chore(deps): update docker.io/alpine docker tag to v3.19 (#94)
Reviewed-on: #94 Co-authored-by: Renovator Bot <renovator@rknet.org> Co-committed-by: Renovator Bot <renovator@rknet.org>
This commit is contained in:
parent
827546bc30
commit
5454da7bae
@ -24,7 +24,6 @@ steps:
|
|||||||
TRIVY_NO_PROGRESS: "true"
|
TRIVY_NO_PROGRESS: "true"
|
||||||
TRIVY_SEVERITY: HIGH,CRITICAL
|
TRIVY_SEVERITY: HIGH,CRITICAL
|
||||||
TRIVY_TIMEOUT: 1m
|
TRIVY_TIMEOUT: 1m
|
||||||
TRIVY_SKIP_FILES: /usr/local/bin/gomplate,/usr/local/bin/helm,/usr/local/bin/polaris,/usr/local/bin/yq
|
|
||||||
|
|
||||||
publish-dockerhub:
|
publish-dockerhub:
|
||||||
group: container
|
group: container
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
FROM docker.io/alpine:3.18@sha256:34871e7290500828b39e22294660bee86d966bc0017544e848dd9a255cdf59e0
|
FROM docker.io/alpine:3.19@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48
|
||||||
|
|
||||||
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
|
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
|
||||||
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
|
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
|
||||||
@ -33,9 +33,14 @@ ENV POLARIS_VERSION="${POLARIS_VERSION:-8.5.3}"
|
|||||||
# renovate: datasource=pypi depName=flux-local
|
# renovate: datasource=pypi depName=flux-local
|
||||||
ENV FLUX_LOCAL_VERSION="${FLUX_LOCAL_VERSION:-3.2.0}"
|
ENV FLUX_LOCAL_VERSION="${FLUX_LOCAL_VERSION:-3.2.0}"
|
||||||
|
|
||||||
RUN apk --update add curl tar bash python3 py3-yaml py3-pip findutils git && \
|
ENV PIPX_HOME=/opt/pipx
|
||||||
|
ENV PIPX_BIN_DIR=/usr/local/bin
|
||||||
|
|
||||||
|
RUN apk --update add curl tar bash python3 pipx findutils git && \
|
||||||
apk --no-cache upgrade libcrypto3 libssl3 && \
|
apk --no-cache upgrade libcrypto3 libssl3 && \
|
||||||
pip install -qq --no-cache-dir flux-local=="$FLUX_LOCAL_VERSION" && \
|
pipx install --include-deps flux-local=="$FLUX_LOCAL_VERSION" && \
|
||||||
|
pipx inject flux-local PyYAML && \
|
||||||
|
$PIPX_HOME/shared/bin/pip install -U pip setuptools && \
|
||||||
curl -SsfL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/${TARGETOS}/${TARGETARCH}/kubectl" && \
|
curl -SsfL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/${TARGETOS}/${TARGETARCH}/kubectl" && \
|
||||||
curl -SsfL -o /usr/local/bin/kubectl-convert "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/${TARGETOS}/${TARGETARCH}/kubectl-convert" && \
|
curl -SsfL -o /usr/local/bin/kubectl-convert "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/${TARGETOS}/${TARGETARCH}/kubectl-convert" && \
|
||||||
curl -SsfL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_${TARGETOS}_${TARGETARCH}" && \
|
curl -SsfL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_${TARGETOS}_${TARGETARCH}" && \
|
||||||
@ -54,7 +59,8 @@ RUN apk --update add curl tar bash python3 py3-yaml py3-pip findutils git && \
|
|||||||
chmod 755 /usr/local/bin/kustomize && \
|
chmod 755 /usr/local/bin/kustomize && \
|
||||||
chmod 755 /usr/local/bin/kubeconform && \
|
chmod 755 /usr/local/bin/kubeconform && \
|
||||||
rm -rf /var/cache/apk/* && \
|
rm -rf /var/cache/apk/* && \
|
||||||
rm -rf /tmp/*
|
rm -rf /tmp/* && \
|
||||||
|
rm -rf /root/.cache/
|
||||||
|
|
||||||
ADD overlay/ /
|
ADD overlay/ /
|
||||||
|
|
||||||
|
|||||||
4
trivy-secret.yaml
Normal file
4
trivy-secret.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
allow-rules:
|
||||||
|
- id: aws-secret-access-key
|
||||||
|
path: .*/flux-local/.*/site-packages/GitPython-.*\.dist-info/METADATA
|
||||||
7
trivy.yaml
Normal file
7
trivy.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
scan:
|
||||||
|
skip-files:
|
||||||
|
- /usr/local/bin/gomplate
|
||||||
|
- /usr/local/bin/helm
|
||||||
|
- /usr/local/bin/polaris
|
||||||
|
- /usr/local/bin/yq
|
||||||
Loading…
Reference in New Issue
Block a user