From 82ee1543dd170c60225c53fc35175565cf72329e Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 5 Dec 2024 22:18:48 +0100 Subject: [PATCH 01/17] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20First=20shot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .circleci/config.yml | 29 +++++++++++++++++++++++++---- Dockerfile | 10 ++++++++++ 2 files changed, 35 insertions(+), 4 deletions(-) create mode 100644 Dockerfile diff --git a/.circleci/config.yml b/.circleci/config.yml index 7a99232e3..11cf47758 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -48,7 +48,22 @@ jobs: - ms-teams/report: only_on_fail: true webhook_url: $MS_TEAMS_WEBHOOK_URL - build: + build-container: + docker: + - image: cimg/base:stable-20.04 + steps: + - checkout + - setup_remote_docker + - run: + name: Build opencti/python-client + command: | + docker run --privileged --rm tonistiigi/binfmt --install all + docker build -t opencti/client-python:${CIRCLE_TAG} + echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin + docker tag opencti/client-python:${CIRCLE_TAG} opencti/client-python:latest + docker push opencti/client-python:${CIRCLE_TAG} + docker push opencti/client-python:latest + build-library: working_directory: ~/opencti-client docker: - image: cimg/python:3.12 @@ -144,7 +159,13 @@ workflows: filters: tags: only: /.*/ - - build: + - build-library: + filters: + tags: + only: /[0-9]+(\.[0-9]+)+(\.[0-9]+)?\.?(\w)*/ + branches: + ignore: /.*/ + - build-container: filters: tags: only: /[0-9]+(\.[0-9]+)+(\.[0-9]+)?\.?(\w)*/ @@ -155,7 +176,7 @@ workflows: - linter - deploy: requires: - - build + - build-library filters: tags: only: /[0-9]+(\.[0-9]+)+(\.[0-9]+)?\.?(\w)*/ @@ -163,7 +184,7 @@ workflows: ignore: /.*/ - notify_rolling: requires: - - build + - build-library - notify: requires: - deploy diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..4def76e56 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +ARG BASE_IMAGE="python:3.12-alpine3.20" +FROM ${BASE_IMAGE} + +# Install Python modules +# hadolint ignore=DL3003 +COPY ./requirements.txt /opt/requirements.txt + +RUN apk --no-cache add git build-base libmagic libffi-dev && \ + pip3 install --no-cache-dir -r /opt/requirements.txt && \ + apk del git build-base && rm /opt/requirements.txt \ No newline at end of file From 8cedf2b58a62f29a0e8b3347cf5c8e0a9ac56b04 Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 5 Dec 2024 22:21:12 +0100 Subject: [PATCH 02/17] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20First=20shot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 11cf47758..0dfd9167e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -55,7 +55,7 @@ jobs: - checkout - setup_remote_docker - run: - name: Build opencti/python-client + name: Build opencti/python-cliente command: | docker run --privileged --rm tonistiigi/binfmt --install all docker build -t opencti/client-python:${CIRCLE_TAG} From 0876312c62e44e84db5c46c317d90231b0deb1eb Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 5 Dec 2024 22:22:41 +0100 Subject: [PATCH 03/17] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20First=20shot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 0dfd9167e..747a94960 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -168,7 +168,7 @@ workflows: - build-container: filters: tags: - only: /[0-9]+(\.[0-9]+)+(\.[0-9]+)?\.?(\w)*/ + only: /.*/ branches: ignore: /.*/ requires: From e6482c064d4c4aff80a60c039ed8071e162ebea3 Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 5 Dec 2024 22:24:47 +0100 Subject: [PATCH 04/17] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20First=20shot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .circleci/config.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 747a94960..c9b0642a6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -171,9 +171,6 @@ workflows: only: /.*/ branches: ignore: /.*/ - requires: - - ensure_formatting - - linter - deploy: requires: - build-library From 948e6e7f08434afddd05ce74c5fecc80092e5c76 Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 5 Dec 2024 22:26:35 +0100 Subject: [PATCH 05/17] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20First=20shot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .circleci/config.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c9b0642a6..226581b79 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -159,16 +159,14 @@ workflows: filters: tags: only: /.