Install current version of git (2.42.0) (#24)

* update Dockerfile and configs - Dockerfile: - get all types of ssh keys from github and devops (not only rsa) - install most recent version of git - replace all `apt-get -yq` with `apt-get -y` - mega-linter workflow: - reduce token permission for contents to read - add job env `GITHUB_TOKEN` - dockerhub-description: - set commit sha for dockerhub-description action - ci workflow - use actions/checkout v4 - remove recommendations from docker scout - set severities for docker-scout to critical - dependabot: - set github-actions update interval to daily - small update to readme - remove `(tmp/|\\.example|` from regex exclude in .mega-linter.yml * install git after dependencies and apt-fast
mauwii · Sep 10, 2023 · 6cfe88c · 6cfe88c
1 parent 85b407c
commit 6cfe88c
Show file tree

Hide file tree

Showing 7 changed files with 46 additions and 35 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -8,4 +8,4 @@ updates:
   - package-ecosystem: 'github-actions' # See documentation for possible values
     directory: '/' # Location of package manifests
     schedule:
-      interval: 'weekly'
+      interval: 'daily'
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -42,7 +42,7 @@ jobs:
       DOCKERHUB_USERNAME: ${{ github.repository_owner }}
       DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
     steps:
-      - uses: actions/checkout@v3.6.0
+      - uses: actions/checkout@v4
 
       - name: Free up disk space
         uses: ./.github/actions/free-space
@@ -132,9 +132,6 @@ jobs:
             type=registry,ref=${{ env.REGISTRY_IMAGE }}:cache-${{ matrix.codename }},mode=max
           # this will give us some useful information about the build
           provenance: mode=max
-          # for PRs the SBOM will be built in Docker Scout
-          # sbom: true
-          # depended on the event type, we either push or load the image
           push: true
           # outputs: type=image,name=${{ env.REGISTRY_IMAGE }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }},push=true
         env:
@@ -146,12 +143,12 @@ jobs:
         continue-on-error: true
         uses: docker/[email protected]
         with:
-          command: recommendations,sbom,compare
+          command: sbom,compare
           image: ${{ steps.meta.outputs.tags }}
           to: ${{ format('{0}/{1}:{2}', env.REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }}
           organization: ${{ github.repository_owner }}
           ignore-unchanged: true
-          only-severities: high
+          only-severities: critical
           write-comment: ${{ github.actor != 'nektos/act' }}
           keep-previous-comments: true
           summary: ${{ github.actor != 'nektos/act' }}

diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml
@@ -18,7 +18,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Docker Hub Description
-        uses: peter-evans/dockerhub-description@v3
+        uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864
         with:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}

diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -22,14 +22,16 @@ concurrency:
 permissions:
   # Give the default GITHUB_TOKEN write permission to commit and push, comment issues & post new PR
   # Remove the ones you do not need
-  contents: write
+  contents: read
   issues: write
   pull-requests: write
 
 jobs:
   build:
     name: MegaLinter
     runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       # Git Checkout
       - name: Checkout Code

diff --git a/.mega-linter.yml b/.mega-linter.yml
@@ -10,7 +10,7 @@ APPLY_FIXES: all # all, none, or list of linter keys
 SHOW_ELAPSED_TIME: true
 FILEIO_REPORTER: false
 # DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass
-FILTER_REGEX_EXCLUDE: '(tmp/|\\.example|megalinter-reports)'
+FILTER_REGEX_EXCLUDE: '(megalinter-reports/)'
 YAML_V8R_FILTER_REGEX_EXCLUDE: '(\.prettierrc\.yaml)'
 VALIDATE_ALL_CODEBASE: true
 SPELL_LYCHEE_FILTER_REGEX_EXCLUDE: '(.github/workflows|\.mega-linter\.yml)'
diff --git a/README.md b/README.md
@@ -45,19 +45,23 @@ The easiest way is to add those lines in your `~/.actrc`:
 For further Informations about nektos/arc and how to use it, checkout the
 [nektos documentation📖](https://nektosact.com/beginner/index.html)
 
