Specifying image version by hash during one-click deploy does not work

[sneak]

I'm trying to deploy Gitea. I don't like deploying by image tag because those can be silently updated by developers on Docker Hub, granting them remote execution on my machine under certain circumstances.

When deploying it via one-click apps, I am prompted for the gitea version to deploy. I entered sha256:223c31793c1b486c3339cffc95e307b2094410f2fc0b0410c9488db828fe6b27 instead of latest. This failed during build.

When deploying these via the docker CLI, one must do docker run image@sha256:hash instead of docker run image:tagname.

It seems to me that CapRover should detect when a specified version starts with a hash algorithm identifier (if even only recognizing the static string sha256 for now, as is displayed on the Docker Hub website) and deploying appropriately based on image hash (cryptographically immutable) instead of tagname (developer mutable).

[githubsaturn]

Moving this to one-click apps repo as it's perhaps only related to regex validations of the tags which is totally one-click app specific.

[githubsaturn]

It does support that. You can try copy-pasting this:

{"schemaVersion":2,"imageName":"nginx@sha256:253ba3484dc13498c0a2ad9e236f144dcc8c74ec08a0bcead9b776fa8a29dffc"}