From c26e6c822fc3c86b7a044c1bef3e30995ca38276 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 8 Dec 2023 09:41:37 +0100
Subject: [PATCH] chore(deps): update docker.io/alpine docker tag to v3.19
 (#208)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
---
 .drone.yml           |  1 +
 Dockerfile.multiarch | 16 ++++++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index a9e3de3..9d53fb7 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -113,6 +113,7 @@ steps:
       TRIVY_NO_PROGRESS: True
       TRIVY_SEVERITY: HIGH,CRITICAL
       TRIVY_TIMEOUT: 1m
+      TRIVY_SKIP_FILES: /opt/pipx/venvs/ansible/lib/**/site-packages/ansible_collections/**/modules/*.py
     depends_on:
       - security-build
 
diff --git a/Dockerfile.multiarch b/Dockerfile.multiarch
index d92f0e4..b538f66 100644
--- a/Dockerfile.multiarch
+++ b/Dockerfile.multiarch
@@ -8,7 +8,7 @@ WORKDIR /src
 
 RUN make build
 
-FROM docker.io/alpine:3.18@sha256:34871e7290500828b39e22294660bee86d966bc0017544e848dd9a255cdf59e0
+FROM docker.io/alpine:3.19@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48
 
 LABEL maintainer="ownCloud DevOps <devops@owncloud.com>"
 LABEL org.opencontainers.image.authors="ownCloud DevOps <devops@owncloud.com>"
@@ -24,11 +24,19 @@ ARG ANSIBLE_VERSION
 # renovate: datasource=pypi depName=ansible
 ENV ANSIBLE_VERSION="${ANSIBLE_VERSION:-9.0.1}"
 
+ENV PIPX_HOME=/opt/pipx
+ENV PIPX_BIN_DIR=/usr/local/bin
+
 RUN apk --update add --virtual .build-deps python3-dev libffi-dev build-base && \
-    apk add --no-cache bash git curl rsync openssh-client sshpass py3-pip py3-requests py3-paramiko && \
+    apk add --no-cache bash git curl rsync openssh-client sshpass pipx && \
     apk upgrade --no-cache libcrypto3 libssl3 && \
-    pip3 install -U pip && \
-    pip3 install ansible=="${ANSIBLE_VERSION}" boto3 hcloud pywinrm passlib jsonschema && \
+    pipx install ansible=="${ANSIBLE_VERSION}" --include-deps && \
+    pipx inject ansible boto3 && \
+    pipx inject ansible hcloud && \
+    pipx inject ansible pywinrm && \
+    pipx inject ansible passlib && \
+    pipx inject ansible jsonschema && \
+    $PIPX_HOME/shared/bin/pip install -U pip setuptools && \
     apk del .build-deps && \
     rm -rf /var/cache/apk/* && \
     rm -rf /tmp/*