chore(deps): update docker.io/alpine docker tag to v3.19 (#94)
Some checks failed
ci/woodpecker/push/build-package Pipeline was successful
ci/woodpecker/push/docs unknown status
ci/woodpecker/push/build-container Pipeline failed
ci/woodpecker/push/notify Pipeline was successful

Reviewed-on: #94
Co-authored-by: Renovator Bot <renovator@rknet.org>
Co-committed-by: Renovator Bot <renovator@rknet.org>
This commit is contained in:
Renovator Bot 2023-12-14 10:47:31 +01:00 committed by Robert Kaussow
parent 827546bc30
commit 5454da7bae
4 changed files with 21 additions and 5 deletions

View File

@ -24,7 +24,6 @@ steps:
TRIVY_NO_PROGRESS: "true" TRIVY_NO_PROGRESS: "true"
TRIVY_SEVERITY: HIGH,CRITICAL TRIVY_SEVERITY: HIGH,CRITICAL
TRIVY_TIMEOUT: 1m TRIVY_TIMEOUT: 1m
TRIVY_SKIP_FILES: /usr/local/bin/gomplate,/usr/local/bin/helm,/usr/local/bin/polaris,/usr/local/bin/yq
publish-dockerhub: publish-dockerhub:
group: container group: container

View File

@ -1,4 +1,4 @@
FROM docker.io/alpine:3.18@sha256:34871e7290500828b39e22294660bee86d966bc0017544e848dd9a255cdf59e0 FROM docker.io/alpine:3.19@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>" LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>" LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
@ -33,9 +33,14 @@ ENV POLARIS_VERSION="${POLARIS_VERSION:-8.5.3}"
# renovate: datasource=pypi depName=flux-local # renovate: datasource=pypi depName=flux-local
ENV FLUX_LOCAL_VERSION="${FLUX_LOCAL_VERSION:-3.2.0}" ENV FLUX_LOCAL_VERSION="${FLUX_LOCAL_VERSION:-3.2.0}"
RUN apk --update add curl tar bash python3 py3-yaml py3-pip findutils git && \ ENV PIPX_HOME=/opt/pipx
ENV PIPX_BIN_DIR=/usr/local/bin
RUN apk --update add curl tar bash python3 pipx findutils git && \
apk --no-cache upgrade libcrypto3 libssl3 && \ apk --no-cache upgrade libcrypto3 libssl3 && \
pip install -qq --no-cache-dir flux-local=="$FLUX_LOCAL_VERSION" && \ pipx install --include-deps flux-local=="$FLUX_LOCAL_VERSION" && \
pipx inject flux-local PyYAML && \
$PIPX_HOME/shared/bin/pip install -U pip setuptools && \
curl -SsfL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/${TARGETOS}/${TARGETARCH}/kubectl" && \ curl -SsfL -o /usr/local/bin/kubectl "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/${TARGETOS}/${TARGETARCH}/kubectl" && \
curl -SsfL -o /usr/local/bin/kubectl-convert "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/${TARGETOS}/${TARGETARCH}/kubectl-convert" && \ curl -SsfL -o /usr/local/bin/kubectl-convert "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/${TARGETOS}/${TARGETARCH}/kubectl-convert" && \
curl -SsfL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_${TARGETOS}_${TARGETARCH}" && \ curl -SsfL -o /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_${TARGETOS}_${TARGETARCH}" && \
@ -54,7 +59,8 @@ RUN apk --update add curl tar bash python3 py3-yaml py3-pip findutils git && \
chmod 755 /usr/local/bin/kustomize && \ chmod 755 /usr/local/bin/kustomize && \
chmod 755 /usr/local/bin/kubeconform && \ chmod 755 /usr/local/bin/kubeconform && \
rm -rf /var/cache/apk/* && \ rm -rf /var/cache/apk/* && \
rm -rf /tmp/* rm -rf /tmp/* && \
rm -rf /root/.cache/
ADD overlay/ / ADD overlay/ /

4
trivy-secret.yaml Normal file
View File

@ -0,0 +1,4 @@
---
allow-rules:
- id: aws-secret-access-key
path: .*/flux-local/.*/site-packages/GitPython-.*\.dist-info/METADATA

7
trivy.yaml Normal file
View File

@ -0,0 +1,7 @@
---
scan:
skip-files:
- /usr/local/bin/gomplate
- /usr/local/bin/helm
- /usr/local/bin/polaris
- /usr/local/bin/yq