fix: address cubic review on PR #1544

- P1: pin chko/docker-pushrm to an immutable sha256 digest instead of
  the mutable ':1' tag. Using a major tag means an attacker who
  compromised the upstream repo could ship a malicious image and our
  workflow would pull it with DOCKERHUB_USERNAME/DOCKERHUB_TOKEN in the
  environment. Resolved the current digest via the Docker Hub registry
  API and left an inline comment documenting how to bump it.
- P2: fix CLAUDE.md wording that described the Docker Hub PAT in
  GitHub-PAT-scope terminology ('repo:write on the org repo'). Docker
  Hub PATs have their own scopes; the docs now just say 'write access
  to the repo' and mention the digest-pinning behavior.

Author: brunobuddy

.github/workflows/docker.yml

@@ -127,11 +127,18 @@ jobs:
           DOCKER_USER: ${{ secrets.DOCKERHUB_USERNAME }}
           DOCKER_PASS: ${{ secrets.DOCKERHUB_TOKEN }}
         run: |
+          # Pinned to immutable digest for supply-chain safety.
+          # The underlying tool is chko/docker-pushrm:1. When bumping the tag,
+          # fetch the current digest with:
+          #   TOKEN=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:chko/docker-pushrm:pull" | jq -r .token)
+          #   curl -sI -H "Authorization: Bearer $TOKEN" \
+          #     -H "Accept: application/vnd.docker.distribution.manifest.list.v2+json" \
+          #     https://registry-1.docker.io/v2/chko/docker-pushrm/manifests/1 | grep -i docker-content-digest
           docker run --rm \
             -v "$GITHUB_WORKSPACE/docker/DOCKER_README.md:/data/README.md:ro" \
             -e DOCKER_USER \
             -e DOCKER_PASS \
-            chko/docker-pushrm:1 \
+            chko/docker-pushrm@sha256:812a950e5be7dca26cef33b61eb2076bfcfb6c2a8ec96c126371fc049c3b6608 \
             --file /data/README.md \
             --short "Smart LLM router for personal AI agents. Cut costs up to 70%." \
             --debug \

CLAUDE.md

@@ -512,7 +512,7 @@ To retag an older commit or publish a hotfix version that doesn't match the curr
 
 ### Docker Hub description
 
-`docker/DOCKER_README.md` is the source of truth for the Docker Hub repo description at [`manifestdotbuild/manifest`](https://hub.docker.com/r/manifestdotbuild/manifest). The `sync-description` job in `docker.yml` pushes it to Docker Hub via the [`chko/docker-pushrm`](https://github.com/christian-korneck/docker-pushrm) container image (standalone `docker run`, no third-party GitHub Action). Same `DOCKERHUB_USERNAME` / `DOCKERHUB_TOKEN` secrets that the publish job uses — the PAT needs `repo:write` on the org repo, which it already has for image pushes. Edits to `docker/DOCKER_README.md` are treated as doc-only: they do **not** trigger the PR validate job (no point rebuilding multi-arch images for content changes), and they auto-sync to Docker Hub on merge to main via a dedicated `push:` trigger with a narrow paths filter.
+`docker/DOCKER_README.md` is the source of truth for the Docker Hub repo description at [`manifestdotbuild/manifest`](https://hub.docker.com/r/manifestdotbuild/manifest). The `sync-description` job in `docker.yml` pushes it to Docker Hub via the [`chko/docker-pushrm`](https://github.com/christian-korneck/docker-pushrm) container image (standalone `docker run`, no third-party GitHub Action). It uses the same `DOCKERHUB_USERNAME` / `DOCKERHUB_TOKEN` secrets as the publish job — the Docker Hub PAT needs write access to the repo, which the existing token already has for image pushes. Edits to `docker/DOCKER_README.md` are treated as doc-only: they do **not** trigger the PR validate job (no point rebuilding multi-arch images for content changes), and they auto-sync to Docker Hub on merge to main via a dedicated `push:` trigger with a narrow paths filter. The `chko/docker-pushrm` image is pinned to an immutable digest in the workflow — when bumping, re-fetch the digest via `docker manifest inspect chko/docker-pushrm:1` or the registry API (see the inline comment in `docker.yml`).
 
 ### Summary of what CI does on each trigger