Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: update lambda dockerfile workflow to support .NET 9 #1905

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

chore: update lambda dockerfile workflow to support .NET 9 #1905

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 31 additions & 31 deletions .github/workflows/update-Dockerfiles.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,32 +18,32 @@
description: ".NET 6 Next Version"
type: string
required: true
NET_7_AMD64:
description: ".NET 7 AMD64"
NET_8_AMD64:
description: ".NET 8 AMD64"
type: boolean
required: true
default: "true"
NET_7_ARM64:
description: ".NET 7 ARM64"
NET_8_ARM64:
description: ".NET 8 ARM64"
type: boolean
required: true
default: "true"
NET_7_NEXT_VERSION:
description: ".NET 7 Next Version"
NET_8_NEXT_VERSION:
description: ".NET 8 Next Version"
type: string
required: true
NET_8_AMD64:
description: ".NET 8 AMD64"
NET_9_AMD64:
description: ".NET 9 AMD64"
type: boolean
required: true
default: "true"
NET_8_ARM64:
description: ".NET 8 ARM64"
NET_9_ARM64:
description: ".NET 9 ARM64"
type: boolean
required: true
default: "true"
NET_8_NEXT_VERSION:
description: ".NET 8 Next Version"
NET_9_NEXT_VERSION:
description: ".NET 9 Next Version"
type: string
required: true

Expand All @@ -53,10 +53,10 @@
env:
NET_6_AMD64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net6/amd64/Dockerfile"
NET_6_ARM64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net6/arm64/Dockerfile"
NET_7_AMD64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net7/amd64/Dockerfile"
NET_7_ARM64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net7/arm64/Dockerfile"
NET_8_AMD64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net8/amd64/Dockerfile"
NET_8_ARM64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net8/arm64/Dockerfile"
NET_9_AMD64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net9/amd64/Dockerfile"
NET_9_ARM64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net9/arm64/Dockerfile"

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
Expand All @@ -79,20 +79,6 @@
.\LambdaRuntimeDockerfiles/update-dockerfile.ps1 -DockerfilePath ${{ env.NET_6_ARM64_Dockerfile }} -NextVersion ${{ github.event.inputs.NET_6_NEXT_VERSION }}
if: ${{ github.event.inputs.NET_6_ARM64 == 'true' }}

- name: Update .NET 7 AMD64
id: update-net7-amd64
shell: pwsh
run: |
.\LambdaRuntimeDockerfiles/update-dockerfile.ps1 -DockerfilePath ${{ env.NET_7_AMD64_Dockerfile }} -NextVersion ${{ github.event.inputs.NET_7_NEXT_VERSION }}
if: ${{ github.event.inputs.NET_7_AMD64 == 'true' }}

- name: Update .NET 7 ARM64
id: update-net7-arm64
shell: pwsh
run: |
.\LambdaRuntimeDockerfiles/update-dockerfile.ps1 -DockerfilePath ${{ env.NET_7_ARM64_Dockerfile }} -NextVersion ${{ github.event.inputs.NET_7_NEXT_VERSION }}
if: ${{ github.event.inputs.NET_7_ARM64 == 'true' }}

- name: Update .NET 8 AMD64
id: update-net8-amd64
shell: pwsh
Expand All @@ -107,6 +93,20 @@
.\LambdaRuntimeDockerfiles/update-dockerfile.ps1 -DockerfilePath ${{ env.NET_8_ARM64_Dockerfile }} -NextVersion ${{ github.event.inputs.NET_8_NEXT_VERSION }}
if: ${{ github.event.inputs.NET_8_ARM64 == 'true' }}

- name: Update .NET 9 AMD64
id: update-net9-amd64
shell: pwsh
run: |
.\LambdaRuntimeDockerfiles/update-dockerfile.ps1 -DockerfilePath ${{ env.NET_9_AMD64_Dockerfile }} -NextVersion ${{ github.event.inputs.NET_9_NEXT_VERSION }}
Comment on lines +99 to +100

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: yaml.github-actions.security.run-shell-injection.run-shell-injection Error

Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this need to be addressed?

if: ${{ github.event.inputs.NET_9_AMD64 == 'true' }}

- name: Update .NET 9 ARM64
id: update-net9-arm64
shell: pwsh
run: |
.\LambdaRuntimeDockerfiles/update-dockerfile.ps1 -DockerfilePath ${{ env.NET_9_ARM64_Dockerfile }} -NextVersion ${{ github.event.inputs.NET_9_NEXT_VERSION }}
Comment on lines +106 to +107

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: yaml.github-actions.security.run-shell-injection.run-shell-injection Error

Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".
if: ${{ github.event.inputs.NET_9_ARM64 == 'true' }}

# Update Dockerfiles if newer version of ASP.NET Core is available
- name: Commit and Push
id: commit-push
Expand Down Expand Up @@ -140,10 +140,10 @@
'{0}\n{1}\n{2}\n{3}\n{4}\n{5}',
join(steps.update-net6-amd64.outputs.MESSAGE, '\n'),
join(steps.update-net6-arm64.outputs.MESSAGE, '\n'),
join(steps.update-net7-amd64.outputs.MESSAGE, '\n'),
join(steps.update-net7-arm64.outputs.MESSAGE, '\n'),
join(steps.update-net8-amd64.outputs.MESSAGE, '\n'),
join(steps.update-net8-arm64.outputs.MESSAGE, '\n')
join(steps.update-net8-arm64.outputs.MESSAGE, '\n'),
join(steps.update-net9-amd64.outputs.MESSAGE, '\n'),
join(steps.update-net9-arm64.outputs.MESSAGE, '\n')
)
}}"
github_token: ${{ secrets.GITHUB_TOKEN }}
Expand Down
Loading