From a0a19b619c8078ce74d1a951f2f1d146a1e89991 Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Tue, 12 Apr 2022 14:07:38 -0400 Subject: [PATCH 1/6] Updated the versions for github actions. --- .github/workflows/release.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6540cd1ff..7d7ccbed7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,9 +14,9 @@ jobs: APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} steps: - name: Checkout - uses: actions/checkout@v2.3.4 + uses: actions/checkout@v3 - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: '^1.17.1' - name: Import Code-Signing Certificates @@ -41,9 +41,8 @@ jobs: run: | rm default.profraw - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v2.6.1 + uses: goreleaser/goreleaser-action@v2 with: - version: v0.179.0 args: release --rm-dist --debug env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 33bd2032a73eace33471aa53f6373a63ec2cd1bd Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Tue, 12 Apr 2022 14:13:11 -0400 Subject: [PATCH 2/6] Using golang:alpine as the base image. --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index df062af0e..c0dbf048c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -FROM golang:1.18.1 +FROM golang:alpine -RUN useradd -r -m cxuser +RUN adduser -S -D cxuser USER cxuser COPY cx /app/bin/cx From c012c282c942a3be7ab8d59b129c1d552c4b76fa Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Tue, 12 Apr 2022 22:35:02 -0400 Subject: [PATCH 3/6] Adding Non-privileged user. --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index c0dbf048c..69fe16389 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM golang:alpine RUN adduser -S -D cxuser -USER cxuser -COPY cx /app/bin/cx +USER cxuser && chown -R cxuser /app +COPY /bin/cx /app/bin/cx ENTRYPOINT ["/app/bin/cx"] From 56db76d984c285c02c6614389bdd9ef2172107f6 Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Wed, 13 Apr 2022 10:02:55 -0400 Subject: [PATCH 4/6] Base image changed to alpine. Bash installation. --- Dockerfile | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 69fe16389..7bdc6f9bc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,9 @@ -FROM golang:alpine +FROM alpine:latest -RUN adduser -S -D cxuser -USER cxuser && chown -R cxuser /app -COPY /bin/cx /app/bin/cx +RUN apk add --no-cache bash +RUN adduser --system --disabled-password cxuser +USER cxuser + +COPY cx /app/bin/cx ENTRYPOINT ["/app/bin/cx"] From 43fedff2de6f0c21796e900cebd3417ca399edd7 Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Wed, 13 Apr 2022 10:56:45 -0400 Subject: [PATCH 5/6] Scanning the repo on push to main branch. --- .github/workflows/ast-scan.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ast-scan.yml b/.github/workflows/ast-scan.yml index 40d32c236..614592dca 100644 --- a/.github/workflows/ast-scan.yml +++ b/.github/workflows/ast-scan.yml @@ -1,6 +1,11 @@ name: Checkmarx AST Scan -on: [ pull_request, workflow_dispatch ] +on: + workflow_dispatch: + pull_request: + push: + branches: + - main jobs: cx-scan: From 18a4d68bbbf83c270091a4ff83975525b4168c07 Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Thu, 14 Apr 2022 19:51:00 -0400 Subject: [PATCH 6/6] Using version tag insted of 'latest' in Dockerfile. --- Dockerfile | 2 +- test/integration/data/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7bdc6f9bc..670eda9e5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:latest +FROM alpine:3.15.4 RUN apk add --no-cache bash RUN adduser --system --disabled-password cxuser diff --git a/test/integration/data/Dockerfile b/test/integration/data/Dockerfile index c0a00af0f..210f972d7 100644 --- a/test/integration/data/Dockerfile +++ b/test/integration/data/Dockerfile @@ -1,6 +1,6 @@ # Example: docker build . -t dsvw && docker run -p 65412:65412 dsvw -FROM alpine:latest +FROM alpine:3.15.4 RUN apk --no-cache add git python3 py-lxml \ && rm -rf /var/cache/apk/*