Merge branch 'develop' into main

clemlesne · Nov 21, 2023 · 5e8e675 · 5e8e675
2 parents d61d5a3 + bf50ca2
commit 5e8e675
Show file tree

Hide file tree

Showing 12 changed files with 224 additions and 121 deletions.
diff --git a/.github/workflows/pipeline.yaml b/.github/workflows/pipeline.yaml
@@ -21,47 +21,47 @@ env:
   CONTAINER_REGISTRY_GHCR: ghcr.io
   CONTAINER_REGISTRY_DOCKER_HUB: docker.io
   # https://github.com/sigstore/cosign/releases
-  COSIGN_VERSION: 2.2.0
+  COSIGN_VERSION: 2.2.1
   # https://npmjs.com/package/@microsoft/sarif-multitool?activeTab=versions
-  SARIF_MULTITOOL_VERSION: 4.3.0
+  SARIF_MULTITOOL_VERSION: 4.3.7
   # https://npmjs.com/package/snyk?activeTab=versions
-  SNYK_VERSION: 1.1200.0
+  SNYK_VERSION: 1.1248.0
   # https://github.com/microsoft/azure-pipelines-agent/releases
-  AZP_AGENT_VERSION: 3.225.0
+  AZP_AGENT_VERSION: 3.230.0
   # https://github.com/PowerShell/PowerShell/releases
-  POWERSHELL_VERSION: 7.2.13
+  POWERSHELL_VERSION: 7.2.17
   # https://github.com/krallin/tini/releases
   TINI_VERSION: 0.19.0
   # https://github.com/mikefarah/yq/releases
-  YQ_VERSION: 4.35.1
+  YQ_VERSION: 4.35.2
   # https://go.dev/dl
-  GO_VERSION: 1.21.0
+  GO_VERSION: 1.21.4
   # https://github.com/rootless-containers/rootlesskit/releases
   ROOTLESSKIT_VERSION: 1.1.1
   # https://github.com/moby/buildkit/releases
-  BUILDKIT_VERSION: 0.12.1
+  BUILDKIT_VERSION: 0.12.3
   # https://github.com/Azure/azure-cli/releases
-  AZURE_CLI_VERSION: 2.51.0
+  AZURE_CLI_VERSION: 2.54.0
   # https://github.com/stedolan/jq/releases
   JQ_VERSION: 1.6
   # https://github.com/aws/aws-cli/tags
-  AWS_CLI_VERSION: 2.13.9
+  AWS_CLI_VERSION: 2.13.36
   # https://cloud.google.com/sdk/docs/install
-  GCLOUD_CLI_VERSION: 442.0.0
+  GCLOUD_CLI_VERSION: 455.0.0
   # https://github.com/git-for-windows/git/releases
-  GIT_WIN_VERSION: 2.41.0
+  GIT_WIN_VERSION: 2.42.0
   # https://github.com/facebook/zstd/releases
   ZSTD_WIN_VERSION: 1.5.5
   # https://www.python.org/downloads/windows
-  PYTHON_WIN_VERSION: 3.11.4
+  PYTHON_WIN_VERSION: 3.11.6
   # https://nodejs.org/en/download/releases
-  NODE_VERSION: 18.17.1
+  NODE_VERSION: 18.18.2
   # https://github.com/helm/helm/releases
-  HELM_VERSION: 3.12.3
+  HELM_VERSION: 3.13.2
   # https://github.com/oras-project/oras/releases
-  ORAS_VERSION: 1.0.1
+  ORAS_VERSION: 1.1.0
   # https://github.com/docker/buildx/releases
-  BUILDX_VERSION: 0.11.2
+  BUILDX_VERSION: 0.12.0
   # https://github.com/hadolint/hadolint/releases
   HADOLINT_VERSION: 2.12.0
   # https://visualstudio.microsoft.com/downloads/#build-tools-for-visual-studio-2022
@@ -73,15 +73,15 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
         with:
           # We need all Git history for testing credentials
           fetch-depth: 0
           # Ensure all submodules up-to-date
           submodules: recursive
 
       - name: SAST - Credentials
-        uses: trufflesecurity/trufflehog@v3.54.1
+        uses: trufflesecurity/trufflehog@v3.63.1
         with:
           base: ${{ github.event.repository.default_branch }}
           head: HEAD
@@ -96,7 +96,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
         with:
           # We need all Git history for "version.sh"
           fetch-depth: 0
@@ -116,12 +116,12 @@ jobs:
 
