diff --git a/Dockerfile b/Dockerfile index d159db069f072efe17c5300fc91de83798c0bb7f..a556451dcf2238e2b5c16f7b5aa9377155d604f8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 ARG BASE_TAG=8.4 -FROM openpolicyagent/opa:0.28.0 as base +FROM openpolicyagent/opa:0.29.2 as base FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -13,11 +13,11 @@ RUN dnf upgrade -y && \ COPY --from=base /opa /opa +USER 1001 + HEALTHCHECK --interval=5s --timeout=5s --start-period=5s --retries=3 \ CMD curl -f http://locahost:8181/health || exit 1 -USER 1001 - ENTRYPOINT ["/opa"] CMD ["run"] diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 1c8cfcf4b80d477475f4a6d0c8e093db4cb3ae83..f8911682991ad6eddc88af0d59980db20898ced7 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "opensource/openpolicyagent/opa" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "0.28.0" +- "0.29.2" - "latest" # Build args passed to Dockerfile ARGs @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "https://www.openpolicyagent.org/" # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "styra" - org.opencontainers.image.version: "0.28.0" + org.opencontainers.image.version: "0.29.2" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "policy,control,cloud,administration" # This value can be "opensource" or "commercial" @@ -37,8 +37,8 @@ labels: # List of resources to make available to the offline build context resources: -- tag: openpolicyagent/opa:0.28.0 - url: docker://docker.io/openpolicyagent/opa@sha256:c5f5928527e26f35ee483bdfc5d439c58465bd511e36bc5ecc1da19b61c43248 +- tag: openpolicyagent/opa:0.29.2 + url: docker://docker.io/openpolicyagent/opa@sha256:61d9bb9050b89b01e1c04be061a4b8d6b1432512f0dbc38d48b83eec07870061 # List of project maintainers maintainers: