GitHub-Bitwarden
/
gh-actions
mirror of https://github.com/bitwarden/gh-actions.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

[BRE-915] Update and harden container images (#412) 

* Update base image for get-checksum to gcr.io/distroless/python3-debian12:nonroot

* Update base image in version-bump to gcr.io/distroless/python3-debian12:nonroot

* Remove unnecessary pip install commands from Dockerfile

* Refactor Dockerfile to use python:3-slim base image and streamline package installation

* Refactor Dockerfile to improve build process and update main.py to use xml.etree.ElementTree

* Add step to fix file permissions in test-version-bump workflow

* Remove file permission fix step from test-version-bump workflow and update Dockerfile to use non-root base image

* Update crowdin
pull/343/head
Michał Chęciński 5 months ago committed by GitHub
parent
374930bf2a
commit
c915b61baf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 13 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      crowdin/Dockerfile
  2. 7
      get-checksum/Dockerfile
  3. 16
      version-bump/Dockerfile
  4. 4
      version-bump/main.py

2
crowdin/Dockerfile
Unescape View File

@ -1,4 +1,4 @@
FROM crowdin/cli:3.19.4 FROM crowdin/cli:4.9.0
RUN apk --no-cache add curl git jq gnupg; RUN apk --no-cache add curl git jq gnupg;

7
get-checksum/Dockerfile
Unescape View File

@ -1,12 +1,9 @@
FROM python:3-slim FROM gcr.io/distroless/python3-debian12:nonroot
ADD . /app ADD . /app
WORKDIR /app WORKDIR /app
RUN pip3 install lxml --target=/app ENV PYTHONPATH=/app
RUN pip3 install pyyaml --target=/app
ENV PYTHONPATH /app
ENTRYPOINT [ "python", "/app/main.py" ] ENTRYPOINT [ "python", "/app/main.py" ]

16
version-bump/Dockerfile
Unescape View File

@ -1,13 +1,13 @@
FROM python:3-slim FROM python:3-slim AS builder
ADD . /app
WORKDIR /app WORKDIR /app
RUN pip3 install --no-cache-dir pyyaml --target=.
ADD ./main.py .
RUN pip3 install lxml --target=/app FROM gcr.io/distroless/python3-debian12
RUN pip3 install pyyaml --target=/app
ENV PYTHONPATH /app WORKDIR /app
COPY --from=builder /app /app
ENV PYTHONPATH=/app
CMD ["/app/main.py"] ENTRYPOINT ["/usr/bin/python3", "-u", "/app/main.py"]
ENTRYPOINT [ "python", "-u" ]

4
version-bump/main.py
Unescape View File

@ -2,7 +2,7 @@ import os
import json import json
import plistlib import plistlib
import re import re
import lxml.etree as ET import xml.etree.ElementTree as ET
import yaml import yaml
@ -58,7 +58,7 @@ def update_xml(version, file_path):
f.write(data_new) f.write(data_new)
# Microsoft .NET project files # Microsoft .NET project files
elif myroot.attrib.has_key("Sdk") and "Microsoft.NET.Sdk" in myroot.attrib["Sdk"]: elif "Sdk" in myroot.attrib and "Microsoft.NET.Sdk" in myroot.attrib["Sdk"]:
version_property = [x for x in myroot[0] if x.tag == "Version"][-1] version_property = [x for x in myroot[0] if x.tag == "Version"][-1]
version_property.text = version version_property.text = version
mytree.write(file_path) mytree.write(file_path)

Write Preview
Loading…
Cancel
Save