       # Required for running "npx" CLI
       - name: Setup Node
-        uses: actions/setup-node@v3.8.1
+        uses: actions/setup-node@v4.0.0
         with:
           node-version: ${{ env.NODE_VERSION }}
 
       - name: Setup Cosign
-        uses: sigstore/cosign-installer@v3.1.1
+        uses: sigstore/cosign-installer@v3.2.0
         with:
           cosign-release: v${{ env.COSIGN_VERSION }}
 
@@ -154,7 +154,7 @@ jobs:
             .cr-release-packages/azure-pipelines-agent-${{ steps.version.outputs.version }}.tgz
 
       - name: Cache Helm chart
-        uses: actions/upload-artifact@v3.1.2
+        uses: actions/upload-artifact@v3.1.3
         with:
           name: helm-chart
           path: .cr-release-packages
@@ -189,7 +189,7 @@ jobs:
             snyk.sarif
 
       - name: Upload results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v2.21.5
+        uses: github/codeql-action/upload-sarif@v2.22.7
         with:
           sarif_file: merged.sarif
 
@@ -204,7 +204,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
         with:
           # Chart Releaser needs to have local access to "gh-pages" plus current branch
           fetch-depth: 0
@@ -221,7 +221,7 @@ jobs:
           path: .cr-release-packages
 
       - name: Archive Helm chart
-        uses: helm/chart-releaser-action@v1.5.0
+        uses: helm/chart-releaser-action@v1.6.0
         with:
           charts_dir: src/helm
           skip_packaging: true
@@ -233,17 +233,17 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
 
       # Required for running "npx" CLI
       - name: Setup Node
-        uses: actions/setup-node@v3.8.1
+        uses: actions/setup-node@v4.0.0
         with:
           node-version: ${{ env.NODE_VERSION }}
 
       - name: Setup Hadolint
         run: |
-          sudo curl -LsSf --retry 4 https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 -o /usr/bin/hadolint
+          sudo curl -LsSf --retry 8 --retry-all-errors https://github.com/hadolint/hadolint/releases/download/v${{ env.HADOLINT_VERSION }}/hadolint-Linux-x86_64 -o /usr/bin/hadolint
           sudo chmod +x /usr/bin/hadolint
           hadolint --version
 
@@ -274,7 +274,7 @@ jobs:
             arch: linux/amd64,linux/arm64
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
         with:
           # We need all Git history for "version.sh"
           fetch-depth: 0
@@ -294,37 +294,37 @@ jobs:
 
       - name: Setup QEMU
         id: setup-qemu
-        uses: docker/setup-qemu-action@v2.2.0
+        uses: docker/setup-qemu-action@v3.0.0
         with:
           platforms: ${{ matrix.arch }}
 
       - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v2.10.0
+        uses: docker/setup-buildx-action@v3.0.0
         with:
           version: v${{ env.BUILDX_VERSION }}
           driver-opts: |
             image=moby/buildkit:v${{ env.BUILDKIT_VERSION }}
 
       # Required for running "npx" CLI
       - name: Setup Node
-        uses: actions/setup-node@v3.8.1
+        uses: actions/setup-node@v4.0.0
         with:
           node-version: ${{ env.NODE_VERSION }}
 
       - name: Setup Cosign
-        uses: sigstore/cosign-installer@v3.1.1
+        uses: sigstore/cosign-installer@v3.2.0
         with:
           cosign-release: v${{ env.COSIGN_VERSION }}
 
       - name: Login to registry - GitHub
-        uses: docker/login-action@v2.2.0
+        uses: docker/login-action@v3.0.0
         with:
           registry: ${{ env.CONTAINER_REGISTRY_GHCR }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to registry - Docker Hub
-        uses: docker/login-action@v2.2.0
+        uses: docker/login-action@v3.0.0
         with:
           registry: ${{ env.CONTAINER_REGISTRY_DOCKER_HUB }}
           username: clemlesne
@@ -341,7 +341,7 @@ jobs:
 
