Merge pull request #59 from kube-logging/chore/update-repo

csatib02 · web-flow · commit dd383d4077d0 · 2025-02-03T16:10:53.000+01:00
chore: update repo
diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml
@@ -20,11 +20,11 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Gather metadata
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
         with:
           images: ghcr.io/${{ github.repository_owner }}/custom-runner
           flavor: |
@@ -36,23 +36,23 @@ jobs:
             type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
         with:
           platforms: all
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ github.token }}
         if: github.event_name == 'push'
 
       - name: Build and push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/arm/v7
@@ -63,15 +63,18 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.29.0
+        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
         with:
           image-ref: "ghcr.io/${{ github.repository_owner }}/custom-runner:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}"
           format: "sarif"
           output: "trivy-results.sarif"
         if: github.event_name == 'push'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@6e5455904168f98c75d8e5ad848b4dc4ab3ae77e # v3.28.7
         with:
           sarif_file: "trivy-results.sarif"
         if: github.event_name == 'push'
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 .vscode/*
 bin/*
 .idea
+.licensei.cache
diff --git a/.licensei.cache b/.licensei.cache
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.23 as builder
+FROM golang:1.23.5-alpine3.20@sha256:def59a601e724ddac5139d447e8e9f7d0aeec25db287a9ee1615134bcda266e2 as builder
 
 WORKDIR /workspace
 
diff --git a/Dockerfile copy.node-exporter b/Dockerfile copy.node-exporter
diff --git a/Dockerfile.alpine b/Dockerfile.alpine
@@ -1,5 +1,5 @@
 # Build the runner binary
-FROM golang:1.23 as builder
+FROM golang:1.23.5-alpine3.20@sha256:def59a601e724ddac5139d447e8e9f7d0aeec25db287a9ee1615134bcda266e2 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
diff --git a/Dockerfile.busybox b/Dockerfile.busybox
@@ -1,5 +1,5 @@
 # Build the runner binary
-FROM golang:1.23 as builder
+FROM golang:1.23.5-alpine3.20@sha256:def59a601e724ddac5139d447e8e9f7d0aeec25db287a9ee1615134bcda266e2 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
diff --git a/Dockerfile.node-exporter b/Dockerfile.node-exporter
@@ -1,5 +1,5 @@
 # Build the runner binary
-FROM golang:1.23 as builder
+FROM golang:1.23.5-alpine3.20@sha256:def59a601e724ddac5139d447e8e9f7d0aeec25db287a9ee1615134bcda266e2 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
diff --git a/Makefile b/Makefile
@@ -3,7 +3,7 @@ BIN := ${PWD}/bin
 export PATH := ${BIN}:${PATH}
 
 LICENSEI := ${BIN}/licensei
-LICENSEI_VERSION = v0.4.0
+LICENSEI_VERSION = v0.9.0
 
 ${BIN}:
 	mkdir -p ${BIN}
diff --git a/README.md b/README.md
@@ -1,2 +1 @@
 # Go Custom Runner Environment
-
diff --git a/go.mod b/go.mod
@@ -1,11 +1,11 @@
 module example.com/gocr
 
-go 1.23
+go 1.23.5
 
 require (
 	github.com/fsnotify/fsnotify v1.8.0
 	github.com/mitchellh/mapstructure v1.5.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
-require golang.org/x/sys v0.13.0 // indirect
+require golang.org/x/sys v0.29.0 // indirect
diff --git a/go.sum b/go.sum
@@ -4,6 +4,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM golang:1.23 as builder`
	`1`	`+FROM golang:1.23.5-alpine3.20@sha256:def59a601e724ddac5139d447e8e9f7d0aeec25db287a9ee1615134bcda266e2 as builder`
`2`	`2`
`3`	`3`	`WORKDIR /workspace`
`4`	`4`