From 6bc611411d9dcc1d13e8b2da1b6ffd8490df9bd6 Mon Sep 17 00:00:00 2001 From: huynaism Date: Fri, 15 Nov 2024 15:42:54 +0700 Subject: [PATCH 1/2] bump pipeline --- .github/workflows/publish.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e05ecb1..5e62e58 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -17,8 +17,12 @@ jobs: docker_pipeline: needs: ["lint_test"] - uses: babylonlabs-io/.github/.github/workflows/reusable_docker_pipeline.yml@v0.6.0 + uses: babylonlabs-io/.github/.github/workflows/reusable_docker_pipeline.yml@v0.12.2 secrets: inherit with: publish: true - dockerfile: ./contrib/images/babylon-staking-indexer/Dockerfile \ No newline at end of file + dockerfile: ./contrib/images/babylon-staking-indexer/Dockerfile + docker_scan: true + permissions: + security-events: write + packages: read \ No newline at end of file From d1f109b170fd51a46654a8cb2b9f1d749a6ca790 Mon Sep 17 00:00:00 2001 From: huynaism Date: Fri, 15 Nov 2024 15:46:08 +0700 Subject: [PATCH 2/2] resolve some base img CVE & hadolint issue --- contrib/images/babylon-staking-indexer/Dockerfile | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/contrib/images/babylon-staking-indexer/Dockerfile b/contrib/images/babylon-staking-indexer/Dockerfile index 991416d..8ddd226 100644 --- a/contrib/images/babylon-staking-indexer/Dockerfile +++ b/contrib/images/babylon-staking-indexer/Dockerfile @@ -1,7 +1,8 @@ -FROM golang:1.22.3-alpine AS builder +FROM golang:1.22.7-alpine AS builder ARG VERSION="HEAD" +# hadolint ignore=DL3018 RUN apk add --no-cache \ make \ git \ @@ -12,7 +13,7 @@ RUN apk add --no-cache \ alpine-sdk \ libsodium-dev \ libsodium-static \ - openssh + openssh && rm -rf /var/cache/apk/* # Build WORKDIR /go/src/github.com/babylonlabs-io/babylon-staking-indexer @@ -31,10 +32,11 @@ RUN LDFLAGS='-extldflags "-static" -v' \ make build # Final minimal image with binary only -FROM alpine:3.16 as run +FROM alpine:3.20 as run -RUN addgroup --gid 1138 -S babylon-staking-indexer && adduser --uid 1138 -S babylon-staking-indexer -G babylon-staking-indexer -RUN apk add bash curl jq +# hadolint ignore=DL3018 +RUN addgroup --gid 1138 -S babylon-staking-indexer && adduser --uid 1138 -S babylon-staking-indexer -G babylon-staking-indexer \ + && apk add --no-cache bash curl jq && rm -rf /var/cache/apk/* # Label should match your github repo LABEL org.opencontainers.image.source="https://github.com/babylonlabs-io/babylon-staking-indexer:${VERSION}"