From 249ce24dc47604450443748155a59b7f495cabac Mon Sep 17 00:00:00 2001 From: Nic Cheneweth Date: Wed, 15 May 2024 17:21:20 -0500 Subject: [PATCH] [nc] test using gha-tools-action workflow for building job containers Signed-off-by: Nic Cheneweth --- .../before-static-analysis/action.yaml | 24 +++++++++---------- .github/workflows/development-build.yaml | 6 +---- .gitignore | 1 + Dockerfile | 14 +++++------ 4 files changed, 21 insertions(+), 24 deletions(-) create mode 100644 .gitignore diff --git a/.github/actions/before-static-analysis/action.yaml b/.github/actions/before-static-analysis/action.yaml index f27411a..29087f5 100644 --- a/.github/actions/before-static-analysis/action.yaml +++ b/.github/actions/before-static-analysis/action.yaml @@ -1,26 +1,26 @@ # yamllint disable rule:line-length --- -name: test step-like +name: setup environment -description: test +description: load values from 1password vault inputs: - dockerfile: - description: Name of dockerfile + instance: + description: input value that can be used to control which actions are run required: false - default: "Dockerfile" + default: "" runs: using: "composite" steps: - - name: running a command - shell: bash - run: echo "here" - - - name: Install 1Password CLI - uses: 1password/install-cli-action@v1 + - name: load values from 1password vault + uses: 1password/load-secrets-action@v2 with: - version: latest \ No newline at end of file + export-env: true + env: + DOCKER_LOGIN: op://empc-lab/svc-dockerhub/username + DOCKER_PASSWORD: op://empc-lab/svc-dockerhub/password + SNYK_TOKEN: op://empc-lab/svc-snyk/api-token diff --git a/.github/workflows/development-build.yaml b/.github/workflows/development-build.yaml index a74b7e7..e652dd9 100644 --- a/.github/workflows/development-build.yaml +++ b/.github/workflows/development-build.yaml @@ -21,8 +21,4 @@ jobs: snyk-version: 1.1291.0 bats-version: 1.11.0 hadolint-version: 2.12.0 - trivy-version: 0.51.1 - grype-version: 0.77.4 - cosign-version: 2.2.4 - syft-version: 1.4.1 - oras-version: 1.1.0 + before-static-analysis: true diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d6e830b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.python-version \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index f3c908c..6755dd4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,17 @@ FROM alpine:3.19.1 -LABEL org.opencontainers.image.title="circleci-base-image" \ - org.opencontainers.image.description="Alpine-based CircleCI executor image" \ - org.opencontainers.image.documentation="https://github.com/ThoughtWorks-DPS/circleci-base-image" \ - org.opencontainers.image.source="https://github.com/ThoughtWorks-DPS/circleci-base-image" \ - org.opencontainers.image.url="https://github.com/ThoughtWorks-DPS/circleci-base-image" \ +LABEL org.opencontainers.image.title="gha-container-base-image" \ + org.opencontainers.image.description="Alpine-based github actions job container image" \ + org.opencontainers.image.documentation="https://github.com/ThoughtWorks-DPS/gha-container-base-image" \ + org.opencontainers.image.source="https://github.com/ThoughtWorks-DPS/gha-container-base-image" \ + org.opencontainers.image.url="https://github.com/ThoughtWorks-DPS/gha-container-base-image" \ org.opencontainers.image.vendor="ThoughtWorks, Inc." \ org.opencontainers.image.authors="nic.cheneweth@thoughtworks.com" \ org.opencontainers.image.licenses="MIT" \ org.opencontainers.image.created="CREATED" \ org.opencontainers.image.version="VERSION" -ENV ONEPASSWORD_VERSION=2.27.0 +ENV ONEPASSWORD_VERSION=2.28.0 ENV TELLER_VERSION=1.5.6 ENV VAULT_VERSION=1.16.2 ENV BUILDEVENTS_VERSION=0.16.0 @@ -24,7 +24,7 @@ ENV MUSL_LOCPATH=/usr/share/i18n/locales/musl \ # hadolint ignore=DL3003,DL3004,DL4001,SC2035 RUN apk add --no-cache \ - git==2.43.0-r0 \ + git==2.43.4-r0 \ openssh==9.6_p1-r0 \ tar==1.35-r2 \ gzip==1.13-r0 \