Python 3.12

Update GH Actions, add trivy-scan in taskfile
danihodovic · Sep 2, 2024 · ff21a76 · ff21a76
1 parent 041ccf6
commit ff21a76
Show file tree

Hide file tree

Showing 6 changed files with 342 additions and 444 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -12,12 +12,12 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-python@v3
+      - uses: actions/setup-python@v5
         id: setup-python
         with:
-          python-version: 3.9
+          python-version: 3.12
 
       - name: Install Poetry
         uses: snok/install-poetry@v1
@@ -28,7 +28,7 @@ jobs:
 
       - name: Load cached venv
         id: cached-poetry-dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: .venv
           key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
@@ -67,12 +67,12 @@ jobs:
       matrix:
         broker: [memory, redis, rabbitmq]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: actions/setup-python@v3
+      - uses: actions/setup-python@v5
         id: setup-python
         with:
-          python-version: 3.9
+          python-version: 3.12
 
       - name: Install Poetry
         uses: snok/install-poetry@v1
@@ -83,7 +83,7 @@ jobs:
 
       - name: Load cached venv
         id: cached-poetry-dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: .venv
           key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}

diff --git a/.python-version b/.python-version
@@ -1 +1 @@
-3.11.9
+3.12.5
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Stage 1: Build
-FROM python:3.11-slim-bookworm as builder
+FROM python:3.12-slim-bookworm as builder
 
 ENV PYTHONUNBUFFERED=1 \
     POETRY_NO_INTERACTION=1 \
@@ -19,7 +19,7 @@ RUN apt-get update && \
     rm -rf $POETRY_CACHE_DIR
 
 # Stage 2: Runtime environment
-FROM python:3.11-slim-bookworm
+FROM python:3.12-slim-bookworm
 
 ENV PYTHONUNBUFFERED=1 \
     VIRTUAL_ENV=/app/.venv \

diff --git a/Taskfile.yml b/Taskfile.yml
@@ -8,6 +8,11 @@ tasks:
     cmds:
       - docker build . -t danihodovic/celery-exporter
 
+  trivy-scan:
+    desc: Scans the docker image for vulnerabilities
+    cmds:
+      - trivy image --severity CRITICAL,HIGH --ignore-unfixed danihodovic/celery-exporter:latest
+
   build-binary:
     desc: Creates a binary
     cmds: