From f59f15470e032d9113a663530dcf0a63ddc21152 Mon Sep 17 00:00:00 2001
From: Renovator Bot <renovator@rknet.org>
Date: Thu, 14 Dec 2023 10:58:10 +0100
Subject: [PATCH] chore(docker): update node.js to 9e38d3d (#234)

Reviewed-on: https://gitea.rknet.org/container/alpine-tools/pulls/234
Co-authored-by: Renovator Bot <renovator@rknet.org>
Co-committed-by: Renovator Bot <renovator@rknet.org>
---
 .woodpecker/build-container.yml |  1 -
 Containerfile.multiarch         | 13 +++++++++----
 trivy.yaml                      |  4 ++++
 3 files changed, 13 insertions(+), 5 deletions(-)
 create mode 100644 trivy.yaml

diff --git a/.woodpecker/build-container.yml b/.woodpecker/build-container.yml
index a92182d..eb43f5c 100644
--- a/.woodpecker/build-container.yml
+++ b/.woodpecker/build-container.yml
@@ -24,7 +24,6 @@ steps:
       TRIVY_NO_PROGRESS: "true"
       TRIVY_SEVERITY: HIGH,CRITICAL
       TRIVY_TIMEOUT: 1m
-      TRIVY_SKIP_FILES: /usr/local/bin/gomplate
 
   publish-dockerhub:
     group: container
diff --git a/Containerfile.multiarch b/Containerfile.multiarch
index 5e0d84e..1344a88 100644
--- a/Containerfile.multiarch
+++ b/Containerfile.multiarch
@@ -1,4 +1,4 @@
-FROM docker.io/node:lts-alpine@sha256:32427bc0620132b2d9e79e405a1b27944d992501a20417a7f407427cc4c2b672
+FROM docker.io/node:lts-alpine@sha256:9e38d3d4117da74a643f67041c83914480b335c3bd44d37ccf5b5ad86cd715d1
 
 LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
 LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
@@ -33,7 +33,10 @@ ENV YAMLLINT_VERSION="${YAMLLINT_VERSION:-1.33.0}"
 # renovate: datasource=github-releases depName=yannh/kubeconform
 ENV KUBECONFORM_VERSION="${KUBECONFORM_VERSION:-v0.6.4}"
 
-RUN apk --update add --no-cache python3 py3-pip curl make tar git bash && \
+ENV PIPX_HOME=/opt/pipx
+ENV PIPX_BIN_DIR=/usr/local/bin
+
+RUN apk --update add --no-cache python3 pipx curl make tar git bash && \
     apk --no-cache upgrade libcrypto3 libssl3 && \
     curl -SsfL -o /usr/local/bin/gomplate "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS}-${TARGETARCH}${TARGETVARIANT}" && \
     curl -SsfL -o /usr/local/bin/url-parser "https://github.com/thegeeklab/url-parser/releases/download/${URL_PARSER_VERSION}/url-parser-${TARGETOS}-${TARGETARCH}${TARGETVARIANT//v/-}" && \
@@ -45,9 +48,11 @@ RUN apk --update add --no-cache python3 py3-pip curl make tar git bash && \
         "prettier@$PRETTIER_VERSION" \
         "spellchecker-cli@$SPELLCHECKER_VERSION" \
         "js-beautify@$JSBEAUTIFY_VERSION" && \
-    pip install -qq --no-cache-dir yamllint=="$YAMLLINT_VERSION" && \
+    pipx install --include-deps yamllint=="$YAMLLINT_VERSION" && \
+    $PIPX_HOME/shared/bin/pip install -U pip setuptools && \
     rm -rf /var/cache/apk/* && \
-    rm -rf /tmp/*
+    rm -rf /tmp/* && \
+    rm -rf /root/.cache/
 
 ADD overlay/ /
 
diff --git a/trivy.yaml b/trivy.yaml
new file mode 100644
index 0000000..e74b43b
--- /dev/null
+++ b/trivy.yaml
@@ -0,0 +1,4 @@
+---
+scan:
+  skip-files:
+    - /usr/local/bin/gomplate