make: add renovate anchor to the release target golang image

Signed-off-by: Alexandre Perrin <alex@isovalent.com>

Makefile

@@ -21,13 +21,17 @@ GOLANGCILINT_WANT_VERSION = v1.53.1
 GOLANGCILINT_IMAGE_SHA = sha256:1d3e531d92b54c8ee7207d591cfc9c19ef96138ddad4c0103935501d5aca2616
 GOLANGCILINT_VERSION = $(shell golangci-lint version 2>/dev/null)
 
+# renovate: datasource=docker depName=library/golang
+GOLANG_IMAGE_VERSION = 1.20.4-alpine3.17
+GOLANG_IMAGE_SHA = sha256:913de96707b0460bcfdfe422796bb6e559fc300f6c53286777805a9a3010a5ea
+
 all: hubble
 
 hubble:
 	$(GO_BUILD) $(if $(GO_TAGS),-tags $(GO_TAGS)) -ldflags "-w -s -X 'github.com/cilium/hubble/pkg.GitBranch=${GIT_BRANCH}' -X 'github.com/cilium/hubble/pkg.GitHash=$(GIT_HASH)' -X 'github.com/cilium/hubble/pkg.Version=${VERSION}'" -o $(TARGET)
 
 release:
-	docker run --rm --workdir /hubble --volume `pwd`:/hubble docker.io/library/golang:1.20.4-alpine3.17@sha256:913de96707b0460bcfdfe422796bb6e559fc300f6c53286777805a9a3010a5ea \
+	$(CONTAINER_ENGINE) run --rm --workdir /hubble --volume `pwd`:/hubble docker.io/library/golang:$(GOLANG_IMAGE_VERSION)@$(GOLANG_IMAGE_SHA) \
 		sh -c "apk add --no-cache setpriv make git && \
 			/usr/bin/setpriv --reuid=$(RELEASE_UID) --regid=$(RELEASE_GID) --clear-groups make GOCACHE=/tmp/gocache local-release"
 
@@ -77,7 +81,7 @@ check:
 	golangci-lint run
 else
 check:
-	docker run --rm -v `pwd`:/app -w /app docker.io/golangci/golangci-lint:$(GOLANGCILINT_WANT_VERSION) golangci-lint run
+	$(CONTAINER_ENGINE) run --rm -v `pwd`:/app -w /app docker.io/golangci/golangci-lint:$(GOLANGCILINT_WANT_VERSION)@$(GOLANGCILINT_IMAGE_SHA) golangci-lint run
 endif
 
 image: