Skip to content

Commit 765ea3d

Browse files
joecoralljoecorall
committed
Install Go security tools in Codex image
1 parent 8397749 commit 765ea3d

1 file changed

Lines changed: 14 additions & 5 deletions

File tree

Dockerfile

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,8 @@ ENV TZ="$TZ"
55

66
RUN mkdir -p /usr/local/share/npm-global && \
77
chown -R node:node /usr/local/share && \
8-
mkdir -p /workspace /home/node/.claude && \
9-
chown -R node:node /workspace /home/node/.claude
8+
mkdir -p /workspace /home/node/.claude /home/node/.codex && \
9+
chown -R node:node /workspace /home/node/.claude /home/node/.codex
1010

1111
WORKDIR /workspace
1212

@@ -22,7 +22,7 @@ ARG \
2222
# renovate: datasource=npm depName=@anthropic-ai/claude-code
2323
CLAUDE_CLI_VERSION=2.1.117 \
2424
# renovate: datasource=npm depName=@openai/codex
25-
CODEX_CLI_VERSION=0.125.0 \
25+
CODEX_CLI_VERSION=0.128.0 \
2626
# renovate: datasource=npm depName=@google/gemini-cli
2727
GEMINI_CLI_VERSION=0.38.2 \
2828
# renovate: datasource=npm depName=opencode-ai
@@ -105,7 +105,13 @@ ARG \
105105
GO_AMD64=linux-amd64.tar.gz \
106106
GO_AMD64_SHA256="031f088e5d955bab8657ede27ad4e3bc5b7c1ba281f05f245bcc304f327c987a" \
107107
GO_ARM64=linux-arm64.tar.gz \
108-
GO_ARM64_SHA256="a290581cfe4fe28ddd737dde3095f3dbeb7f2e4065cab4eae44dfc53b760c2f7"
108+
GO_ARM64_SHA256="a290581cfe4fe28ddd737dde3095f3dbeb7f2e4065cab4eae44dfc53b760c2f7" \
109+
# renovate: datasource=go depName=golang.org/x/tools/gopls
110+
GOPLS_VERSION=v0.21.1 \
111+
# renovate: datasource=go depName=golang.org/x/vuln
112+
GOVULNCHECK_VERSION=v1.2.0 \
113+
# renovate: datasource=go depName=github.com/securego/gosec/v2
114+
GOSEC_VERSION=v2.25.0
109115

110116
RUN BC_VERSION_HACK="${BC_VERSION}$([ "${TARGETARCH}" = "arm64" ] && echo "+b1" || echo "")" && \
111117
apt-get update && \
@@ -179,6 +185,7 @@ COPY force-tty.js /home/node/.force-tty.js
179185
ENV \
180186
NODE_OPTIONS="--max-old-space-size=4096 --require /home/node/.force-tty.js" \
181187
CLAUDE_CONFIG_DIR="/home/node/.claude" \
188+
CODEX_HOME="/home/node/.codex" \
182189
COMPOSER_HOME="/home/node/.composer" \
183190
COMPOSER_MEMORY_LIMIT=-1 \
184191
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/go/bin:/home/node/go/bin:/usr/local/share/npm-global/bin:/home/node/.composer/vendor/bin \
@@ -187,7 +194,9 @@ ENV \
187194
COPY docker-entrypoint.sh /docker-entrypoint.sh
188195
COPY .bash_aliases /home/node/
189196

190-
RUN go install golang.org/x/tools/gopls@v0.21.1 && \
197+
RUN go install golang.org/x/tools/gopls@"${GOPLS_VERSION}" && \
198+
go install golang.org/x/vuln/cmd/govulncheck@"${GOVULNCHECK_VERSION}" && \
199+
go install github.com/securego/gosec/v2/cmd/gosec@"${GOSEC_VERSION}" && \
191200
if [ -z "$CLI" ] || [ "$CLI" = "claude" ]; then claude install; fi
192201

193202
ENTRYPOINT [ "/docker-entrypoint.sh" ]

0 commit comments

Comments
 (0)