From cc07006e39d99d552ad47f402cb12d551e9c1eee Mon Sep 17 00:00:00 2001 From: lotyp Date: Sat, 6 Apr 2024 20:43:30 +0300 Subject: [PATCH 1/6] ci: add docker scout --- .github/workflows/test.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1b4e6cd..3b4e044 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -105,3 +105,15 @@ jobs: export IMAGE_TEMPLATE=${{ matrix.php_version }}-${{ matrix.php_type }}-${{ matrix.os_name }} export IMAGE_TAG=${{ env.DOCKER_NAMESPACE }}:latest make test + + - name: 🔍 Run Docker Scout + id: docker-scout + uses: docker/scout-action@v1 + with: + command: cves,recommendations,compare + ignore-unchanged: true + only-fixed: true + only-severities: critical,high + github-token: ${{ secrets.GITHUB_TOKEN }} + dockerhub-user: ${{ secrets.DOCKER_USERNAME }} + dockerhub-password: ${{ secrets.DOCKER_TOKEN }} From 25ac58069240a51d05cde599ae395cc526dc1daa Mon Sep 17 00:00:00 2001 From: lotyp Date: Sat, 6 Apr 2024 20:49:48 +0300 Subject: [PATCH 2/6] ci: add docker scout --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3b4e044..77b0459 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -112,8 +112,10 @@ jobs: with: command: cves,recommendations,compare ignore-unchanged: true + to: wayofdev/php-base:${{ matrix.php_version }}-${{ matrix.php_type }}-${{ matrix.os_name }}-latest only-fixed: true only-severities: critical,high + keep-previous-comments: true github-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-user: ${{ secrets.DOCKER_USERNAME }} dockerhub-password: ${{ secrets.DOCKER_TOKEN }} From f3f83c121bbb3b9f268d29a93110d967d72ef68b Mon Sep 17 00:00:00 2001 From: lotyp Date: Sat, 6 Apr 2024 21:56:38 +0300 Subject: [PATCH 3/6] ci: add docker scout --- .github/workflows/test.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 77b0459..20db35b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -110,9 +110,8 @@ jobs: id: docker-scout uses: docker/scout-action@v1 with: - command: cves,recommendations,compare + command: cves,recommendations ignore-unchanged: true - to: wayofdev/php-base:${{ matrix.php_version }}-${{ matrix.php_type }}-${{ matrix.os_name }}-latest only-fixed: true only-severities: critical,high keep-previous-comments: true From 67418a40c9f65155331138b2e853775f7c3e80dc Mon Sep 17 00:00:00 2001 From: lotyp Date: Sat, 6 Apr 2024 21:59:12 +0300 Subject: [PATCH 4/6] ci: add docker scout --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 20db35b..22531fa 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -114,7 +114,7 @@ jobs: ignore-unchanged: true only-fixed: true only-severities: critical,high - keep-previous-comments: true + keep-previous-comments: false github-token: ${{ secrets.GITHUB_TOKEN }} dockerhub-user: ${{ secrets.DOCKER_USERNAME }} dockerhub-password: ${{ secrets.DOCKER_TOKEN }} From d6da793b7c3c072c8a70ace7493939edc37784c3 Mon Sep 17 00:00:00 2001 From: lotyp Date: Wed, 10 Apr 2024 18:24:34 +0300 Subject: [PATCH 5/6] feat: add phive binary --- src/Dockerfiles/dev/Dockerfile.j2 | 5 +++++ src/Dockerfiles/dev/goss.yaml.j2 | 6 ++++++ src/group_vars/dev.yml | 1 + 3 files changed, 12 insertions(+) diff --git a/src/Dockerfiles/dev/Dockerfile.j2 b/src/Dockerfiles/dev/Dockerfile.j2 index 418cab4..20edf94 100644 --- a/src/Dockerfiles/dev/Dockerfile.j2 +++ b/src/Dockerfiles/dev/Dockerfile.j2 @@ -41,6 +41,11 @@ RUN set -eux; \ # Composer && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer \ {% endif %} +{% if true == install_phive %} + # Phive + && curl -sSL https://phar.io/releases/phive.phar -o /usr/local/bin/phive \ + && chmod +x /usr/local/bin/phive \ +{% endif %} {% if 'cli' == php_type %} {% if true == install_postgres_client %} && apk add --no-cache \ diff --git a/src/Dockerfiles/dev/goss.yaml.j2 b/src/Dockerfiles/dev/goss.yaml.j2 index 76ddf85..1f328da 100644 --- a/src/Dockerfiles/dev/goss.yaml.j2 +++ b/src/Dockerfiles/dev/goss.yaml.j2 @@ -87,6 +87,12 @@ command: - "Composer version" exit-status: 0 {% endif %} +{% if true == install_phive %} + "phive --version": + stdout: + - "Phive 0." + exit-status: 0 +{% endif %} {% if true == install_faketime %} "cat /etc/ld.so.preload": stdout: diff --git a/src/group_vars/dev.yml b/src/group_vars/dev.yml index 4ab4a27..4a1d436 100644 --- a/src/group_vars/dev.yml +++ b/src/group_vars/dev.yml @@ -48,6 +48,7 @@ ext_pecl_enabled: - pdo_sqlsrv install_composer: true +install_phive: true install_faketime: true install_postgres_client: false From feabc5f690aae6fe439d7d8d894769504dd995df Mon Sep 17 00:00:00 2001 From: lotyp Date: Wed, 10 Apr 2024 19:10:02 +0300 Subject: [PATCH 6/6] fix: add gnupg support for phive --- Makefile | 2 +- src/group_vars/dev.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1241779..5f07ee7 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ export DOCKER_BUILDKIT ?= 1 export COMPOSE_DOCKER_CLI_BUILD ?= 1 IMAGE_NAMESPACE ?= wayofdev/php-dev -IMAGE_TEMPLATE ?= 8.2-fpm-alpine +IMAGE_TEMPLATE ?= 8.3-cli-alpine IMAGE_TAG ?= $(IMAGE_NAMESPACE):$(IMAGE_TEMPLATE)-latest DOCKERFILE_DIR ?= ./dist/dev/$(IMAGE_TEMPLATE) diff --git a/src/group_vars/dev.yml b/src/group_vars/dev.yml index 4a1d436..727334c 100644 --- a/src/group_vars/dev.yml +++ b/src/group_vars/dev.yml @@ -62,5 +62,6 @@ system_packages: - nano - wait4x - openssh + - gnupg ...