refactor: drop pipx again and cleanup containerfile (#355)
All checks were successful
ci/woodpecker/push/build-package Pipeline was successful
ci/woodpecker/push/build-container Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/push/notify Pipeline was successful
ci/woodpecker/tag/build-package Pipeline was successful
ci/woodpecker/tag/build-container Pipeline was successful
ci/woodpecker/tag/docs Pipeline was successful
ci/woodpecker/tag/notify Pipeline was successful
All checks were successful
ci/woodpecker/push/build-package Pipeline was successful
ci/woodpecker/push/build-container Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/push/notify Pipeline was successful
ci/woodpecker/tag/build-package Pipeline was successful
ci/woodpecker/tag/build-container Pipeline was successful
ci/woodpecker/tag/docs Pipeline was successful
ci/woodpecker/tag/notify Pipeline was successful
BREAKING CHANGE: The Python package `pycrypto` has been removed as it is no longer maintained. If some custom Ansible resources (modules, filters, etc.) still rely on this library, this change may cause problems. In this case, it is recommended to inform the affected resource so that it can be updated to a modern cryptography library. Reviewed-on: #355 Co-authored-by: Robert Kaussow <mail@thegeeklab.de> Co-committed-by: Robert Kaussow <mail@thegeeklab.de>
This commit is contained in:
parent
68604a53d2
commit
58fe25e73c
@ -24,9 +24,6 @@ steps:
|
|||||||
TRIVY_NO_PROGRESS: "true"
|
TRIVY_NO_PROGRESS: "true"
|
||||||
TRIVY_SEVERITY: HIGH,CRITICAL
|
TRIVY_SEVERITY: HIGH,CRITICAL
|
||||||
TRIVY_TIMEOUT: 1m
|
TRIVY_TIMEOUT: 1m
|
||||||
TRIVY_SKIP_FILES: >-
|
|
||||||
/usr/local/bin/gomplate,
|
|
||||||
/opt/pipx/venvs/ansible/lib/**/site-packages/ansible_collections/**/modules/*.py
|
|
||||||
|
|
||||||
publish-dockerhub:
|
publish-dockerhub:
|
||||||
group: container
|
group: container
|
||||||
|
@ -19,31 +19,19 @@ ENV PY_COLORS=1
|
|||||||
ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
|
ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
|
||||||
ENV ANSIBLE_FORCE_COLOR=true
|
ENV ANSIBLE_FORCE_COLOR=true
|
||||||
ENV USER=root
|
ENV USER=root
|
||||||
ENV PATH=/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin
|
|
||||||
ENV PIPX_HOME=/opt/pipx
|
|
||||||
ENV PIPX_BIN_DIR=/usr/local/bin
|
|
||||||
|
|
||||||
COPY overlay/ /
|
COPY overlay/ /
|
||||||
|
|
||||||
RUN apk add --update --no-cache --virtual .build-deps build-base libffi-dev musl-dev openssl-dev python3-dev cargo && \
|
RUN apk add --update --no-cache --virtual .build-deps build-base libffi-dev musl-dev openssl-dev python3-dev cargo && \
|
||||||
apk add --update --no-cache git openssh-client pipx && \
|
apk add --update --no-cache git openssh-client && \
|
||||||
|
echo "Installing requirements ..." && \
|
||||||
|
pip install -qq --no-cache-dir --upgrade pip && \
|
||||||
|
pip install -qq --no-cache-dir boto boto3 botocore apache-libcloud hcloud \
|
||||||
|
flaky passlib pytest pytest-testinfra && \
|
||||||
echo "Installing ansible 'v$ANSIBLE_VERSION' ..." && \
|
echo "Installing ansible 'v$ANSIBLE_VERSION' ..." && \
|
||||||
pipx install --include-deps ansible=="$ANSIBLE_VERSION" && \
|
pip install -qq --no-cache-dir ansible=="$ANSIBLE_VERSION" && \
|
||||||
echo "Installing molecule version '$MOLECULE_VERSION' ..." && \
|
echo "Installing molecule version 'v$MOLECULE_VERSION' ..." && \
|
||||||
pipx inject --include-apps ansible molecule && \
|
pip install -qq --no-cache-dir molecule=="$MOLECULE_VERSION" molecule-plugins[docker] molecule_hetznercloud; \
|
||||||
pipx inject --include-apps ansible pytest && \
|
|
||||||
pipx inject ansible pytest-testinfra && \
|
|
||||||
pipx inject ansible molecule-plugins[docker] && \
|
|
||||||
pipx inject ansible molecule_hetznercloud && \
|
|
||||||
pipx inject ansible boto && \
|
|
||||||
pipx inject ansible boto3 && \
|
|
||||||
pipx inject ansible botocore && \
|
|
||||||
pipx inject ansible hcloud && \
|
|
||||||
pipx inject ansible apache-libcloud && \
|
|
||||||
pipx inject ansible pycrypto && \
|
|
||||||
pipx inject ansible flaky && \
|
|
||||||
pipx inject ansible passlib && \
|
|
||||||
$PIPX_HOME/shared/bin/pip install -U pip setuptools && \
|
|
||||||
apk del .build-deps && \
|
apk del .build-deps && \
|
||||||
rm -rf /var/cache/apk/* && \
|
rm -rf /var/cache/apk/* && \
|
||||||
rm -rf /tmp/* && \
|
rm -rf /tmp/* && \
|
||||||
|
6
trivy-secret.yaml
Normal file
6
trivy-secret.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
allow-rules:
|
||||||
|
- id: private-key
|
||||||
|
path: .*/ansible/.*/site-packages/ansible_collections/(community|google|netapp)/.*\.py
|
||||||
|
- id: aws-secret-access-key
|
||||||
|
path: .*/ansible/.*/site-packages/ansible_collections/amazon/.*\.py
|
4
trivy.yaml
Normal file
4
trivy.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
scan:
|
||||||
|
skip-files:
|
||||||
|
- /usr/local/bin/gomplate
|
Reference in New Issue
Block a user