diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 73d13ae..7dc1932 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -34,7 +34,7 @@ jobs: # Checkout the code base # ########################## - name: Checkout Code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: # Full Git history is needed to get a proper list of changed files fetch-depth: 0 @@ -43,7 +43,7 @@ jobs: # Run Linter against code base # ################################ - name: Lint Code Base - uses: github/super-linter/slim@bb2d833b08b6c288608686672b93a8a4589cdc49 # tag=v4.9.7 + uses: github/super-linter/slim@454ba4482ce2cd0c505bc592e83c06e1e37ade61 # v4.10.1 env: VALIDATE_ALL_CODEBASE: false DEFAULT_BRANCH: develop diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index dcafbdb..5919382 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -14,12 +14,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 # Extract metadata (tags, labels) for Docker - name: Extract Docker metadata id: meta - uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea # tag=v4.1.1 + uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0 with: images: swissgrc/azure-pipelines-openjdk tags: | @@ -30,7 +30,7 @@ jobs: # Build Docker image with Buildx - name: Build Docker image - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # tag=v3.2.0 + uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 # v3.3.0 with: context: . push: false @@ -40,7 +40,7 @@ jobs: # Scan Docker image (not for release builds since we will have multiple tags) - name: Scan Docker image if: github.event_name != 'release' - uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac # tag=0.7.1 + uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # tag=0.8.0 with: image-ref: ${{ steps.meta.outputs.tags }} format: 'sarif' @@ -49,7 +49,7 @@ jobs: # Publish scan report to GitHub - name: Publish scan report to GitHub if: ${{ github.event_name != 'release' && always() }} - uses: github/codeql-action/upload-sarif@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # tag=v2.1.29 + uses: github/codeql-action/upload-sarif@a34ca99b4610d924e04c68db79e503e1f79f9f02 # v2.1.39 with: sarif_file: trivy-results.sarif @@ -63,7 +63,7 @@ jobs: # Publish Docker image for CI builds if not PR build - name: Push container image - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # tag=v3.2.0 + uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 # v3.3.0 if: github.event_name != 'pull_request' with: context: . @@ -74,7 +74,7 @@ jobs: # Update Readme on Docker Hub - name: Publish README to Docker Hub if: github.event_name != 'pull_request' - uses: peter-evans/dockerhub-description@14881160433a81f9ebc838a253d4edd9e8fc35f1 # tag=v3.1.1 + uses: peter-evans/dockerhub-description@93b93397c27ed52b4055b8c6b2f8d92456ab3c56 # tag=v3.1.2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} diff --git a/Dockerfile b/Dockerfile index 0144aea..c4813f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:11.5-slim +FROM debian:11.6-slim LABEL org.opencontainers.image.vendor="Swiss GRC AG" LABEL org.opencontainers.image.authors="Swiss GRC AG " @@ -11,7 +11,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Install Docker CLI # renovate: datasource=github-tags depName=docker/cli extractVersion=^v(?.*)$ -ENV DOCKERCLI_VERSION=20.10.21 +ENV DOCKERCLI_VERSION=20.10.23 #Disabled renovate: datasource=repology depName=debian_11/curl versioning=loose ENV CURL_VERSION=7.74.0-1.3+deb11u3 #Disabled renovate: datasource=repology depName=debian_11/ca-certificates versioning=loose @@ -42,7 +42,7 @@ RUN apt-get update -y && \ # Install OpenJDK # renovate: datasource=adoptium-java depName=java-jdk versioning=loose -ENV OPENJDK_VERSION=17.0.4.1.0+1 +ENV OPENJDK_VERSION=17.0.5.0.0+8 RUN apt-get update -y && \ # Add Eclipse Adoptium public key diff --git a/README.md b/README.md index 2c1f2e8..d4e7534 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Docker image for running Java applications in an Azure Pipelines container job -[![License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](https://github.com/swissgrc/docker-azure-pipelines-openjdk/blob/main/LICENSE) [![Build](https://img.shields.io/github/workflow/status/swissgrc/docker-azure-pipelines-openjdk/Build/develop?style=flat-square)](https://github.com/swissgrc/docker-azure-pipelines-openjdk/actions/workflows/publish.yml) [![Pulls](https://img.shields.io/docker/pulls/swissgrc/azure-pipelines-openjdk.svg?style=flat-square)](https://hub.docker.com/r/swissgrc/azure-pipelines-openjdk) [![Stars](https://img.shields.io/docker/stars/swissgrc/azure-pipelines-openjdk.svg?style=flat-square)](https://hub.docker.com/r/swissgrc/azure-pipelines-openjdk) +[![License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](https://github.com/swissgrc/docker-azure-pipelines-openjdk/blob/main/LICENSE) [![Build](https://img.shields.io/github/actions/workflow/status/swissgrc/docker-azure-pipelines-openjdk/publish.yml?branch=develop&style=flat-square)](https://github.com/swissgrc/docker-azure-pipelines-openjdk/actions/workflows/publish.yml) [![Pulls](https://img.shields.io/docker/pulls/swissgrc/azure-pipelines-openjdk.svg?style=flat-square)](https://hub.docker.com/r/swissgrc/azure-pipelines-openjdk) [![Stars](https://img.shields.io/docker/stars/swissgrc/azure-pipelines-openjdk.svg?style=flat-square)](https://hub.docker.com/r/swissgrc/azure-pipelines-openjdk) Docker image which provides [Eclipse Temurin OpenJDK] in an [Azure Pipelines container jobs]. @@ -35,10 +35,11 @@ The following example shows the container used for a deployment step which shows | Tag | Description | Base Image | Docker CLI | OpenJDK | Size | |------------|-----------------------------------------------------------------------------------------------|------------------|------------|----------|----------------------------------------------------------------------------------------------------------------------------------| -| latest | Latest stable release (from `main` branch) | debian:11.5-slim | 20.10.21 | 17.0.4.1 | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/latest?style=flat-square) | -| unstable | Latest unstable release (from `develop` branch) | debian:11.5-slim | 20.10.21 | 17.0.4.1 | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/unstable?style=flat-square) | +| latest | Latest stable release (from `main` branch) | debian:11.6-slim | 20.10.23 | 17.0.5.0 | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/latest?style=flat-square) | +| unstable | Latest unstable release (from `develop` branch) | debian:11.6-slim | 20.10.23 | 17.0.5.0 | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/unstable?style=flat-square) | | 17.0.4.0 | [OpenJDK 17.0.4](https://foojay.io/java-17/?tab=component&version=17.0.4&quarter=072022) | debian:11.3-slim | 20.10.17 | 17.0.4.0 | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/17.0.4.0?style=flat-square) | | 17.0.4.1 | [OpenJDK 17.0.4](https://foojay.io/java-17/?tab=component&version=17.0.4&quarter=072022) | debian:11.5-slim | 20.10.21 | 17.0.4.1 | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/17.0.4.1?style=flat-square) | +| 17.0.5.0 | [OpenJDK 17.0.5](https://foojay.io/java-17/?tab=component&version=17.0.5&quarter=102022) | debian:11.6-slim | 20.10.23 | 17.0.5.0 | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/17.0.5.0?style=flat-square) | ### Configuration @@ -46,8 +47,8 @@ These environment variables are supported: | Environment variable | Default value | Description | |------------------------|----------------------|------------------------------------------------------------------| -| DOCKERCLI_VERSION | `20.10.21` | Version of Docker CLI installed in the image. | -| OPENJDK_VERSION | `17.0.4.1.0+1` | Version of Eclipse Temurin OpenJDK installed in the image. | +| DOCKERCLI_VERSION | `20.10.23` | Version of Docker CLI installed in the image. | +| OPENJDK_VERSION | `17.0.5.0.0+8` | Version of Eclipse Temurin OpenJDK installed in the image. | | CACERTIFICATES_VERSION | `20210119` | Version of `ca-certificates` package used to install components. | | CURL_VERSION | `7.74.0-1.3+deb11u3` | Version of `curl` package used to install components. | | LSBRELEASE_VERSION | `11.1.0` | Version of `lsb-release` package used to install components. |