diff --git a/.github/workflows/ast-scan.yml b/.github/workflows/ast-scan.yml index 40d32c236..614592dca 100644 --- a/.github/workflows/ast-scan.yml +++ b/.github/workflows/ast-scan.yml @@ -1,6 +1,11 @@ name: Checkmarx AST Scan -on: [ pull_request, workflow_dispatch ] +on: + workflow_dispatch: + pull_request: + push: + branches: + - main jobs: cx-scan: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6540cd1ff..7d7ccbed7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,9 +14,9 @@ jobs: APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} steps: - name: Checkout - uses: actions/checkout@v2.3.4 + uses: actions/checkout@v3 - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: '^1.17.1' - name: Import Code-Signing Certificates @@ -41,9 +41,8 @@ jobs: run: | rm default.profraw - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v2.6.1 + uses: goreleaser/goreleaser-action@v2 with: - version: v0.179.0 args: release --rm-dist --debug env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile index df062af0e..670eda9e5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,9 @@ -FROM golang:1.18.1 +FROM alpine:3.15.4 -RUN useradd -r -m cxuser +RUN apk add --no-cache bash +RUN adduser --system --disabled-password cxuser USER cxuser + COPY cx /app/bin/cx ENTRYPOINT ["/app/bin/cx"] diff --git a/test/integration/data/Dockerfile b/test/integration/data/Dockerfile index c0a00af0f..210f972d7 100644 --- a/test/integration/data/Dockerfile +++ b/test/integration/data/Dockerfile @@ -1,6 +1,6 @@ # Example: docker build . -t dsvw && docker run -p 65412:65412 dsvw -FROM alpine:latest +FROM alpine:3.15.4 RUN apk --no-cache add git python3 py-lxml \ && rm -rf /var/cache/apk/*