Merge branch 'main' into updates

voxpupuli · Oct 24, 2024 · c9f9f3e · c9f9f3e
2 parents 2de0203 + f73a26d
commit c9f9f3e
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 3 deletions.
diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml
@@ -48,6 +48,7 @@ jobs:
             APK_JQ=${{ matrix.apk_jq }}
             APK_YAMLLINT=${{ matrix.apk_yamllint }}
             APK_GIT=${{ matrix.apk_git }}
+            APK_CURL=${{ matrix.apk_curl }}
           build_arch: linux/amd64,linux/arm64
           docker_username: voxpupulibot
           docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -53,6 +53,7 @@ jobs:
             APK_JQ=${{ matrix.apk_jq }}
             APK_YAMLLINT=${{ matrix.apk_yamllint }}
             APK_GIT=${{ matrix.apk_git }}
+            APK_CURL=${{ matrix.apk_curl }}
 
       - name: Clone voxpupuli/puppet-example repository
         uses: actions/checkout@v4

diff --git a/.github/workflows/security_scanning.yml b/.github/workflows/security_scanning.yml
@@ -54,9 +54,10 @@ jobs:
             APK_JQ=${{ matrix.apk_jq }}
             APK_YAMLLINT=${{ matrix.apk_yamllint }}
             APK_GIT=${{ matrix.apk_git }}
+            APK_CURL=${{ matrix.apk_curl }}
 
       - name: Scan image with Anchore Grype
-        uses: anchore/scan-action@v4
+        uses: anchore/scan-action@v5
         id: scan
         with:
           image: 'ci/voxbox:${{ matrix.rubygem_puppet }}'

diff --git a/Dockerfile b/Dockerfile
@@ -2,6 +2,7 @@ ARG BASE_IMAGE=docker.io/ruby:3.2.5-alpine3.20
 
 FROM $BASE_IMAGE AS builder
 
+# Gems have to be ARG and ENV because they are used as reference in the Gemfile
 ARG RUBYGEM_PUPPET
 ENV RUBYGEM_PUPPET ${RUBYGEM_PUPPET:-8.8.1}
 
@@ -71,15 +72,18 @@ LABEL org.label-schema.maintainer="Voxpupuli Team <[email protected]>" \
       org.label-schema.schema-version="1.0" \
       org.label-schema.dockerfile="/Dockerfile"
 
+# APKs are not used in any other file, so ARG is sufficient.
 ARG APK_JQ=1.7.1-r0
 ARG APK_YAMLLINT=1.35.1-r1
 ARG APK_GIT=2.45.2-r0
+ARG APK_CURL=8.10.1-r0
 
 RUN apk update \
     && apk upgrade \
     && apk add jq=${APK_JQ} \
     && apk add yamllint=${APK_YAMLLINT} \
     && apk add git=${APK_GIT} \
+    && apk add curl=${APK_CURL} \
     && rm -rf /var/cache/apk/* \
     && rm -rf /usr/local/lib/ruby/gems
 

diff --git a/build_versions.json b/build_versions.json
@@ -17,7 +17,8 @@
       "rubygem_bundler": "2.4.22",
       "apk_jq": "1.6-r1",
       "apk_yamllint": "1.26.3-r1",
-      "apk_git": "2.36.6-r0"
+      "apk_git": "2.36.6-r0",
+      "apk_curl": "8.5.0-r0"
     },
     {
       "puppet_release": 8,
@@ -36,7 +37,8 @@
       "rubygem_bundler": "2.5.22",
       "apk_jq": "1.7.1-r0",
       "apk_yamllint": "1.35.1-r1",
-      "apk_git": "2.45.2-r0"
+      "apk_git": "2.45.2-r0",
+      "apk_curl": "8.10.1-r0"
     }
   ]
 }