Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI: Enable Dockerfile and image scanning #19

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,11 @@ jobs:

docker_pipeline:
needs: ["lint_test"]
uses: babylonlabs-io/.github/.github/workflows/reusable_docker_pipeline.yml@v0.6.0
uses: babylonlabs-io/.github/.github/workflows/reusable_docker_pipeline.yml@v0.10.2
secrets: inherit
with:
publish: true
docker_scan: true
permissions:
security-events: write
packages: read
5 changes: 5 additions & 0 deletions .trivyignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# LND < 0.17.0 issue, not fixing
CVE-2024-27304
GHSA-7jwh-3vrq-q3m8
CVE-2024-27289
CVE-2024-38359
15 changes: 8 additions & 7 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
FROM golang:1.22.3-alpine as builder
FROM golang:1.22.7-alpine as builder

Check warning on line 1 in Dockerfile

View workflow job for this annotation

GitHub Actions / docker_pipeline / docker_build (linux/amd64, ubuntu-24.04)

The 'as' keyword should match the case of the 'from' keyword

FromAsCasing: 'as' and 'FROM' keywords' casing do not match More info: https://docs.docker.com/go/dockerfile/rule/from-as-casing/

Check warning on line 1 in Dockerfile

View workflow job for this annotation

GitHub Actions / docker_pipeline / docker_build (linux/amd64, ubuntu-24.04)

The 'as' keyword should match the case of the 'from' keyword

FromAsCasing: 'as' and 'FROM' keywords' casing do not match More info: https://docs.docker.com/go/dockerfile/rule/from-as-casing/

Check warning on line 1 in Dockerfile

View workflow job for this annotation

GitHub Actions / docker_pipeline / docker_build (linux/arm64, ubuntu-24.04-arm64)

The 'as' keyword should match the case of the 'from' keyword

FromAsCasing: 'as' and 'FROM' keywords' casing do not match More info: https://docs.docker.com/go/dockerfile/rule/from-as-casing/

Check warning on line 1 in Dockerfile

View workflow job for this annotation

GitHub Actions / docker_pipeline / docker_build (linux/arm64, ubuntu-24.04-arm64)

The 'as' keyword should match the case of the 'from' keyword

FromAsCasing: 'as' and 'FROM' keywords' casing do not match More info: https://docs.docker.com/go/dockerfile/rule/from-as-casing/

# Version to build. Default is the Git HEAD.
ARG VERSION="HEAD"

# Use muslc for static libs
ARG BUILD_TAGS="muslc"


# hadolint ignore=DL3018
RUN apk add --no-cache --update openssh git make build-base linux-headers libc-dev \
pkgconfig zeromq-dev musl-dev alpine-sdk libsodium-dev \
libzmq-static libsodium-static gcc
libzmq-static libsodium-static gcc \
&& rm -rf /var/cache/apk/*

# Build
WORKDIR /go/src/github.com/babylonlabs-io/cli-tools
Expand All @@ -26,11 +27,11 @@
make build

# FINAL IMAGE
FROM alpine:3.16 AS run

RUN addgroup --gid 1138 -S cli-tools && adduser --uid 1138 -S cli-tools -G cli-tools
FROM alpine:3.20 AS run

RUN apk add bash curl jq
# hadolint ignore=DL3018
RUN addgroup --gid 1138 -S cli-tools && adduser --uid 1138 -S cli-tools -G cli-tools \
&& apk --no-cache add bash curl jq && rm -rf /var/cache/apk/*

COPY --from=builder /go/src/github.com/babylonlabs-io/cli-tools/build/cli-tools /bin/cli-tools

Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -258,7 +258,7 @@ require (
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
github.com/rs/cors v1.8.3 // indirect
github.com/rs/cors v1.11.0 // indirect
github.com/rs/zerolog v1.32.0 // indirect
github.com/sasha-s/go-deadlock v0.3.1 // indirect
github.com/sirupsen/logrus v1.9.0 // indirect
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -1186,6 +1186,8 @@ github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99
github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
github.com/rs/cors v1.8.3 h1:O+qNyWn7Z+F9M0ILBHgMVPuB1xTOucVd5gtaYyXBpRo=
github.com/rs/cors v1.8.3/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po=
github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
Expand Down
Loading