recommended to stick to one format to avoid confusion. docs/docs/installation/github.md [37] -uses: docker://codiumai/pr-agent:0.23-github_action +uses: docker://Codium-ai/pr-agent:0.23 Apply this suggestion Suggestion importance[1-10]: 7 Why: The suggestion improves maintainability by ensuring a consistent naming convention for Docker images, which helps avoid confusion. However, the original naming convention is not incorrect, so the improvement is minor.	7

[mrT23]

add a link to digest, to explain how you found the SHA. It is not trivial

[digest](https://hub.docker.com/layers/codiumai/pr-agent/0.23-github_action/images/sha256-14165e525678ace7d9b51cda8652c2d74abb4e1d76b57c4a6ccaeba84663cc64?context=repo)

[mrT23]

remove the "enhanced security".
its a bit confusing. It will not protect you from cyber attacks.
you mean to say that it ensures without a doubt that the docker will be freezed (although in practice the v0... models are freezed anyway)

you can also specify the Docker image by its digest:

[5000164]

I mean specifying the Docker image digest enhances security because it is effective in preventing supply chain attacks.
If the term "enhanced security" is confusing, would it be clearer to phrase it as "to prevent supply chain attacks"?

[mrT23]

you know what, its ok. thanks for the PR

[5000164]

Thank you for merging!