-## How I run act on my M2-Max
+## How I run act on my M2-Max 💻
 
 - didnt work properly when installed via brew, so I installed it via GitHub-CLI:
 
-  `gh extension install https://github.com/nektos/gh-act`
+  ```bash
+  gh extension install https://github.com/nektos/gh-act
+  ```
 
 - set an alias:
 
-  `alias act='gh act -s GITHUB_TOKEN="$(gh auth token)"'`
+  ```bash
+  alias act='gh act -s GITHUB_TOKEN="$(gh auth token)"'
+  ```
 
 - export DOCKER_HOST env
 
-  ```sh
+  ```bash
   DOCKER_HOST=$(docker context inspect --format '{{.Endpoints.docker.Host}}')
   export DOCKER_HOST
   ```
@@ -66,11 +70,11 @@ For further Informations about nektos/arc and how to use it, checkout the
 
   - Advanced:
 
-    :heavy_check_mark: Allow the default Docker socket to be used (requires password)
+    ✔️ Allow the default Docker socket to be used (requires password)
 
   - Features in Development:
 
-    All Beta Features enabled (containerd, wasm, rosetta and builds view)
+    ✔️ All Beta Features enabled (containerd, wasm, rosetta and builds view)
 
 - `~/.actrc`:
 
@@ -85,8 +89,9 @@ For further Informations about nektos/arc and how to use it, checkout the
 
 To execute the mega-linter locally:
 
-```sh
+```bash
 npx mega-linter-runner \
-    -e GITHUB_TOKEN=$(gh auth token) \
+    --flavor salesforce \
+    -e GITHUB_TOKEN="$(gh auth token)" \
     --remove-container
 ```
diff --git a/linux/ubuntu/Dockerfile b/linux/ubuntu/Dockerfile
@@ -49,14 +49,13 @@ RUN sed 's|"||g' -i "/etc/environment" \
 
 # add ssh keys of github and azure devops
 # hadolint ignore=SC2174
-RUN mkdir -m 0700 -p ~/.ssh \
-    && ssh-keyscan -t rsa github.com >>/etc/ssh/ssh_known_hosts \
-    && ssh-keyscan -t rsa ssh.dev.azure.com >>/etc/ssh/ssh_known_hosts
+RUN ssh-keyscan github.com >>/etc/ssh/ssh_known_hosts \
+    && ssh-keyscan ssh.dev.azure.com >>/etc/ssh/ssh_known_hosts
 
 # Install dependencies
-RUN apt-get -yq update \
+RUN apt-get -y update \
     && packages=(gawk sudo jq gnupg-agent ca-certificates software-properties-common apt-transport-https zstd zip unzip xz-utils) \
-    && apt-get -yq install --no-install-recommends --no-install-suggests \
+    && apt-get -y install --no-install-recommends --no-install-suggests \
         "${packages[@]}" \
     && apt-get clean \
     && rm -rf /etc/apt/sources.list.d/* \
@@ -68,9 +67,17 @@ RUN bash -c "$(curl -fsSL https://raw.githubusercontent.com/ilikenwf/apt-fast/ma
     && rm -rf /etc/apt/sources.list.d/* \
     && rm -rf /var/lib/apt/lists/*
 
