From 793999e7a14e77d19340342927ce4e145927877c Mon Sep 17 00:00:00 2001 From: John Kjell Date: Tue, 1 Oct 2024 12:32:59 -0400 Subject: [PATCH 1/3] We really do need root Signed-off-by: John Kjell --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index be2ec66..6c4c1a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,7 @@ RUN go build -o bin/software FROM cgr.dev/chainguard/static@sha256:676e989769aa9a5254fbfe14abb698804674b91c4d574bb33368d87930c5c472 -#USER root +USER root COPY --from=builder /build/bin/software /software From 72f7680a8acfb96f6a2d9a6c8c06e845bad179ff Mon Sep 17 00:00:00 2001 From: John Kjell Date: Tue, 1 Oct 2024 12:38:17 -0400 Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=9A=92=20Prod=20down=20-=20disable=20?= =?UTF-8?q?linting=20=F0=9F=9A=92?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: John Kjell --- .github/workflows/pipeline.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 590bc6a..6fe2a8c 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -40,7 +40,7 @@ jobs: pre-command: | curl -sSfL https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 -o /usr/local/bin/hadolint && \ chmod +x /usr/local/bin/hadolint - command: hadolint -f sarif Dockerfile > hadolint.sarif + command: hadolint --ignore DL3002 -f sarif Dockerfile > hadolint.sarif artifact-upload-name: hadolint.sarif artifact-upload-path: hadolint.sarif @@ -175,7 +175,7 @@ jobs: curl -sSfL https://github.com/jkjell/witness/releases/download/osff-demo/witness -o /tmp/witness && \ chmod +x /tmp/witness command: | - /tmp/witness verify -p pr-policy-signed.json -k swfpublic.pem -f /tmp/image.tar --enable-archivista -l debug + /tmp/witness verify -p pr-policy-signed.json -k swfpublic.pem -f /tmp/image.tar --enable-archivista verify: needs: [ generate-sbom, secret-scan] @@ -192,4 +192,4 @@ jobs: curl -sSfL https://github.com/jkjell/witness/releases/download/osff-demo/witness -o /tmp/witness && \ chmod +x /tmp/witness command: | - /tmp/witness verify -p policy-signed.json -k swfpublic.pem -f /tmp/image.tar --enable-archivista -l debug + /tmp/witness verify -p policy-signed.json -k swfpublic.pem -f /tmp/image.tar --enable-archivista From 5bdd3d3bc3318d123b37626ba4ce70f2b337d317 Mon Sep 17 00:00:00 2001 From: John Kjell Date: Tue, 1 Oct 2024 12:45:07 -0400 Subject: [PATCH 3/3] =?UTF-8?q?Let's=20make=20the=20=F0=9F=8C=8E=20a=20bet?= =?UTF-8?q?ter=20place,=20the=20right=20way=20=F0=9F=A6=89=E2=9B=93?= =?UTF-8?q?=F0=9F=9A=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: John Kjell --- .github/workflows/pipeline.yml | 2 +- Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 6fe2a8c..e34c284 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -40,7 +40,7 @@ jobs: pre-command: | curl -sSfL https://github.com/hadolint/hadolint/releases/download/v2.12.0/hadolint-Linux-x86_64 -o /usr/local/bin/hadolint && \ chmod +x /usr/local/bin/hadolint - command: hadolint --ignore DL3002 -f sarif Dockerfile > hadolint.sarif + command: hadolint -f sarif Dockerfile > hadolint.sarif artifact-upload-name: hadolint.sarif artifact-upload-path: hadolint.sarif diff --git a/Dockerfile b/Dockerfile index 6c4c1a5..be2ec66 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,7 @@ RUN go build -o bin/software FROM cgr.dev/chainguard/static@sha256:676e989769aa9a5254fbfe14abb698804674b91c4d574bb33368d87930c5c472 -USER root +#USER root COPY --from=builder /build/bin/software /software