Merge branch 'release/17.0.4.1'

.github/CODEOWNERS

@@ -1,3 +1,3 @@
 # These owners will be the default owners for everything in the repo and
 # will be requested for review when someone opens a pull request.
-*       @swissgrc/development
+*       @swissgrc/platform

.github/renovate.json

@@ -12,5 +12,12 @@
         "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?\\s(ENV|ARG) .*?_VERSION(\\s+|=)(?<currentValue>.*)\\s"
       ]
     }
+  ],
+  "packageRules": [
+    {
+      "matchPackageNames": ["java-jdk"],
+      "matchPaths": ["/Dockerfile"],
+      "allowedVersions": "<18"
+    }
   ]
 }

.github/workflows/linter.yml

@@ -34,7 +34,7 @@ jobs:
       # Checkout the code base #
       ##########################
       - name: Checkout Code
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # renovate: tag=v3.0.2
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
         with:
           # Full Git history is needed to get a proper list of changed files
           fetch-depth: 0
@@ -43,7 +43,7 @@ jobs:
       # Run Linter against code base #
       ################################
       - name: Lint Code Base
-        uses: github/super-linter/slim@01d3218744765b55c3b5ffbb27e50961e50c33c5 # tag=v4.9.6
+        uses: github/super-linter/slim@bb2d833b08b6c288608686672b93a8a4589cdc49 # tag=v4.9.7
         env:
           VALIDATE_ALL_CODEBASE: false
           DEFAULT_BRANCH: develop

.github/workflows/publish.yml

@@ -14,12 +14,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # renovate: tag=v3.0.2
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
 
       # Extract metadata (tags, labels) for Docker
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a # renovate: tag=v4.0.1
+        uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea # tag=v4.1.1
         with:
           images: swissgrc/azure-pipelines-openjdk
           tags: |
@@ -30,7 +30,7 @@ jobs:
 
       # Build Docker image with Buildx
       - name: Build Docker image
-        uses: docker/build-push-action@c84f38281176d4c9cdb1626ffafcd6b3911b5d94 # tag=v3.1.1
+        uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # tag=v3.2.0
         with:
           context: .
           push: false
@@ -40,7 +40,7 @@ jobs:
       # Scan Docker image (not for release builds since we will have multiple tags)
       - name: Scan Docker image
         if: github.event_name != 'release'
-        uses: aquasecurity/trivy-action@cb606dfdb0d2b3698ace62192088ef4f5360b24f # tag=0.6.2
+        uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac # tag=0.7.1
         with:
           image-ref: ${{ steps.meta.outputs.tags }}
           format: 'sarif'
@@ -49,24 +49,33 @@ jobs:
       # Publish scan report to GitHub
       - name: Publish scan report to GitHub
         if: ${{ github.event_name != 'release' && always() }}
-        uses: github/codeql-action/upload-sarif@2ca79b6fa8d3ec278944088b4aa5f46912db5d63 # tag=v2.1.18
+        uses: github/codeql-action/upload-sarif@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # tag=v2.1.29
         with:
           sarif_file: trivy-results.sarif
 
       # Login to Docker registry if not PR build
       - name: Log in to Docker Hub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # renovate: tag=v2.0.0
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # tag=v2.1.0
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       # Publish Docker image for CI builds if not PR build
       - name: Push container image
-        uses: docker/build-push-action@c84f38281176d4c9cdb1626ffafcd6b3911b5d94 # tag=v3.1.1
+        uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # tag=v3.2.0
         if: github.event_name != 'pull_request'
         with:
           context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+
+      # Update Readme on Docker Hub
+      - name: Publish README to Docker Hub
+        if: github.event_name != 'pull_request'
+        uses: peter-evans/dockerhub-description@14881160433a81f9ebc838a253d4edd9e8fc35f1 # tag=v3.1.1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          repository: swissgrc/azure-pipelines-openjdk

Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:11.3-slim
+FROM debian:11.5-slim
 
 LABEL org.opencontainers.image.vendor="Swiss GRC AG"
 LABEL org.opencontainers.image.authors="Swiss GRC AG <[email protected]>"
@@ -11,14 +11,14 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # Install Docker CLI
 