*/ - - build-library: - filters: - tags: - only: /[0-9]+(\.[0-9]+)+(\.[0-9]+)?\.?(\w)*/ - branches: - ignore: /.*/ - build-container: filters: tags: only: /.*/ + - build-library: + filters: + tags: + only: /[0-9]+(\.[0-9]+)+(\.[0-9]+)?\.?(\w)*/ branches: ignore: /.*/ - deploy: From c5a0ceee11ad317e6ffa81834017e538d7f2644d Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 5 Dec 2024 22:27:35 +0100 Subject: [PATCH 06/17] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20First=20shot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 226581b79..b135fd66e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -58,7 +58,7 @@ jobs: name: Build opencti/python-cliente command: | docker run --privileged --rm tonistiigi/binfmt --install all - docker build -t opencti/client-python:${CIRCLE_TAG} + docker build -t opencti/client-python:${CIRCLE_TAG} . echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin docker tag opencti/client-python:${CIRCLE_TAG} opencti/client-python:latest docker push opencti/client-python:${CIRCLE_TAG} From ec976cca4dc07d42852821a7f3e1f09d68c6fb29 Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 5 Dec 2024 22:30:09 +0100 Subject: [PATCH 07/17] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20First=20shot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index b135fd66e..c64ee5349 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -58,6 +58,7 @@ jobs: name: Build opencti/python-cliente command: | docker run --privileged --rm tonistiigi/binfmt --install all + echo "CIRCLE_TAG=${CIRCLE_TAG}" docker build -t opencti/client-python:${CIRCLE_TAG} . echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin docker tag opencti/client-python:${CIRCLE_TAG} opencti/client-python:latest From a8d01eac37f427df29e8660cd544c75b55211cc3 Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 5 Dec 2024 22:31:39 +0100 Subject: [PATCH 08/17] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20First=20shot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index c64ee5349..a8a7f6952 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -58,6 +58,7 @@ jobs: name: Build opencti/python-cliente command: | docker run --privileged --rm tonistiigi/binfmt --install all + CIRCLE_TAG=${CIRCLE_TAG:-nightly} echo "CIRCLE_TAG=${CIRCLE_TAG}" docker build -t opencti/client-python:${CIRCLE_TAG} . echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin From 11083bd275b775dcb6650bd05a2ab61c490c40a5 Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 5 Dec 2024 22:36:40 +0100 Subject: [PATCH 09/17] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20First=20shot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .circleci/config.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a8a7f6952..f101f9c1a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -55,16 +55,17 @@ jobs: - checkout - setup_remote_docker - run: - name: Build opencti/python-cliente + name: Build opencti/python-client command: | docker run --privileged --rm tonistiigi/binfmt --install all CIRCLE_TAG=${CIRCLE_TAG:-nightly} echo "CIRCLE_TAG=${CIRCLE_TAG}" - docker build -t opencti/client-python:${CIRCLE_TAG} . + BASE_REPO="renizmy" + docker build -t $BASE_REPO/client-python:${CIRCLE_TAG} . echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin - docker tag opencti/client-python:${CIRCLE_TAG} opencti/client-python:latest - docker push opencti/client-python:${CIRCLE_TAG} - docker push opencti/client-python:latest + docker tag $BASE_REPO/client-python:${CIRCLE_TAG} $BASE_REPO/client-python:latest + docker push $BASE_REPO/client-python:${CIRCLE_TAG} + docker push $BASE_REPO/client-python:latest build-library: working_directory: ~/opencti-client docker: From 11bc1cd58eb7a154a79eb2754773e049f1804b36 Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 5 Dec 2024 22:40:51 +0100 Subject: [PATCH 10/17] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20First=20shot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .circleci/config.