From c40b6be2e42d36221849a19bfa7bb49f4d8d7974 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Mon, 7 Oct 2024 10:17:22 +0200 Subject: [PATCH 1/2] fix: add back curl --- .github/workflows/build_container.yml | 1 + .github/workflows/ci.yaml | 1 + Dockerfile | 4 ++++ build_versions.json | 6 ++++-- 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 45b7cc2..9b293c2 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -48,6 +48,7 @@ jobs: APK_JQ=${{ matrix.apk_jq }} APK_YAMLLINT=${{ matrix.apk_yamllint }} APK_GIT=${{ matrix.apk_git }} + APK_CURL=${{ matrix.apk_curl }} build_arch: linux/amd64,linux/arm64 docker_username: voxpupulibot docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index fbf6f3e..d27e8a0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -53,6 +53,7 @@ jobs: APK_JQ=${{ matrix.apk_jq }} APK_YAMLLINT=${{ matrix.apk_yamllint }} APK_GIT=${{ matrix.apk_git }} + APK_CURL=${{ matrix.apk_curl }} - name: Clone voxpupuli/puppet-example repository uses: actions/checkout@v4 diff --git a/Dockerfile b/Dockerfile index 46655f3..6f8aa05 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,6 +2,7 @@ ARG BASE_IMAGE=docker.io/ruby:3.2.5-alpine3.20 FROM $BASE_IMAGE AS builder +# Gems have to be ARG and ENV because they are used as reference in the Gemfile ARG RUBYGEM_PUPPET ENV RUBYGEM_PUPPET ${RUBYGEM_PUPPET:-8.8.1} @@ -71,15 +72,18 @@ LABEL org.label-schema.maintainer="Voxpupuli Team " \ org.label-schema.schema-version="1.0" \ org.label-schema.dockerfile="/Dockerfile" +# APKs are not used in any other file, so ARG is sufficient. ARG APK_JQ=1.7.1-r0 ARG APK_YAMLLINT=1.35.1-r1 ARG APK_GIT=2.45.2-r0 +ARG APK_CURL=8.10.1-r0 RUN apk update \ && apk upgrade \ && apk add jq=${APK_JQ} \ && apk add yamllint=${APK_YAMLLINT} \ && apk add git=${APK_GIT} \ + && apk add curl=${APK_CURL} \ && rm -rf /var/cache/apk/* \ && rm -rf /usr/local/lib/ruby/gems diff --git a/build_versions.json b/build_versions.json index e2eb6f4..78da6aa 100644 --- a/build_versions.json +++ b/build_versions.json @@ -17,7 +17,8 @@ "rubygem_bundler": "2.4.22", "apk_jq": "1.6-r1", "apk_yamllint": "1.26.3-r1", - "apk_git": "2.36.6-r0" + "apk_git": "2.36.6-r0", + "apk_curl": "8.5.0-r0" }, { "puppet_release": 8, @@ -36,7 +37,8 @@ "rubygem_bundler": "2.5.18", "apk_jq": "1.7.1-r0", "apk_yamllint": "1.35.1-r1", - "apk_git": "2.45.2-r0" + "apk_git": "2.45.2-r0", + "apk_curl": "8.10.1-r0" } ] } From fa0c90a23e7b35328b33e751efdc443873bba8a6 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Mon, 7 Oct 2024 10:32:27 +0200 Subject: [PATCH 2/2] fix: add curl argument also to cve scanning build --- .github/workflows/security_scanning.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/security_scanning.yml b/.github/workflows/security_scanning.yml index 6ae9f18..b6db7ff 100644 --- a/.github/workflows/security_scanning.yml +++ b/.github/workflows/security_scanning.yml @@ -54,6 +54,7 @@ jobs: APK_JQ=${{ matrix.apk_jq }} APK_YAMLLINT=${{ matrix.apk_yamllint }} APK_GIT=${{ matrix.apk_git }} + APK_CURL=${{ matrix.apk_curl }} - name: Scan image with Anchore Grype uses: anchore/scan-action@v4