 # renovate: datasource=github-tags depName=docker/cli extractVersion=^v(?<version>.*)$
-ENV DOCKERCLI_VERSION=20.10.17
-# renovate: datasource=repology depName=debian_11/curl versioning=loose
-ENV CURL_VERSION=7.74.0-1.3+deb11u2
-# renovate: datasource=repology depName=debian_11/ca-certificates versioning=loose
+ENV DOCKERCLI_VERSION=20.10.21
+#Disabled renovate: datasource=repology depName=debian_11/curl versioning=loose
+ENV CURL_VERSION=7.74.0-1.3+deb11u3
+#Disabled renovate: datasource=repology depName=debian_11/ca-certificates versioning=loose
 ENV CACERTIFICATES_VERSION=20210119
-# renovate: datasource=repology depName=debian_11/lsb-release versioning=loose
+#Disabled renovate: datasource=repology depName=debian_11/lsb-release versioning=loose
 ENV LSBRELEASE_VERSION=11.1.0
-# renovate: datasource=repology depName=debian_11/gnupg2 versioning=loose
+#Disabled renovate: datasource=repology depName=debian_11/gnupg2 versioning=loose
 ENV GNUPG_VERSION=2.2.27-2+deb11u2
 
 RUN apt-get update -y && \
@@ -41,8 +41,8 @@ RUN apt-get update -y && \
 
 # Install OpenJDK
 
-# renovate: datasource=adoptium depName=java-jdk versioning=loose
-ENV OPENJDK_VERSION=17.0.4.0.0+8
+# renovate: datasource=adoptium-java depName=java-jdk versioning=loose
+ENV OPENJDK_VERSION=17.0.4.1.0+1
 
 RUN apt-get update -y && \
   # Add Eclipse Adoptium public key

README.md

@@ -33,22 +33,23 @@ The following example shows the container used for a deployment step which shows
 
 ### Tags
 
-| Tag        | Description                                                                                   | Base Image       | Docker CLI | OpenJDK | Size                                                                                                                             |
-|------------|-----------------------------------------------------------------------------------------------|------------------|------------|---------|----------------------------------------------------------------------------------------------------------------------------------|
-| latest     | Latest stable release (from `main` branch)                                                    | debian:11.3-slim | 20.10.17   | 17.0.4  | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/latest?style=flat-square)   |
-| unstable   | Latest unstable release (from `develop` branch)                                               | debian:11.3-slim | 20.10.17   | 17.0.4  | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/unstable?style=flat-square) |
-| 17.0.4.0   | [OpenJDK 17.0.4](https://foojay.io/java-17/?tab=component&version=17.0.4&quarter=072022)      | debian:11.3-slim | 20.10.17   | 17.0.4  | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/17.0.4.0?style=flat-square) |
+| Tag        | Description                                                                                   | Base Image       | Docker CLI | OpenJDK  | Size                                                                                                                             |
+|------------|-----------------------------------------------------------------------------------------------|------------------|------------|----------|----------------------------------------------------------------------------------------------------------------------------------|
+| latest     | Latest stable release (from `main` branch)                                                    | debian:11.5-slim | 20.10.21   | 17.0.4.1 | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/latest?style=flat-square)   |
+| unstable   | Latest unstable release (from `develop` branch)                                               | debian:11.5-slim | 20.10.21   | 17.0.4.1 | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/unstable?style=flat-square) |
+| 17.0.4.0   | [OpenJDK 17.0.4](https://foojay.io/java-17/?tab=component&version=17.0.4&quarter=072022)      | debian:11.3-slim | 20.10.17   | 17.0.4.0 | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/17.0.4.0?style=flat-square) |
+| 17.0.4.1   | [OpenJDK 17.0.4](https://foojay.io/java-17/?tab=component&version=17.0.4&quarter=072022)      | debian:11.5-slim | 20.10.21   | 17.0.4.1 | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/swissgrc/azure-pipelines-openjdk/17.0.4.1?style=flat-square) |
 
 ### Configuration
 
 These environment variables are supported:
 
 | Environment variable   | Default value        | Description                                                      |
 |------------------------|----------------------|------------------------------------------------------------------|
-| DOCKERCLI_VERSION      | `20.10.17`           | Version of Docker CLI installed in the image.                    |
-| OPENJDK_VERSION        | `17.0.4.0.0+8`       | Version of Eclipse Temurin OpenJDK installed in the image.       |
+| DOCKERCLI_VERSION      | `20.10.21`           | Version of Docker CLI installed in the image.                    |
+| OPENJDK_VERSION        | `17.0.4.1.0+1`       | Version of Eclipse Temurin OpenJDK installed in the image.       |
 | CACERTIFICATES_VERSION | `20210119`           | Version of `ca-certificates` package used to install components. |
-| CURL_VERSION           | `7.74.0-1.3+deb11u2` | Version of `curl` package used to install components.            |
+| CURL_VERSION           | `7.74.0-1.3+deb11u3` | Version of `curl` package used to install components.            |
 | LSBRELEASE_VERSION     | `11.1.0`             | Version of `lsb-release` package used to install components.     |
 | GNUPG_VERSION          | `2.2.27-2+deb11u2`   | Version of `gnupg` package used to install components.           |