Bump google/cloud-sdk from 439.0.0-alpine to 473.0.0-alpine (#34)

dependabot[bot] · monotek · web-flow · commit 034fe0a9725c · 2024-04-29T15:07:37.000+02:00
* Bump google/cloud-sdk from 439.0.0-alpine to 473.0.0-alpine

Bumps google/cloud-sdk from 439.0.0-alpine to 473.0.0-alpine.

---
updated-dependencies:
- dependency-name: google/cloud-sdk
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] &lt;support@github.com&gt;

* update action permissions

Signed-off-by: André Bauer &lt;andre.bauer@staffbase.com&gt;

* install aws-cli via pak

Signed-off-by: André Bauer &lt;andre.bauer@staffbase.com&gt;

* update superlinter

Signed-off-by: André Bauer &lt;andre.bauer@staffbase.com&gt;

* fetch depth

Signed-off-by: André Bauer &lt;andre.bauer@staffbase.com&gt;

* disable healthcheck

Signed-off-by: André Bauer &lt;andre.bauer@staffbase.com&gt;

* disable shfmt

Signed-off-by: André Bauer &lt;andre.bauer@staffbase.com&gt;

---------

Signed-off-by: dependabot[bot] &lt;support@github.com&gt;
Signed-off-by: André Bauer &lt;andre.bauer@staffbase.com&gt;
Co-authored-by: dependabot[bot] &lt;49699333+dependabot[bot]@users.noreply.github.com&gt;
Co-authored-by: André Bauer &lt;andre.bauer@staffbase.com&gt;
Co-authored-by: André Bauer &lt;monotek@users.noreply.github.com&gt;
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,21 +1,28 @@
 ---
 name: ci
 
-on: 
+permissions: read-all
+
+on:
   pull_request:
 
 jobs:
   super-linter:
+    permissions:
+      statuses: write
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - name: Lint Code Base
-        uses: github/super-linter/slim@v5
+        uses: github/super-linter/slim@v6
         env:
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VALIDATE_SHELL_SHFMT: false
 
   docker-build:
     runs-on: ubuntu-22.04
diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml
@@ -1,11 +1,15 @@
 ---
 name: dependabot-auto-merge
 
+permissions: read-all
+
 on:
   pull_request:
 
 jobs:
   auto-merge:
+    permissions:
+      contents: write
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/release-drafter.yaml b/.github/workflows/release-drafter.yaml
@@ -1,16 +1,16 @@
 ---
 name: Release Drafter
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:
       - main
   pull_request:
     types: [opened, reopened, synchronize]
 
-permissions:
-  contents: read
-
 jobs:
   update_release_draft:
     permissions:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,6 +1,8 @@
 ---
 name: release
 
+permissions: read-all
+
 on:
   push:
     branches:
@@ -10,6 +12,10 @@ on:
 
 jobs:
   docker-build-push:
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout Code
diff --git a/Dockerfile b/Dockerfile
@@ -1,13 +1,14 @@
-FROM google/cloud-sdk:439.0.0-alpine
+FROM google/cloud-sdk:473.0.0-alpine
 
 COPY entrypoint.sh /
 
 # hadolint ignore=DL3013,DL3018
-RUN apk add --no-cache mysql-client py3-pip rsync && \
-    pip3 install --no-cache-dir awscli && \
+RUN apk add --no-cache aws-cli mysql-client rsync && \
     rm -rf /var/cache/apk/* && \
     chmod +x /entrypoint.sh
 
+#checkov:skip=CKV_DOCKER_2:We don't need Docker HEALTHCHECK in Kubernetes
+
 USER cloudsdk
 
 ENTRYPOINT ["/entrypoint.sh"]
