refactor: drop pipx again and cleanup containerfile (#355)
All checks were successful
ci/woodpecker/push/build-package Pipeline was successful
ci/woodpecker/push/build-container Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/push/notify Pipeline was successful
ci/woodpecker/tag/build-package Pipeline was successful
ci/woodpecker/tag/build-container Pipeline was successful
ci/woodpecker/tag/docs Pipeline was successful
ci/woodpecker/tag/notify Pipeline was successful

BREAKING CHANGE: The Python package `pycrypto` has been removed as it is no longer maintained. If some custom Ansible resources (modules, filters, etc.) still rely on this library, this change may cause problems. In this case, it is recommended to inform the affected resource so that it can be updated to a modern cryptography library.

Reviewed-on: #355
Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
Co-committed-by: Robert Kaussow <mail@thegeeklab.de>
This commit is contained in:
Robert Kaussow 2023-12-14 10:47:23 +01:00 committed by Robert Kaussow
parent 68604a53d2
commit 58fe25e73c
4 changed files with 18 additions and 23 deletions

View File

@ -24,9 +24,6 @@ steps:
TRIVY_NO_PROGRESS: "true" TRIVY_NO_PROGRESS: "true"
TRIVY_SEVERITY: HIGH,CRITICAL TRIVY_SEVERITY: HIGH,CRITICAL
TRIVY_TIMEOUT: 1m TRIVY_TIMEOUT: 1m
TRIVY_SKIP_FILES: >-
/usr/local/bin/gomplate,
/opt/pipx/venvs/ansible/lib/**/site-packages/ansible_collections/**/modules/*.py
publish-dockerhub: publish-dockerhub:
group: container group: container

View File

@ -19,31 +19,19 @@ ENV PY_COLORS=1
ENV CARGO_NET_GIT_FETCH_WITH_CLI=true ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
ENV ANSIBLE_FORCE_COLOR=true ENV ANSIBLE_FORCE_COLOR=true
ENV USER=root ENV USER=root
ENV PATH=/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin
ENV PIPX_HOME=/opt/pipx
ENV PIPX_BIN_DIR=/usr/local/bin
COPY overlay/ / COPY overlay/ /
RUN apk add --update --no-cache --virtual .build-deps build-base libffi-dev musl-dev openssl-dev python3-dev cargo && \ RUN apk add --update --no-cache --virtual .build-deps build-base libffi-dev musl-dev openssl-dev python3-dev cargo && \
apk add --update --no-cache git openssh-client pipx && \ apk add --update --no-cache git openssh-client && \
echo "Installing requirements ..." && \
pip install -qq --no-cache-dir --upgrade pip && \
pip install -qq --no-cache-dir boto boto3 botocore apache-libcloud hcloud \
flaky passlib pytest pytest-testinfra && \
echo "Installing ansible 'v$ANSIBLE_VERSION' ..." && \ echo "Installing ansible 'v$ANSIBLE_VERSION' ..." && \
pipx install --include-deps ansible=="$ANSIBLE_VERSION" && \ pip install -qq --no-cache-dir ansible=="$ANSIBLE_VERSION" && \
echo "Installing molecule version '$MOLECULE_VERSION' ..." && \ echo "Installing molecule version 'v$MOLECULE_VERSION' ..." && \
pipx inject --include-apps ansible molecule && \ pip install -qq --no-cache-dir molecule=="$MOLECULE_VERSION" molecule-plugins[docker] molecule_hetznercloud; \
pipx inject --include-apps ansible pytest && \
pipx inject ansible pytest-testinfra && \
pipx inject ansible molecule-plugins[docker] && \
pipx inject ansible molecule_hetznercloud && \
pipx inject ansible boto && \
pipx inject ansible boto3 && \
pipx inject ansible botocore && \
pipx inject ansible hcloud && \
pipx inject ansible apache-libcloud && \
pipx inject ansible pycrypto && \
pipx inject ansible flaky && \
pipx inject ansible passlib && \
$PIPX_HOME/shared/bin/pip install -U pip setuptools && \
apk del .build-deps && \ apk del .build-deps && \
rm -rf /var/cache/apk/* && \ rm -rf /var/cache/apk/* && \
rm -rf /tmp/* && \ rm -rf /tmp/* && \

6
trivy-secret.yaml Normal file
View File

@ -0,0 +1,6 @@
---
allow-rules:
- id: private-key
path: .*/ansible/.*/site-packages/ansible_collections/(community|google|netapp)/.*\.py
- id: aws-secret-access-key
path: .*/ansible/.*/site-packages/ansible_collections/amazon/.*\.py

4
trivy.yaml Normal file
View File

@ -0,0 +1,4 @@
---
scan:
skip-files:
- /usr/local/bin/gomplate