+# Install current version of git
+RUN add-apt-repository -y ppa:git-core/ppa \
+    && apt-get -y update \
+    && apt-get -y install --no-install-recommends git \
+    && apt-get clean \
+    && rm -rf /etc/apt/sources.list.d/* \
+    && rm -rf /var/lib/apt/lists/*
+
 # Install Git-LFS
 RUN curl -Ls https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash \
-    && apt-get -yq install --no-install-recommends --no-install-suggests \
+    && apt-get -y install --no-install-recommends --no-install-suggests \
         git-lfs \
     && apt-get clean \
     && rm -rf /etc/apt/sources.list.d/* \
@@ -81,8 +88,8 @@ RUN echo "deb https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod $(ls
     | tee /etc/apt/sources.list.d/microsoft-prod.list \
     && curl -sL https://packages.microsoft.com/keys/microsoft.asc \
     | gpg --dearmor >/etc/apt/trusted.gpg.d/microsoft.gpg \
-    && apt-get -yq update \
-    && apt-get -yq install --no-install-recommends --no-install-suggests \
+    && apt-get -y update \
+    && apt-get -y install --no-install-recommends --no-install-suggests \
         moby-cli \
         moby-buildx \
         moby-compose \
@@ -108,8 +115,8 @@ RUN export fromVersion=${FROM_VERSION} \
     && deps=("libc6" "libgcc1" "libgssapi-krb5-2" "libstdc++6" "zlib1g") \
     && if [ "${fromVersion}" = "20.04" ]; then deps+=("libicu66" "libssl1.1"); fi \
     && if [ "${fromVersion}" = "22.04" ]; then deps+=("libicu70" "libssl3" "libunwind8"); fi \
-    && apt-get -yq update \
-    && apt-get -yq install --no-install-recommends \
+    && apt-get -y update \
+    && apt-get -y install --no-install-recommends \
         "${deps[@]}" \
     && curl -L https://dot.net/v1/dotnet-install.sh -o dotnet-install.sh \
     && chmod +x ./dotnet-install.sh \
@@ -148,8 +155,8 @@ RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
     && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
     && echo "deb [arch=${TARGETARCH} signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
     | tee /etc/apt/sources.list.d/github-cli.list >/dev/null \
-    && apt-get -yq update \
-    && apt-get -yq install --no-install-recommends \
+    && apt-get -y update \
+    && apt-get -y install --no-install-recommends \
         gh \
     && apt-get clean \
     && rm -rf /etc/apt/sources.list.d/* \
@@ -160,8 +167,8 @@ RUN [[ $(curl -sL https://packages.microsoft.com/repos/azure-cli/dists/) =~ $(ls
     && (curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor >/etc/apt/trusted.gpg.d/microsoft.gpg \
         && echo "deb [arch=$(dpkg --print-architecture)] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" \
             >/etc/apt/sources.list.d/azure-cli.list \
-        && apt-get -yq update \
-        && apt-get -yq install --no-install-recommends \
+        && apt-get -y update \
+        && apt-get -y install --no-install-recommends \
             azure-cli \
         && az extension add -n azure-devops \
         && az bicep install --target-platform "linux-$(cat /tmp/targetproc)" \
@@ -185,10 +192,10 @@ COPY linux/${DISTRO}/toolsets/${FROM_VERSION_MAJOR}${FROM_VERSION_MINOR}.json ${
 
 # install apt packages from toolset
 # hadolint ignore=SC2207
-RUN apt-get -yq update \
+RUN apt-get -y update \
     && packages=() \
     && while IFS='' read -r line; do packages+=("${line}"); done < <(jq -r '.apt|.vital_packages[],.common_packages[],.cmd_packages[]' ${TOOLSET}) \
-    && apt-get -yq install --no-install-recommends --no-upgrade \
+    && apt-get -y install --no-install-recommends --no-upgrade \
         "${packages[@]}" \
     && apt-get clean \
     && rm -rf /etc/apt/sources.list.d/* \
@@ -211,7 +218,7 @@ RUN pwsh -NonInteractive -Command "Set-PSRepository -Name PSGallery -Installatio
     && while IFS='' read -r azVersion; do echo "installing Az ${azVersion}" && pwsh -NonInteractive -Command "Install-Module -Name Az -RequiredVersion ${azVersion} -Scope AllUsers -Repository PSGallery"; done < <(jq -r '.azureModules[].versions[]' ${TOOLSET})
 
 # cleanup step
-RUN apt-get -yq clean \
+RUN apt-get -y clean \
     && rm -rf \
         /var/cache/* \
         /var/log/* \