From 6ba0b49cbd4c2326a79c096f0b03f9f529c00f08 Mon Sep 17 00:00:00 2001 From: Martin Alfke Date: Thu, 23 Jan 2025 15:42:09 +0100 Subject: [PATCH 1/4] Add onceover rubygem --- build_versions.json | 6 ++++-- voxbox/Gemfile | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/build_versions.json b/build_versions.json index b1293f7..612cc6e 100644 --- a/build_versions.json +++ b/build_versions.json @@ -13,7 +13,8 @@ "rubygem_r10k": "4.1.0", "rubygem_ra10ke": "3.1.0", "rubygem_rubocop_performance": "1.22.1", - "rubygem_bundler": "2.4.22" + "rubygem_bundler": "2.4.22", + "rubygem_onceover": "4.0.0" }, { "puppet_release": 8, @@ -28,7 +29,8 @@ "rubygem_r10k": "4.1.0", "rubygem_ra10ke": "3.1.0", "rubygem_rubocop_performance": "1.22.1", - "rubygem_bundler": "2.5.22" + "rubygem_bundler": "2.5.22", + "rubygem_onceover": "4.0.0" } ] } diff --git a/voxbox/Gemfile b/voxbox/Gemfile index 9b6ea34..ea3e213 100644 --- a/voxbox/Gemfile +++ b/voxbox/Gemfile @@ -13,6 +13,7 @@ gem 'voxpupuli-release', ENV['RUBYGEM_VOXPUPULI_RELEASE'] gem 'voxpupuli-test', ENV['RUBYGEM_VOXPUPULI_TEST'] gem 'rubocop-performance', ENV['RUBYGEM_RUBOCOP_PERFORMANCE'] gem 'ffi', '~> 1.16.3' # ffi 1.17.0 has change dependencies - see https://github.com/ffi/ffi/issues/1105 +gem 'onceover', ENV['RUBYGEM_ONCEOVER'] # CVE fixes gem 'cgi', '~> 0.4.1' # cgi 0.1.0 has CVEs - remove default and install upstream replacement From cf0467cdbacb90346631bc24047087ae730c9e9f Mon Sep 17 00:00:00 2001 From: Martin Alfke Date: Thu, 23 Jan 2025 15:43:57 +0100 Subject: [PATCH 2/4] add onceover usage to readme --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bd6f553..772ca7d 100644 --- a/README.md +++ b/README.md @@ -27,10 +27,16 @@ docker run -it --rm -v $(pwd):/repo ghcr.io/voxpupuli/voxbox:8 # rake -T docker run -it --rm -v $(pwd):/repo ghcr.io/voxpupuli/voxbox:8 spec # rake spec ``` +If you want to run onceover, you have to override the entrypoint: + +```shell +docker run -it --rm -v $(pwd):/repo --entrypoint onceover ghcr.io/voxpupuli/voxbox:8 help +``` + if you need a shell, you have to override the entrypoint: ```shell -docker run -it --rm -v $(pwd):/repo --entrypoint bash ghcr.io/voxpupuli/voxbox:8 +docker run -it --rm -v $(pwd):/repo --entrypoint sh ghcr.io/voxpupuli/voxbox:8 ``` ### Available rake tasks From c97de9ca8f6fa6ef8d9b8910f25b35096220b91f Mon Sep 17 00:00:00 2001 From: Martin Alfke Date: Thu, 23 Jan 2025 16:11:31 +0100 Subject: [PATCH 3/4] add mapping from build matrix to dockerfile --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 82944b4..07fa340 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,6 +36,9 @@ ENV RUBYGEM_RUBOCOP_PERFORMANCE=${RUBYGEM_RUBOCOP_PERFORMANCE:-1.23.0} ARG RUBYGEM_BUNDLER ENV RUBYGEM_BUNDLER=${RUBYGEM_BUNDLER:-2.5.23} +ARG RUBYGEM_ONCEOVER +ENV RUBYGEM_ONCEOVER=${RUBYGEM_ONCEOVER:-4.0.0} + COPY voxbox/Gemfile / RUN apk update \ From 804f71c3662548983c05aee5f7f9d487fb75b24b Mon Sep 17 00:00:00 2001 From: Martin Alfke Date: Thu, 23 Jan 2025 16:15:40 +0100 Subject: [PATCH 4/4] use matrix for RUBYGEM_ONCEOVER also in github actions --- .github/workflows/build_container.yml | 1 + .github/workflows/ci.yaml | 2 ++ .github/workflows/security_scanning.yml | 1 + 3 files changed, 4 insertions(+) diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml index 98a3099..a1237aa 100644 --- a/.github/workflows/build_container.yml +++ b/.github/workflows/build_container.yml @@ -45,6 +45,7 @@ jobs: RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }} RUBYGEM_RUBOCOP_PERFORMANCE=${{ matrix.rubygem_rubocop_performance }} RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }} + RUBYGEM_ONCEOVER=${{ matrix.rubygem_onceover }} build_arch: linux/amd64,linux/arm64 docker_username: voxpupulibot docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 57f21ad..eafa2f6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -49,6 +49,7 @@ jobs: RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }} RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }} RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }} + RUBYGEM_ONCEOVER=${{ matrix.rubygem_onceover }} - name: Clone voxpupuli/puppet-example repository uses: actions/checkout@v4 @@ -99,6 +100,7 @@ jobs: RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }} RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }} RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }} + RUBYGEM_ONCEOVER=${{ matrix.rubygem_onceover }} - name: Clone voxpupuli/puppet-example repository uses: actions/checkout@v4 diff --git a/.github/workflows/security_scanning.yml b/.github/workflows/security_scanning.yml index 7e66f97..43f49ce 100644 --- a/.github/workflows/security_scanning.yml +++ b/.github/workflows/security_scanning.yml @@ -50,6 +50,7 @@ jobs: RUBYGEM_PUPPET_METADATA=${{ matrix.rubygem_puppet_metadata }} RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }} RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }} + RUBYGEM_ONCEOVER=${{ matrix.rubygem_onceover }} - name: Scan image with Anchore Grype uses: anchore/scan-action@v6