diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index add0f6e..1f85d64 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -18,17 +18,17 @@ jobs: uses: rlespinasse/github-slug-action@v3.x - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Repository - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GHCR_PUSH_TOKEN }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push Container Image to GitHub Container Repository - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: . file: ./Dockerfile diff --git a/.github/workflows/release-image.yml b/.github/workflows/release-image.yml index a01bfb8..b7c1713 100644 --- a/.github/workflows/release-image.yml +++ b/.github/workflows/release-image.yml @@ -20,8 +20,8 @@ jobs: uses: docker/login-action@v1 with: registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GHCR_PUSH_TOKEN }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push Container Image to GitHub Container Repository uses: docker/build-push-action@v2 diff --git a/Dockerfile b/Dockerfile index 350d6e8..66abc1e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ COPY . /src WORKDIR /src -RUN apk add --no-cache git \ +RUN apk add --no-cache git build-base \ && gem build cfn-guardian.gemspec \ && gem install cfn-guardian-${GUARDIAN_VERSION}.gem \ && rm -rf /src diff --git a/cfn-guardian.gemspec b/cfn-guardian.gemspec index f801342..0de1dcb 100644 --- a/cfn-guardian.gemspec +++ b/cfn-guardian.gemspec @@ -38,7 +38,7 @@ Gem::Specification.new do |spec| spec.add_dependency 'aws-sdk-codecommit', '~> 1.53', '<2' spec.add_dependency 'aws-sdk-codepipeline', '~> 1.55', '<2' - spec.add_runtime_dependency('rexml', '>= 0') + spec.add_runtime_dependency('rexml', '3.3.0') spec.add_development_dependency "bundler", "~> 2.0" spec.add_development_dependency "rake", "~> 13.0" diff --git a/lib/cfnguardian/tagger.rb b/lib/cfnguardian/tagger.rb index fa66c9f..742707e 100644 --- a/lib/cfnguardian/tagger.rb +++ b/lib/cfnguardian/tagger.rb @@ -63,7 +63,7 @@ def get_alarm_tags(alarm_arn) end def get_tags_to_delete(current_tags, new_tags) - return current_tags.select {|tag| !new_tags.has_key?(tag.key)}.map {|tag| tag.key} + return current_tags.select {|tag| !new_tags.has_key?(tag.key) && !tag.key.start_with?('aws:') }.map { |tag| tag.key } end def tags_changed?(current_tags, new_tags) diff --git a/lib/cfnguardian/version.rb b/lib/cfnguardian/version.rb index 4a5f48f..9df709d 100644 --- a/lib/cfnguardian/version.rb +++ b/lib/cfnguardian/version.rb @@ -1,4 +1,4 @@ module CfnGuardian - VERSION = "0.11.10" + VERSION = "0.11.11" CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze end