Skip to content

Commit

Permalink
Merge branch 'main' into feature/secret-key
Browse files Browse the repository at this point in the history
  • Loading branch information
ahosgood authored Dec 5, 2023
2 parents 6eec6c4 + ef8016e commit e2b2f48
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 24 deletions.
28 changes: 14 additions & 14 deletions .github/workflows/_docker-build-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -89,17 +89,17 @@ jobs:
push: true
tags: ${{ env.IMAGE_ID }}:latest
provenance: false
- name: Scan for vulnerabilities
if: inputs.publish
id: scan
uses: crazy-max/ghaction-container-scan@v2
with:
image: ${{ env.IMAGE_ID }}:${{ env.TAG }}
dockerfile: ${{ inputs.docker-context }}/${{ inputs.dockerfile }}
severity_threshold: CRITICAL
annotations: true
- name: Upload SARIF file
if: steps.scan.outputs.sarif != '' && inputs.publish
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
# - name: Scan for vulnerabilities
# if: inputs.publish
# id: scan
# uses: crazy-max/ghaction-container-scan@v2
# with:
# image: ${{ env.IMAGE_ID }}:${{ env.TAG }}
# dockerfile: ${{ inputs.docker-context }}/${{ inputs.dockerfile }}
# severity_threshold: CRITICAL
# annotations: true
# - name: Upload SARIF file
# if: steps.scan.outputs.sarif != '' && inputs.publish
# uses: github/codeql-action/upload-sarif@v2
# with:
# sarif_file: ${{ steps.scan.outputs.sarif }}
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Initial release of `tna-python-flask` Docker image

### Changed

- Update Poetry to [1.7.1](https://github.com/python-poetry/poetry/releases/tag/1.7.1)
- Updated Base Docker image from `python:3.11-slim` to `python:3.12-slim-bookworm`

### Deprecated
### Removed
### Fixed
### Security

- Upgrade all Debian packages

## [0.1.11](https://github.com/nationalarchives/docker/compare/v0.1.10...v0.1.11) - 2023-10-16

### Added
Expand Down
25 changes: 15 additions & 10 deletions docker/tna-python/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM python:3.11-slim
FROM python:3.12-slim-bookworm

# ==========================================
# Label this container image with a semantic
Expand Down Expand Up @@ -74,7 +74,7 @@ ENV PIP_NO_CACHE_DIR=true \
# and what version is used
# ==========================================
ENV POETRY_HOME=/home/app/.local \
POETRY_VERSION=1.6.1 \
POETRY_VERSION=1.7.1 \
POETRY_NO_INTERACTION=1 \
POETRY_VIRTUALENVS_CREATE=true \
POETRY_VIRTUALENVS_IN_PROJECT=false
Expand All @@ -92,17 +92,22 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Update the package index files and install
# a specific version of curl that we know to
# have no issues which is required later for
# installing Poetry then create a new system
# -level non-root user, a home directory for
# "them" where we can install libraries into
# (along with our build and run scripts) and
# create an /app directory in the root which
# will contain all the application code
# installing Poetry and create a new system-
# level nonroot user who has with a new home
# directory where we will be able to install
# libraries into (along with our scripts for
# building and running) and create an "/app"
# directory in the root (for the application
# code)
# ==========================================
RUN set -eux; \
\
export DEBIAN_FRONTEND=noninteractive; \
\
apt-get update; \
apt-get -y upgrade; \
apt-get install -y --no-install-recommends curl=7.88.1-10+deb12u4 build-essential=12.9 libmagic-dev=1:5.44-3; \
\
apt-get clean; \
apt-get autoremove -y --purge; \
rm -rfv /var/lib/apt/lists/*; \
Expand Down Expand Up @@ -167,10 +172,10 @@ USER app
# ==========================================
# Install the latest LTS version of Node.js,
# but keeping within the releases code-named
# as "hydrogen" (v18)
# as "iron" (v20)
# ==========================================
RUN . "$NVM_DIR/nvm.sh"; \
nvm install lts/hydrogen
nvm install lts/iron

# ==========================================
# Into our .local/bin/ directory copy in the
Expand Down

0 comments on commit e2b2f48

Please sign in to comment.