From 1d7fb95305d4e2846bd7561a4987f8ae88be9e0f Mon Sep 17 00:00:00 2001 From: Zachary Sanders Date: Tue, 1 Jun 2021 15:26:57 +0000 Subject: [PATCH 1/6] renovate update --- hardening_manifest.yaml | 2 +- renovate.json | 17 +++++++++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 9aa96f6..b79ccac 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -90,4 +90,4 @@ maintainers: name: "Adam Martin" # # The gitlab username of the current container owner username: "adam.martin" - cht_member: true \ No newline at end of file + cht_member: true diff --git a/renovate.json b/renovate.json index 3a10b80..3c9a97a 100644 --- a/renovate.json +++ b/renovate.json @@ -5,6 +5,8 @@ "baseBranches": [ "development" ], + "automerge": true, + "gitLabAutomerge": true, "regexManagers": [ { "fileMatch": [ @@ -15,7 +17,18 @@ ], "depNameTemplate": "registry1.dso.mil/ironbank/python/python39", "datasourceTemplate": "docker" - } + }, + { + "fileMatch": [ + "^hardening_manifest.yaml$" + ], + "matchStrings": [ + "org\\.opencontainers\\.image\\.version:\\s+\"(?.+?)\"", + "tags:\\s+-\\s+\"(?.+?)\"" + ], + "depNameTemplate": "truffleHog3", + "datasourceTemplate": "pypi" + } ] } - \ No newline at end of file + -- GitLab From 0f6877df0413c24238ac70235ef4d2db630b8e8b Mon Sep 17 00:00:00 2001 From: renovate Date: Wed, 2 Jun 2021 01:02:33 +0000 Subject: [PATCH 2/6] Update dependency truffleHog3 to v2.0.5 --- hardening_manifest.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index b79ccac..f27f8ee 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "opensource/trufflehog/trufflehog3" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "2.0.4" +- "2.0.5" - "latest" # Build args passed to Dockerfile ARGs @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "https://github.com/feeltheajf/trufflehog3" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "opensource" - org.opencontainers.image.version: "2.0.4" + org.opencontainers.image.version: "2.0.5" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "trufflehog3,secrets" ## This value can be "opensource" or "commercial" -- GitLab From df7ef8a07b86f5a2b2e6f0ebe44314602eca1b24 Mon Sep 17 00:00:00 2001 From: Adam Martin Date: Wed, 2 Jun 2021 12:46:46 +0000 Subject: [PATCH 3/6] Update trugglehog3 whl to 2.0.5 --- hardening_manifest.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index f27f8ee..051247c 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -37,11 +37,11 @@ labels: # List of resources to make available to the offline build context resources: -- filename: truffleHog3-2.0.4-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/b2/c4/3e3f16002e2ea0b8421b6ff43eb88a1e6036f0723240b93ad1bff9363936/truffleHog3-2.0.4-py2.py3-none-any.whl +- filename: truffleHog3-2.0.5-py2.py3-none-any.whl + url: https://files.pythonhosted.org/packages/f4/83/7b145927deaf5a546d074c46f3bf9c77306c0e936eddb1427ed42fb000eb/truffleHog3-2.0.5-py2.py3-none-any.whl validation: type: sha256 - value: 79ac7171f395ce047b09aecaa9ee68b650d48cd6d9d3d70d7a9b637a2decf6df + value: f08e6a764879895bd7992eaca8aeaee7c8d22b42bd11526bbbe9c474afc8518f - filename: Jinja2-2.11.1-py2.py3-none-any.whl url: https://files.pythonhosted.org/packages/27/24/4f35961e5c669e96f6559760042a55b9bcfcdb82b9bdb3c8753dbe042e35/Jinja2-2.11.1-py2.py3-none-any.whl validation: -- GitLab From aea74cd52fe9793118ffe00107435a0f9f6202d2 Mon Sep 17 00:00:00 2001 From: Adam Martin Date: Wed, 2 Jun 2021 09:13:30 -0400 Subject: [PATCH 4/6] update supporting deps for 2.0.5 --- Dockerfile | 5 ++--- hardening_manifest.yaml | 14 ++------------ 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 