UNCLASSIFIED

Commit 94571651 authored by Andy Maksymowicz's avatar Andy Maksymowicz
Browse files

Merge branch 'resolve-cve' into 'development'

update base container

See merge request !17
parents 99568543 98ba85ae
Pipeline #275460 passed with stages
in 4 minutes and 59 seconds
ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_REGISTRY=registry1.dso.mil
ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8-minimal ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8-minimal
ARG BASE_TAG=8.3 ARG BASE_TAG=8.4
FROM hadolint/hadolint:v2.4.0 AS base FROM hadolint/hadolint:v2.4.0 AS base
...@@ -13,4 +13,4 @@ RUN microdnf update --nodocs && \ ...@@ -13,4 +13,4 @@ RUN microdnf update --nodocs && \
COPY --from=base /bin/hadolint /usr/bin/hadolint COPY --from=base /bin/hadolint /usr/bin/hadolint
USER 1000 USER 1000
HEALTHCHECK NONE HEALTHCHECK NONE
ENTRYPOINT ["hadolint"] ENTRYPOINT ["hadolint"]
\ No newline at end of file
...@@ -10,7 +10,7 @@ tags: ...@@ -10,7 +10,7 @@ tags:
args: args:
BASE_IMAGE: "redhat/ubi/ubi8-minimal" BASE_IMAGE: "redhat/ubi/ubi8-minimal"
BASE_TAG: "8.3" BASE_TAG: "8.4"
labels: labels:
org.opencontainers.image.title: "hadolint" org.opencontainers.image.title: "hadolint"
......
{
"extends": ["config:base"],
"baseBranches": ["development"],
"regexManagers": [
{
"fileMatch": ["^hardening_manifest.yaml$"],
"matchStrings": [
"tags:\\s+-\\s+\"(?<currentValue>.+?)\"",
"tag: .*:(?<currentValue>.*?)$",
"org\\.opencontainers\\.image\\.version:\\s+\"(?<currentValue>.+?)\"",
"url: docker://.*@(?<currentDigest>sha256:[a-f0-9]+)"
],
"depNameTemplate": "hadolint/hadolint",
"datasourceTemplate": "docker"
},
{
"fileMatch": ["^hardening_manifest.yaml$", "^Dockerfile$"],
"matchStrings": [
"BASE_TAG: \"(?<currentValue>.*?)\"",
"BASE_TAG=(?<currentValue>.*?)$"
],
"depNameTemplate": "registry1.dso.mil/ironbank/redhat/ubi/ubi8-minimal",
"datasourceTemplate": "docker"
}
]
}
{
extends: ["config:base"],
baseBranches: ["development"],
regexManagers: [
// tool image updates
{
fileMatch: ["^hardening_manifest.yaml$"],
matchStrings: [
'tags:\\s+-\\s+"(?<currentValue>.+?)"',
"tag: .*:(?<currentValue>.*?)$",
'org\\.opencontainers\\.image\\.version:\\s+"(?<currentValue>.+?)"',
"url: docker://.*@(?<currentDigest>sha256:[a-f0-9]+)",
],
depNameTemplate: "hadolint/hadolint",
datasourceTemplate: "docker",
},
// base image updating
{
fileMatch: ["^hardening_manifest.yaml$$", "^Dockerfile$"],
matchStrings: [
'BASE_TAG: "(?<currentValue>.*?)"',
"BASE_TAG=(?<currentValue>.*?)$",
],
depNameTemplate: "registry1.dso.mil/ironbank/redhat/ubi/ubi8-minimal",
datasourceTemplate: "docker",
},
],
// group our dependencies in one MR as the base image and code image are likely to update at different times
groupName: "all dependencies",
separateMajorMinor: false,
groupSlug: "all",
packageRules: [
{
matchPackagePatterns: ["*"],
groupName: "all dependencies",
groupSlug: "all",
},
],
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment