From 713d3eec661644fe34ed6d7185e91949111b000f Mon Sep 17 00:00:00 2001 From: ethanholen-hpe Date: Tue, 17 Sep 2024 12:58:13 -0600 Subject: [PATCH 1/2] Added alpine image to fix issue with cray-vpa --- ...y.io.reactiveops.ci-images.v11-alpine.yaml | 59 +++++++++++++++++++ .../ci-images/v11-alpine/Dockerfile | 28 +++++++++ 2 files changed, 87 insertions(+) create mode 100644 .github/workflows/quay.io.reactiveops.ci-images.v11-alpine.yaml create mode 100644 quay.io/reactiveops/ci-images/v11-alpine/Dockerfile diff --git a/.github/workflows/quay.io.reactiveops.ci-images.v11-alpine.yaml b/.github/workflows/quay.io.reactiveops.ci-images.v11-alpine.yaml new file mode 100644 index 00000000..3b092afe --- /dev/null +++ b/.github/workflows/quay.io.reactiveops.ci-images.v11-alpine.yaml @@ -0,0 +1,59 @@ +# +# MIT License +# +# (C) Copyright [2024] Hewlett Packard Enterprise Development LP +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included +# in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR +# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +# OTHER DEALINGS IN THE SOFTWARE. +# + +# Generated with: make add IMAGE=reactiveops/ci-images:v11-alpine REGISTRY=quay.io PACKAGE_MANAGER=apk +# +--- +name: quay.io/reactiveops/ci-images:v11-alpine +on: + push: + paths: + - .github/workflows/quay.io.reactiveops.ci-images.v11-alpine.yaml + - quay.io/reactiveops/ci-images/v11-alpine/** + workflow_dispatch: +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + env: + CONTEXT_PATH: quay.io/reactiveops/ci-images/v11-alpine + DOCKER_REPO: artifactory.algol60.net/csm-docker/${{ github.ref == 'refs/heads/main' && 'stable' || 'unstable' }}/quay.io/reactiveops/ci-images + DOCKER_TAG: v11-alpine + steps: + - name: build-sign-scan + uses: Cray-HPE/github-actions/build-sign-scan@build-sign-scan/v2 + with: + context_path: ${{ env.CONTEXT_PATH }} + docker_repo: ${{ env.DOCKER_REPO }} + docker_tag: ${{ env.DOCKER_TAG }} + docker_username: ${{ secrets.ARTIFACTORY_ALGOL60_USERNAME }} + docker_password: ${{ secrets.ARTIFACTORY_ALGOL60_TOKEN }} + sign: ${{ github.ref == 'refs/heads/main' }} + cosign_gcp_workload_identity_provider: ${{ secrets.COSIGN_GCP_WORKLOAD_IDENTITY_PROVIDER_RSA }} + cosign_gcp_service_account: ${{ secrets.COSIGN_GCP_SERVICE_ACCOUNT_RSA }} + cosign_key: ${{ secrets.COSIGN_KEY_RSA }} + snyk_token: ${{ secrets.SNYK_TOKEN }} + fail_on_snyk_errors: true diff --git a/quay.io/reactiveops/ci-images/v11-alpine/Dockerfile b/quay.io/reactiveops/ci-images/v11-alpine/Dockerfile new file mode 100644 index 00000000..c3a183cc --- /dev/null +++ b/quay.io/reactiveops/ci-images/v11-alpine/Dockerfile @@ -0,0 +1,28 @@ +# +# MIT License +# +# (C) Copyright [2024] Hewlett Packard Enterprise Development LP +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included +# in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR +# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +# OTHER DEALINGS IN THE SOFTWARE. +# + +# Generated with: make add IMAGE=reactiveops/ci-images:v11-alpine REGISTRY=quay.io PACKAGE_MANAGER=apk +# +FROM quay.io/reactiveops/ci-images:v11-alpine +RUN apk update && apk add --upgrade apk-tools && apk -U upgrade && rm -rf /var/cache/apk/* From e0c0ed8fa4458fe5fbbcfd28839600082d678a07 Mon Sep 17 00:00:00 2001 From: ethanholen-hpe Date: Tue, 17 Sep 2024 14:26:00 -0600 Subject: [PATCH 2/2] changed fail on snyk errors to false --- .github/workflows/quay.io.reactiveops.ci-images.v11-alpine.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/quay.io.reactiveops.ci-images.v11-alpine.yaml b/.github/workflows/quay.io.reactiveops.ci-images.v11-alpine.yaml index 3b092afe..a7cdb8ac 100644 --- a/.github/workflows/quay.io.reactiveops.ci-images.v11-alpine.yaml +++ b/.github/workflows/quay.io.reactiveops.ci-images.v11-alpine.yaml @@ -56,4 +56,4 @@ jobs: cosign_gcp_service_account: ${{ secrets.COSIGN_GCP_SERVICE_ACCOUNT_RSA }} cosign_key: ${{ secrets.COSIGN_KEY_RSA }} snyk_token: ${{ secrets.SNYK_TOKEN }} - fail_on_snyk_errors: true + fail_on_snyk_errors: false