From 042cfe2892540da4f4e7c07dde545883acd8eaf4 Mon Sep 17 00:00:00 2001 From: Yousaf Nabi Date: Mon, 20 Jan 2025 18:15:30 +0000 Subject: [PATCH 1/3] chore: update ca-certs / use arm builder for audit --- .github/workflows/audit.yml | 22 +++++++++++----------- Dockerfile | 2 +- Gemfile.lock | 4 ++-- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 3029696..cb3b341 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -14,19 +14,19 @@ jobs: strategy: fail-fast: false matrix: - DOCKER_TARGET_PLATFORM: [ - # linux/arm, # Disabled whilst waiting for next release of trivy with published arm artefacts - linux/arm64, - linux/amd64 - ] - runs-on: ubuntu-latest + os: [ ubuntu-latest, ubuntu-latest-arm ] + runs-on: ${{ matrix.os }} env: - DOCKER_TARGET_PLATFORM: ${{ matrix.DOCKER_TARGET_PLATFORM }} TAG: latest steps: - uses: actions/checkout@v4 - - name: Prepare Docker multi-arch builder for ${{ matrix.DOCKER_TARGET_PLATFORM }} - if: ${{ matrix.DOCKER_TARGET_PLATFORM }} == 'linux/arm' || 'linux/arm64' - run: ./script/release-workflow/docker-prepare.sh - - name: Audit Docker image for ${{ matrix.DOCKER_TARGET_PLATFORM }} + - name: Audit Docker image for amd64 + if: ${{ matrix.os }} == 'ubuntu-latest' run: ./script/release-workflow/audit.sh + env: + DOCKER_TARGET_PLATFORM: linux/amd64 + - name: Audit Docker image for arm64 + if: ${{ matrix.os }} == 'ubuntu-latest-arm' + run: ./script/release-workflow/audit.sh + env: + DOCKER_TARGET_PLATFORM: linux/arm64 diff --git a/Dockerfile b/Dockerfile index 4675fd4..b44b1fd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,7 @@ ADD docker/pact /usr/local/bin/pact RUN apk update \ && apk add ruby=3.3.6-r0 \ ruby-io-console=3.3.6-r0 \ - ca-certificates=20240705-r0 \ + ca-certificates=20241121-r1 \ libressl \ less \ git \ diff --git a/Gemfile.lock b/Gemfile.lock index db0a8a1..b03802d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -31,7 +31,7 @@ GEM specs: awesome_print (1.9.2) base64 (0.2.0) - bigdecimal (3.1.8) + bigdecimal (3.1.9) bump (0.10.0) coderay (1.1.3) csv (3.3.0) @@ -52,7 +52,7 @@ GEM csv mini_mime (>= 1.0.0) multi_xml (>= 0.5.2) - json (2.9.0) + json (2.9.1) jsonpath (1.1.5) multi_json logger (1.6.2) From 7589ff252bb3813856790a461fc7940b551b7f08 Mon Sep 17 00:00:00 2001 From: Yousaf Nabi Date: Mon, 20 Jan 2025 18:22:37 +0000 Subject: [PATCH 2/3] ci: audit on ubuntu-24.04-arm runner --- .github/workflows/audit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index cb3b341..d4f873a 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -14,7 +14,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-latest, ubuntu-latest-arm ] + os: [ ubuntu-latest, ubuntu-24.04-arm ] runs-on: ${{ matrix.os }} env: TAG: latest @@ -26,7 +26,7 @@ jobs: env: DOCKER_TARGET_PLATFORM: linux/amd64 - name: Audit Docker image for arm64 - if: ${{ matrix.os }} == 'ubuntu-latest-arm' + if: ${{ matrix.os }} == 'ubuntu-24.04-arm' run: ./script/release-workflow/audit.sh env: DOCKER_TARGET_PLATFORM: linux/arm64 From 06c12f80ec6c5a876ccc40b550d4bce165d57af9 Mon Sep 17 00:00:00 2001 From: Yousaf Nabi Date: Mon, 20 Jan 2025 18:25:31 +0000 Subject: [PATCH 3/3] ci: audit on ubuntu-24.04-arm runner --- .github/workflows/audit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index d4f873a..503094d 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -21,12 +21,12 @@ jobs: steps: - uses: actions/checkout@v4 - name: Audit Docker image for amd64 - if: ${{ matrix.os }} == 'ubuntu-latest' + if: ${{ matrix.os == 'ubuntu-latest' }} run: ./script/release-workflow/audit.sh env: DOCKER_TARGET_PLATFORM: linux/amd64 - name: Audit Docker image for arm64 - if: ${{ matrix.os }} == 'ubuntu-24.04-arm' + if: ${{ matrix.os == 'ubuntu-24.04-arm' }} run: ./script/release-workflow/audit.sh env: DOCKER_TARGET_PLATFORM: linux/arm64