diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 18d432a..4e602b3 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -65,21 +65,22 @@ jobs: with: sarif_file: 'trivy-results-${{ matrix.rubygem_puppet }}.sarif' - # - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph - # uses: aquasecurity/trivy-action@master - # with: - # scan-type: 'image' - # format: 'github' - # output: 'dependency-results.sbom.json' - # image-ref: 'ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }}' - # github-pat: ${{ secrets.GITHUB_TOKEN }} + - name: Clone voxpupuli/puppet-example repository + uses: actions/checkout@v4 + with: + repository: voxpupuli/puppet-example - # - name: Upload trivy report as a Github artifact - # uses: actions/upload-artifact@v4 - # with: - # name: trivy-sbom-report - # path: '${{ github.workspace }}/dependency-results.sbom.json' - # retention-days: 20 # 90 is the default + - name: Test container + run: | + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile -T + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile lint + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile metadata_lint + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile strings:validate:reference + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile rubocop + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile syntax + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile spec + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile r10k:syntax + docker run --rm -v $(pwd):/repo ci/voxbox-${{ matrix.rubygem_puppet }}:${{ github.sha }} -f /Rakefile r10k:dependencies tests: needs: diff --git a/Dockerfile b/Dockerfile index 962084c..26ac35c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE=docker.io/ruby:3.2.5-bookworm +ARG BASE_IMAGE=docker.io/ruby:3.2.5-alpine3.20 FROM $BASE_IMAGE @@ -45,16 +45,13 @@ COPY voxbox/Gemfile / COPY voxbox/Rakefile / COPY Dockerfile / -RUN apt-get update \ - && apt-get upgrade -y \ - && apt-get install -y yamllint \ - && apt-get autoremove -y \ - && apt-get clean \ +RUN apk update \ + && apk upgrade \ + && apk add --no-cache --update alpine-sdk \ + && apk add --no-cache --update yamllint \ && bundle config set path.system true \ && bundle config set jobs $(nproc) \ && bundle install --gemfile=/Gemfile \ - && apt-get purge -y "libaom*" linux-libc-dev "libmagick*" "imagemagick-*" \ - && rm -rf /var/lib/apt/lists/* \ && rm -rf /usr/local/lib/ruby/gems/*/cache/* \ && rm -rf /usr/local/lib/ruby/gems/2.7.0/gems/cgi-0.1.0.2 \ && rm -rf /usr/local/lib/ruby/gems/2.7.0/specifications/default/cgi-0.1.0.2.gemspec \ diff --git a/build_versions.json b/build_versions.json index 431ea11..04f6cfd 100644 --- a/build_versions.json +++ b/build_versions.json @@ -2,7 +2,7 @@ "include": [ { "puppet_release": 7, - "base_image": "ghcr.io/betadots/ruby:2.7.8-focal", + "base_image": "docker.io/ruby:2.7.8-alpine3.16", "rubygem_puppet": "7.32.1", "rubygem_facter": "4.8.0", "rubygem_voxpupuli_test": "9.0.0", @@ -17,7 +17,7 @@ }, { "puppet_release": 8, - "base_image": "docker.io/ruby:3.2.5-bookworm", + "base_image": "docker.io/ruby:3.2.5-alpine3.20", "rubygem_puppet": "8.8.1", "rubygem_facter": "4.8.0", "rubygem_voxpupuli_test": "9.0.0",