Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update(dockerfile): update Dockerfile USER and add OCI labels to all releases #7292

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

update(dockerfile): update Dockerfile USER and add OCI labels to all releases #7292

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
42272a2
update Dockerfile and tests to use the same user as the image
cx-ruiaraujo Oct 25, 2024
400be55
fix cxone vulnerabilities
cx-ruiaraujo Oct 25, 2024
198a127
fix grype
cx-ruiaraujo Oct 25, 2024
29890d7
update kics internal release workflow
cx-ruiaraujo Oct 25, 2024
f04647d
add OCI labels
cx-ruiaraujo Oct 25, 2024
914d919
remove unused gh actions
cx-ruiaraujo Oct 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/go-ci-integration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:
run: echo ${{ steps.docker_build.outputs.digest }}
- name: Run docker image and generate results.json
run: |
docker run -v ${PWD}/assets/queries:/path \
docker run --user $(id -u):$(id -g) -v ${PWD}/assets/queries:/path \
kics:${{ github.sha }} scan \
--silent \
--disable-full-descriptions \
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/go-e2e.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,9 +96,10 @@ jobs:
- name: Get docker name
run: |
DOCKER_NAME=$(echo ${{ matrix.kics-docker }} | sed 's/\//-/')
echo "DOCKER_NAME=$DOCKER_NAME" >> $GITHUB_ENV
- name: Archive test report
if: always()
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
with:
name: e2e-tests-report-$DOCKER_NAME
name: e2e-tests-report-${{ env.DOCKER_NAME }}
path: e2e-report.html
196 changes: 0 additions & 196 deletions .github/workflows/release-apispec.yml
View file
Open in desktop

This file was deleted.

112 changes: 0 additions & 112 deletions .github/workflows/release-dkr-image-for-tag.yml
View file
Open in desktop

This file was deleted.

32 changes: 27 additions & 5 deletions .github/workflows/release-dkr-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,14 +41,33 @@ jobs:
image: tonistiigi/binfmt:latest
platforms: linux/amd64,linux/arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Login to DockerHub
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Get current date
run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: "checkmarx/kics"
labels: |
org.opencontainers.image.title=KICS
org.opencontainers.image.version=${{ steps.get-version.outputs.version }}
org.opencontainers.image.vendor=Checkmarx
org.opencontainers.image.authors=KICS
org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
org.opencontainers.image.documentation=https://docs.kics.io
org.opencontainers.image.url=https://github.com/Checkmarx/kics
org.opencontainers.image.source=https://github.com/Checkmarx/kics
org.opencontainers.image.licenses=Apache-2.0
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.created=${{ env.CREATED_AT }}
- name: Push alpine to Docker Hub
uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
id: build_alpine
with:
context: .
Expand All @@ -60,9 +79,10 @@ jobs:
COMMIT=${{ github.sha }}
SENTRY_DSN=${{ secrets.SENTRY_DSN }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push debian to Docker Hub
id: build_debian
uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: .
file: ./docker/Dockerfile.debian
Expand All @@ -74,9 +94,10 @@ jobs:
COMMIT=${{ github.sha }}
SENTRY_DSN=${{ secrets.SENTRY_DSN }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
labels: ${{ steps.meta.outputs.labels }}
- name: Build and push ubi8 to Docker Hub
id: build_ubi8
uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: .
file: ./docker/Dockerfile.ubi8
Expand All @@ -88,6 +109,7 @@ jobs:
COMMIT=${{ github.sha }}
SENTRY_DSN=${{ secrets.SENTRY_DSN }}
DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
labels: ${{ steps.meta.outputs.labels }}
# TODO: dockerhub api does not support PAT yet
# https://github.com/docker/roadmap/issues/115#issuecomment-891694974
# https://github.com/docker/roadmap/issues/115
Expand Down
Loading
Loading