       - name: Container meta
         id: meta
-        uses: docker/metadata-action@v4.6.0
+        uses: docker/metadata-action@v5.0.0
         with:
           images: |
             ${{ env.CONTAINER_REGISTRY_GHCR }}/${{ env.CONTAINER_NAME }}
@@ -375,7 +375,7 @@ jobs:
           echo "tag=$tag" >> $GITHUB_OUTPUT
 
       - name: Build & push container
-        uses: docker/build-push-action@v4.1.1
+        uses: docker/build-push-action@v5.1.0
         with:
           build-args: |
             AWS_CLI_VERSION=${{ env.AWS_CLI_VERSION }}
@@ -441,7 +441,7 @@ jobs:
             *.sarif
 
       - name: Upload results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v2.21.5
+        uses: github/codeql-action/upload-sarif@v2.22.7
         with:
           sarif_file: merged.sarif
 
@@ -462,7 +462,7 @@ jobs:
             runs-on: windows-2019
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
         with:
           # We need all Git history for "version.sh"
           fetch-depth: 0
@@ -482,24 +482,24 @@ jobs:
 
       # Required for running "npx" CLI
       - name: Setup Node
-        uses: actions/setup-node@v3.8.1
+        uses: actions/setup-node@v4.0.0
         with:
           node-version: ${{ env.NODE_VERSION }}
 
       - name: Setup Cosign
-        uses: sigstore/cosign-installer@v3.1.1
+        uses: sigstore/cosign-installer@v3.2.0
         with:
           cosign-release: v${{ env.COSIGN_VERSION }}
 
       - name: Login to registry - GitHub
-        uses: docker/login-action@v2.2.0
+        uses: docker/login-action@v3.0.0
         with:
           registry: ${{ env.CONTAINER_REGISTRY_GHCR }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to registry - Docker Hub
-        uses: docker/login-action@v2.2.0
+        uses: docker/login-action@v3.0.0
         with:
           registry: ${{ env.CONTAINER_REGISTRY_DOCKER_HUB }}
           username: clemlesne
@@ -516,7 +516,7 @@ jobs:
 
       - name: Container meta
         id: meta
-        uses: docker/metadata-action@v4.6.0
+        uses: docker/metadata-action@v5.0.0
         with:
           images: |
             ${{ env.CONTAINER_REGISTRY_GHCR }}/${{ env.CONTAINER_NAME }}
@@ -641,7 +641,7 @@ jobs:
             ${{ steps.tag.outputs.tag }}
 
       - name: Upload results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v2.21.5
+        uses: github/codeql-action/upload-sarif@v2.22.7
         with:
           sarif_file: snyk.sarif
 
@@ -652,7 +652,7 @@ jobs:
       image: returntocorp/semgrep
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
 
       - name: Run tests
         # Semgrep can be used to break the build when it detects security issues. In this case we want to upload the issues to GitHub Security
@@ -662,7 +662,7 @@ jobs:
         run: semgrep ci --sarif --output=semgrep.sarif
 
       - name: Upload results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v2.21.5
+        uses: github/codeql-action/upload-sarif@v2.22.7
         with:
           sarif_file: semgrep.sarif
 
@@ -673,22 +673,22 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.6.0
+        uses: actions/checkout@v4.1.1
 
       - name: Setup ORAS
-        uses: oras-project/setup-oras@v1.0.0
+        uses: oras-project/setup-oras@v1.1.0
         with:
           version: ${{ env.ORAS_VERSION }}
 
       - name: Login to registry - GitHub
-        uses: docker/login-action@v2.2.0
+        uses: docker/login-action@v3.0.0
         with:
           registry: ${{ env.CONTAINER_REGISTRY_GHCR }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to registry - Docker Hub
-        uses: docker/login-action@v2.2.0
+        uses: docker/login-action@v3.0.0
         with:
           registry: ${{ env.CONTAINER_REGISTRY_DOCKER_HUB }}
           username: clemlesne

diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-.PHONY: test lint
+.PHONY: test lint build-docker
 
 test:
 	@echo "➡️ Running Prettier..."
@@ -13,3 +13,6 @@ lint:
 
 	@echo "➡️ Running Hadolint..."
 	find . -name "Dockerfile*" -exec bash -c "echo 'File {}:' && hadolint {}" \;
+
+build-docker:
+	bash cicd/docker-build-local.sh