From 3ce81b71cd3c1611dd23830a465ed817288893b1 Mon Sep 17 00:00:00 2001
From: devbyteops <tarufkhan@gmail.com>
Date: Tue, 24 Dec 2024 13:06:46 +0530
Subject: [PATCH] change version for alpine, aliyun-cli & integrate trivy in
 pipeline

---
 .github/workflows/docker-publish.yaml | 28 ++++++++++++---------------
 Dockerfile                            |  9 +++++++--
 2 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml
index 9d7fca5..e5ea1e3 100644
--- a/.github/workflows/docker-publish.yaml
+++ b/.github/workflows/docker-publish.yaml
@@ -9,6 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       IMG_NAME: ${{ github.repository }}
+      IMG_VERSION: "0.0.3"
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -24,20 +25,17 @@ jobs:
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      
-      - name: Docker meta
-        id: metadata
-        uses: docker/metadata-action@v5
+
+      - name: Build docker image
+        run: docker build -t docker.io/${{ github.repository }}:${{ IMG_VERSION }}
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-actions@0.28.0
         with:
-          images: ${{ env.IMG_NAME }}
-          tags: |
-            # type=sha
-            type=schedule
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
+          image-ref: 'docker.io/${{ github.repository }}:${{ IMG_VERSION }}'
+          format: 'table'
+          exit-code: '1'
+          severity: 'CRITICAL.HIGH'
 
       - name: Build and push
         uses: docker/build-push-action@v5
@@ -45,6 +43,4 @@ jobs:
           context: .
           platforms: linux/amd64
           push: ${{ github.event_name != 'pull_request' }}
-          # tags: ${{ steps.metadata.outputs.tags }}
-          tags: devbyteops/aliyun-cli:0.0.2
-          labels: ${{ steps.metadata.outputs.labels }}
\ No newline at end of file
+          tags: ${{ github.repository }}:${{ IMG_VERSION }}
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index c1d4203..715c21c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,10 @@
-FROM alpine:3.20.2
-ARG ALIYUN_VERSION=3.0.216
+FROM alpine:3.21.0
+
+LABEL author="Taruf Khan <https://github.com/devbyteops>"
+LABEL description="Alpine based dockerfile for aliyun cli"
+MAINTAINER "Taruf Khan <tarufkhan@gmail.com>"
+
+ARG ALIYUN_VERSION=3.0.240
 RUN apk update && apk add --no-cache bash
 RUN wget https://aliyuncli.alicdn.com/aliyun-cli-linux-${ALIYUN_VERSION}-amd64.tgz && \
     tar -xvzf aliyun-cli-linux-${ALIYUN_VERSION}-amd64.tgz && \