diff --git a/.github/workflows/docker-publish-develop.yml b/.github/workflows/docker-publish-develop.yml index fd58d66..d167db5 100644 --- a/.github/workflows/docker-publish-develop.yml +++ b/.github/workflows/docker-publish-develop.yml @@ -74,7 +74,6 @@ jobs: uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a with: context: . - file: ./Dockerfile.develop push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} @@ -82,25 +81,25 @@ jobs: cache-to: type=gha,mode=max - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - COSIGN_EXPERIMENTAL: "true" - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} - - - name: Log into registry ${{ env.DOCKER_REGISTRY }} - uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - +# # Sign the resulting Docker image digest except on PRs. +# # This will only write to the public Rekor transparency log when the Docker +# # repository is public to avoid leaking data. If you would like to publish +# # transparency data even for private images, pass --force to cosign below. +# # https://github.com/sigstore/cosign +# - name: Sign the published Docker image +# if: ${{ github.event_name != 'pull_request' }} +# env: +# COSIGN_EXPERIMENTAL: "true" +# # This step uses the identity token to provision an ephemeral certificate +# # against the sigstore community Fulcio instance. +# run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} +# +# - name: Log into registry ${{ env.DOCKER_REGISTRY }} +# uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 +# with: +# username: ${{ secrets.DOCKER_USERNAME }} +# password: ${{ secrets.DOCKER_PASSWORD }} +# # - name: Extract metadata (tags, labels) for Docker # id: docker_meta # uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 diff --git a/.github/workflows/docker-publish-master.yml b/.github/workflows/docker-publish-master.yml index 3062134..12611ec 100644 --- a/.github/workflows/docker-publish-master.yml +++ b/.github/workflows/docker-publish-master.yml @@ -74,33 +74,30 @@ jobs: uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a with: context: . - file: ./Dockerfile.production push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - COSIGN_EXPERIMENTAL: "true" - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} - - - name: Log into registry ${{ env.DOCKER_REGISTRY }} - uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - +# # Sign the resulting Docker image digest except on PRs. +# # This will only write to the public Rekor transparency log when the Docker +# # repository is public to avoid leaking data. If you would like to publish +# # transparency data even for private images, pass --force to cosign below. +# # https://github.com/sigstore/cosign +# - name: Sign the published Docker image +# if: ${{ github.event_name != 'pull_request' }} +# env: +# COSIGN_EXPERIMENTAL: "true" +# # This step uses the identity token to provision an ephemeral certificate +# # against the sigstore community Fulcio instance. +# run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} +# +# - name: Log into registry ${{ env.DOCKER_REGISTRY }} +# uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 +# with: +# username: ${{ secrets.DOCKER_USERNAME }} +# password: ${{ secrets.DOCKER_PASSWORD }} # - name: Extract metadata (tags, labels) for Docker # id: docker_meta # uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 diff --git a/Dockerfile b/Dockerfile index 97711b4..bde3033 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,4 +8,4 @@ ENV FLASK_ENV local ENV FLASK_DEBUG 1 RUN pip install -r requirements.txt EXPOSE 5566 -CMD [ "python", "-m" , "flask", "run", "--host=0.0.0.0", "--port=5566"] +CMD [ "python", "-m" , "flask", "run", "--host=0.0.0.0", "--port=5566"] \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index b4c7fcd..a5d18fa 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,7 +6,7 @@ python-keycloak==3.2.0 mock==5.0.2 pyyaml==5.3.1 elasticsearch==8.8.0 -lxml==4.9.2 +lxml==4.9.3 configparser==5.3.0 waitress==2.1.2 python-dotenv==1.0.0