84290d3..033ba5a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,8 +7,7 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as build USER 0 COPY *.whl *.tar.gz /wheel/ -RUN pip install --no-index --find-links=/wheel/ truffleHog3 && \ - pip install --upgrade --no-index --find-links=/wheel/ PyYAML Jinja2 +RUN pip install --no-index --find-links=/wheel/ truffleHog3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -16,7 +15,7 @@ COPY --from=build /usr/local/lib/python3.9/site-packages/ /usr/local/lib/python3 COPY --from=build /usr/local/bin/trufflehog3 /usr/local/bin/ USER 0 - + RUN dnf update -y && \ dnf install -y git --nodocs && \ dnf clean all && \ diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 051247c..a50850c 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -42,11 +42,6 @@ resources: validation: type: sha256 value: f08e6a764879895bd7992eaca8aeaee7c8d22b42bd11526bbbe9c474afc8518f -- filename: Jinja2-2.11.1-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/27/24/4f35961e5c669e96f6559760042a55b9bcfcdb82b9bdb3c8753dbe042e35/Jinja2-2.11.1-py2.py3-none-any.whl - validation: - type: sha256 - value: b0eaf100007721b5c16c1fc1eecb87409464edc10469ddc9a22a27a99123be49 - filename: Jinja2-2.11.3-py2.py3-none-any.whl url: https://files.pythonhosted.org/packages/7e/c2/1eece8c95ddbc9b1aeb64f5783a9e07a286de42191b7204d67b7496ddf35/Jinja2-2.11.3-py2.py3-none-any.whl validation: @@ -57,13 +52,8 @@ resources: validation: type: sha256 value: 43da89427bdf18bf07f1164c6d415750693b4d50e28fc9b68de706245147b9dd -- filename: PyYAML-5.3.1.tar.gz - url: https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz - validation: - type: sha256 - value: b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d -- filename: PyYAML-5.4.1-cp39-cp39-manylinux1_x86_64.whl - url: https://files.pythonhosted.org/packages/3d/1f/2a3705efca3b47161ceaaf52970a9d4b81cc84600818686ecd75093a00a5/PyYAML-5.4.1-cp39-cp39-manylinux1_x86_64.whl +- filename: PyYAML-5.4-cp39-cp39-manylinux1_x86_64.whl + url: https://files.pythonhosted.org/packages/43/e8/31007862b01580c507e24b88aeedb71bb81d6125a71c651a26370e6e0648/PyYAML-5.4-cp39-cp39-manylinux1_x86_64.whl validation: type: sha256 value: 74c1485f7707cf707a7aef42ef6322b8f97921bd89be2ab6317fd782c2d53183 -- GitLab From d7e807daa60f971c6fa370cec996503441f5cdd5 Mon Sep 17 00:00:00 2001 From: Adam Martin Date: Wed, 2 Jun 2021 09:16:03 -0400 Subject: [PATCH 5/6] correct checksum for pyyaml --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index a50850c..ff07253 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -56,7 +56,7 @@ resources: url: https://files.pythonhosted.org/packages/43/e8/31007862b01580c507e24b88aeedb71bb81d6125a71c651a26370e6e0648/PyYAML-5.4-cp39-cp39-manylinux1_x86_64.whl validation: type: sha256 - value: 74c1485f7707cf707a7aef42ef6322b8f97921bd89be2ab6317fd782c2d53183 + value: 02c78d77281d8f8d07a255e57abdbf43b02257f59f50cc6b636937d68efa5dd0 - filename: gitdb-4.0.7-py3-none-any.whl url: https://files.pythonhosted.org/packages/ea/e8/f414d1a4f0bbc668ed441f74f44c116d9816833a48bf81d22b697090dba8/gitdb-4.0.7-py3-none-any.whl validation: -- GitLab From 356a8ecfeda5de1874e30277905cf350d4e7987f Mon Sep 17 00:00:00 2001 From: Adam Martin Date: Wed, 2 Jun 2021 09:25:05 -0400 Subject: [PATCH 6/6] no longer uses tarballs for deps --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 033ba5a..6c9f0d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as build USER 0 -COPY *.whl *.tar.gz /wheel/ +COPY *.whl /wheel/ RUN pip install --no-index --find-links=/wheel/ truffleHog3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -- GitLab