In #627 we switched to using pre-built Docker images for some of the actions that are invoked most frequently. This reduced the rate of GitHub actions encountering errors during these builds - as pulling images is more reliable than building them.
However, a consequence of that change is that these Docker images are no longer getting built every time the build runs. Therefore they have the potential to go stale.
As detailed in #627, stale images isn't a significant risk because the images themselves aren't a particularly high security concern. However, we should update them periodically. An initial proposal could be doing this once per week. However, we could build and push them more frequently (e.g. daily) if we prefer.
In #627 we switched to using pre-built Docker images for some of the actions that are invoked most frequently. This reduced the rate of GitHub actions encountering errors during these builds - as pulling images is more reliable than building them.
However, a consequence of that change is that these Docker images are no longer getting built every time the build runs. Therefore they have the potential to go stale.
As detailed in #627, stale images isn't a significant risk because the images themselves aren't a particularly high security concern. However, we should update them periodically. An initial proposal could be doing this once per week. However, we could build and push them more frequently (e.g. daily) if we prefer.