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f101f9c1a..c68e999ae 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -61,11 +61,14 @@ jobs: CIRCLE_TAG=${CIRCLE_TAG:-nightly} echo "CIRCLE_TAG=${CIRCLE_TAG}" BASE_REPO="renizmy" - docker build -t $BASE_REPO/client-python:${CIRCLE_TAG} . - echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin - docker tag $BASE_REPO/client-python:${CIRCLE_TAG} $BASE_REPO/client-python:latest - docker push $BASE_REPO/client-python:${CIRCLE_TAG} - docker push $BASE_REPO/client-python:latest + echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin + docker buildx create --use --name mybuilder || true + docker buildx inspect mybuilder --bootstrap + docker buildx build \ + --platform linux/amd64,linux/arm64 \ + -t $BASE_REPO/client-python:${CIRCLE_TAG} \ + -t $BASE_REPO/client-python:latest \ + --push build-library: working_directory: ~/opencti-client docker: From eb91ea8446914d2b2032c5d1ef723f9006cffba9 Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 5 Dec 2024 22:42:34 +0100 Subject: [PATCH 11/17] =?UTF-8?q?=E2=9A=A1=EF=B8=8F=20First=20shot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c68e999ae..2776713f7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -64,7 +64,7 @@ jobs: echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin docker buildx create --use --name mybuilder || true docker buildx inspect mybuilder --bootstrap - docker buildx build \ + docker buildx build . \ --platform linux/amd64,linux/arm64 \ -t $BASE_REPO/client-python:${CIRCLE_TAG} \ -t $BASE_REPO/client-python:latest \ From 8bef012cfc29fb89ecaa8ca40a1c5fd08cbdf286 Mon Sep 17 00:00:00 2001 From: Renizmy <62422302+Renizmy@users.noreply.github.com> Date: Sat, 21 Dec 2024 22:17:37 +0100 Subject: [PATCH 12/17] set target platform in builder --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2776713f7..03a766908 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -62,7 +62,7 @@ jobs: echo "CIRCLE_TAG=${CIRCLE_TAG}" BASE_REPO="renizmy" echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin - docker buildx create --use --name mybuilder || true + docker buildx create --platform linux/amd64,linux/arm64 --use --name mybuilder || true docker buildx inspect mybuilder --bootstrap docker buildx build . \ --platform linux/amd64,linux/arm64 \ From 4a3e04e10b4fade306e7af3c742b2ac331899583 Mon Sep 17 00:00:00 2001 From: Renizmy <62422302+Renizmy@users.noreply.github.com> Date: Sat, 21 Dec 2024 22:59:39 +0100 Subject: [PATCH 13/17] change base repo + change build container trigger --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 03a766908..4d7a517ac 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -60,7 +60,7 @@ jobs: docker run --privileged --rm tonistiigi/binfmt --install all CIRCLE_TAG=${CIRCLE_TAG:-nightly} echo "CIRCLE_TAG=${CIRCLE_TAG}" - BASE_REPO="renizmy" + BASE_REPO="opencti" echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin docker buildx create --platform linux/amd64,linux/arm64 --use --name mybuilder || true docker buildx inspect mybuilder --bootstrap @@ -168,7 +168,7 @@ workflows: - build-container: filters: tags: - only: /.*/ + only: /[0-9]+(\.[0-9]+)+(\.[0-9]+)?\.?(\w)*/ - build-library: filters: tags: From cb10a9a7f6c1f9e6937c2eae40fe85469801f3af Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 9 Jan 2025 22:26:39 +0100 Subject: [PATCH 14/17] add python 3.11 build + app user + trivy scan --- .circleci/config.yml | 63 +++++++++++++++++++++++++++++++++++++++----- Dockerfile | 5 +++- 2 files changed, 61 insertions(+), 7 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 4d7a517ac..2e4487232 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -3,6 +3,8 @@ version: 2.1 orbs: slack: circleci/slack@4.13.3 ms-teams: cloudradar-monitoring/ms-teams@0.0.1 +env: + BASE_REPO: opencti jobs: ensure_formatting: docker: @@ -48,27 +50,76 @@ jobs: - ms-teams/report: only_on_fail: true webhook_url: $MS_TEAMS_WEBHOOK_URL - build-container: + build-container-python-3-11: docker: - image: cimg/base:stable-20.04 steps: - checkout - setup_remote_docker - run: - name: Build opencti/python-client + name: Build opencti/python-client-container command: | docker run --privileged --rm tonistiigi/binfmt --install all CIRCLE_TAG=${CIRCLE_TAG:-nightly} echo "CIRCLE_TAG=${CIRCLE_TAG}" - BASE_REPO="opencti" echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin docker buildx create --platform linux/amd64,linux/arm64 --use --name mybuilder || true docker buildx inspect mybuilder --bootstrap docker buildx build . \ --platform linux/amd64,linux/arm64 \ - -t $BASE_REPO/client-python:${CIRCLE_TAG} \ - -t $BASE_REPO/client-python:latest \ - --push + -t ${{ env.BASE_REPO }}/client-python-3-11:${CIRCLE_TAG} \ + -t ${{ env.BASE_REPO }}client-python-3-11:latest \ + --build-arg BASE_IMAGE="python:3.11-alpine3.20" \ + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.28.0 + with: + image-ref: ${{ env.BASE_REPO }}/client-python-3-11:latest + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + + - run: + name: Push image to regsitry + command: docker push ${{ env.BASE_REPO }}/client-python-3-11:latest --all-tags + + build-container-python-3-12: + docker: + - image: cimg/base:stable-20.04 + steps: + - checkout + - setup_remote_docker + - run: + name: Build opencti/python-client + command: | + docker run --privileged --rm tonistiigi/binfmt --install all + CIRCLE_TAG=${CIRCLE_TAG:-nightly} + echo "CIRCLE_TAG=${CIRCLE_TAG}" + echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin + docker buildx create --platform linux/amd64,linux/arm64 --use --name mybuilder || true + docker buildx inspect mybuilder --bootstrap + docker buildx build . \ + --platform linux/amd64,linux/arm64 \ + -t ${{ env.BASE_REPO }}/client-python-3-12:${CIRCLE_TAG} \ + -t ${{ env.BASE_REPO }}/client-python-3-12:latest \ + --build-arg BASE_IMAGE="python:3.12-alpine3.20" \ + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.28.0 + with: + image-ref: ${{ env.BASE_REPO }}/client-python-3-11:latest + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + + - run: + name: Push image to regsitry + command: docker push ${{ env.BASE_REPO }}/client-python-3-12:latest --all-tags + build-library: working_directory: ~/opencti-client docker: diff --git a/Dockerfile b/Dockerfile index 4def76e56..cf00e8404 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,4 +7,7 @@ COPY ./requirements.txt /opt/requirements.txt RUN apk --no-cache add git build-base libmagic libffi-dev && \ pip3 install --no-cache-dir -r /opt/requirements.txt && \ - apk del git build-base && rm /opt/requirements.txt \ No newline at end of file + apk del git build-base && rm /opt/requirements.txt + +RUN adduser -D -g '' app +USER app \ No newline at end of file From dba084d424355987ed8fc4ba2b8eb3ae2cc0702d Mon Sep 17 00:00:00 2001 From: Renizmy Date: Thu, 9 Jan 2025 22:32:54 +0100 Subject: [PATCH 15/17] Add build steps --- .circleci/config.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2e4487232..339b0d241 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -216,7 +216,11 @@ workflows: filters: tags: only: /.*/ - - build-container: + - build-container-python-3-11: + filters: + tags: + only: /[0-9]+(\.[0-9]+)+(\.[0-9]+)?\.?(\w)*/ + - build-container-python-3-12: filters: tags: only: /[0-9]+(\.[0-9]+)+(\.[0-9]+)?\.?(\w)*/ From ba3c65bbde6ea3fb6c6078f83f27324259186c2f Mon Sep 17 00:00:00 2001 From: Renizmy <62422302+Renizmy@users.noreply.github.com> Date: Mon, 13 Jan 2025 08:22:23 +0000 Subject: [PATCH 16/17] delete trivy + change workflow --- .circleci/config.yml | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 339b0d241..462e2371f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -69,17 +69,7 @@ jobs: --platform linux/amd64,linux/arm64 \ -t ${{ env.BASE_REPO }}/client-python-3-11:${CIRCLE_TAG} \ -t ${{ env.BASE_REPO }}client-python-3-11:latest \ - --build-arg BASE_IMAGE="python:3.11-alpine3.20" \ - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.28.0 - with: - image-ref: ${{ env.BASE_REPO }}/client-python-3-11:latest - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + --build-arg BASE_IMAGE="python:3.11-alpine3.20" - run: name: Push image to regsitry @@ -104,17 +94,7 @@ jobs: --platform linux/amd64,linux/arm64 \ -t ${{ env.BASE_REPO }}/client-python-3-12:${CIRCLE_TAG} \ -t ${{ env.BASE_REPO }}/client-python-3-12:latest \ - --build-arg BASE_IMAGE="python:3.12-alpine3.20" \ - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.28.0 - with: - image-ref: ${{ env.BASE_REPO }}/client-python-3-11:latest - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + --build-arg BASE_IMAGE="python:3.12-alpine3.20" - run: name: Push image to regsitry From ff6412777e5fd16d7d5061ccc52d2c72f0906d3c Mon Sep 17 00:00:00 2001 From: Renizmy <62422302+Renizmy@users.noreply.github.com> Date: Mon, 13 Jan 2025 08:22:41 +0000 Subject: [PATCH 17/17] change workflow --- .circleci/config.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 462e2371f..a93072620 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -197,10 +197,14 @@ workflows: tags: only: /.*/ - build-container-python-3-11: + requires: + - build-library filters: tags: only: /[0-9]+(\.[0-9]+)+(\.[0-9]+)?\.?(\w)*/ - build-container-python-3-12: + requires: + - build-library filters: tags: only: /[0-9]+(\.[0-9]+)+(\.[0-9]+)?\.?(\w)*/