From bcce44f8be5e7ba6cfd97b275a6ec1e1a18418a0 Mon Sep 17 00:00:00 2001 From: mvsnogueira-dnx <68834137+mvsnogueira-dnx@users.noreply.github.com> Date: Tue, 15 Jul 2025 16:46:10 +1000 Subject: [PATCH 1/6] Adding version 3.12 support, remove support to deprecated versions, update FROM image, Upgrade to nodejs 20x --- .github/workflows/security.yml | 2 +- 3.10/Dockerfile | 27 ++++++++------ 3.11/Dockerfile | 27 ++++++++------ 3.12/Dockerfile | 29 +++++++++++++++ 3.6/Dockerfile | 24 ------------- 3.7/Dockerfile | 24 ------------- 3.8/Dockerfile | 24 ------------- 3.8/hadolint.yaml | 4 --- 3.9/Dockerfile | 27 ++++++++------ Makefile | 43 +++++++---------------- test/build-images.sh | 64 ++++++++++++++++++---------------- 11 files changed, 123 insertions(+), 172 deletions(-) create mode 100644 3.12/Dockerfile delete mode 100644 3.6/Dockerfile delete mode 100644 3.7/Dockerfile delete mode 100644 3.8/Dockerfile delete mode 100644 3.8/hadolint.yaml diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index dc51a25..b068f0d 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -16,7 +16,7 @@ jobs: run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA} - name: Build the Docker image - run: docker build . --file ./3.8/Dockerfile --tag docker-terraform:${{ steps.vars.outputs.docker_tag }} + run: docker build . --file ./3.9/Dockerfile --tag docker-terraform:${{ steps.vars.outputs.docker_tag }} - name: Scan with Phonito Security uses: phonito/phonito-scanner-action@master diff --git a/3.10/Dockerfile b/3.10/Dockerfile index 0c20298..e5ce12e 100644 --- a/3.10/Dockerfile +++ b/3.10/Dockerfile @@ -1,23 +1,28 @@ -FROM python:3.10-slim-buster +FROM python:3.10-slim-bookworm RUN apt-get update && \ apt-get install -y \ - wget=1.20.1-1.1 \ - zip=3.0-11+b1 \ - unzip=6.0-23+deb10u2 \ - git=1:2.20.1-2+deb10u3 \ + wget \ + zip \ + unzip \ + git \ curl \ - npm=5.8.0+ds6-4+deb10u2 && \ + ca-certificates \ + gnupg && \ pip3 install --no-cache-dir --upgrade pip==23.3.1 && \ - npm install npm@7.0 -g && \ - npm install -g serverless@3.36.0 && \ - npm install -g serverless-compose@2.4.0 &&\ apt-get -q -y clean && \ rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 -RUN curl -sL https://deb.nodesource.com/setup_18.x | bash -RUN apt-get install -y nodejs +RUN mkdir -p /etc/apt/keyrings && \ + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ + echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ + apt-get update && \ + apt-get install -y nodejs && \ + npm install -g serverless@3.36.0 && \ + npm install -g serverless-compose@2.4.0 && \ + apt-get -q -y clean && \ + rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* WORKDIR /work diff --git a/3.11/Dockerfile b/3.11/Dockerfile index 9a5ab62..9b3923b 100644 --- a/3.11/Dockerfile +++ b/3.11/Dockerfile @@ -1,23 +1,28 @@ -FROM python:3.11-slim-buster +FROM python:3.11-slim-bookworm RUN apt-get update && \ apt-get install -y \ - wget=1.20.1-1.1 \ - zip=3.0-11+b1 \ - unzip=6.0-23+deb10u2 \ - git=1:2.20.1-2+deb10u3 \ + wget \ + zip \ + unzip \ + git \ curl \ - npm=5.8.0+ds6-4+deb10u2 && \ + ca-certificates \ + gnupg && \ pip3 install --no-cache-dir --upgrade pip==23.3.1 && \ - npm install npm@7.0 -g && \ - npm install -g serverless@3.36.0 && \ - npm install -g serverless-compose@2.4.0 &&\ apt-get -q -y clean && \ rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 -RUN curl -sL https://deb.nodesource.com/setup_18.x | bash -RUN apt-get install -y nodejs +RUN mkdir -p /etc/apt/keyrings && \ + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ + echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ + apt-get update && \ + apt-get install -y nodejs && \ + npm install -g serverless@3.36.0 && \ + npm install -g serverless-compose@2.4.0 && \ + apt-get -q -y clean && \ + rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* WORKDIR /work diff --git a/3.12/Dockerfile b/3.12/Dockerfile new file mode 100644 index 0000000..778a95d --- /dev/null +++ b/3.12/Dockerfile @@ -0,0 +1,29 @@ +FROM python:3.12-slim-bookworm + +RUN apt-get update && \ + apt-get install -y \ + wget \ + zip \ + unzip \ + git \ + curl \ + ca-certificates \ + gnupg && \ + pip3 install --no-cache-dir --upgrade pip==23.3.1 && \ + apt-get -q -y clean && \ + rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* + +ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 +RUN mkdir -p /etc/apt/keyrings && \ + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ + echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ + apt-get update && \ + apt-get install -y nodejs && \ + npm install -g serverless@3.36.0 && \ + npm install -g serverless-compose@2.4.0 && \ + apt-get -q -y clean && \ + rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* + +WORKDIR /work + +ENTRYPOINT ["/bin/sh"] diff --git a/3.6/Dockerfile b/3.6/Dockerfile deleted file mode 100644 index b6baecf..0000000 --- a/3.6/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM python:3.6-slim-buster - -RUN apt-get update && \ - apt-get install -y \ - wget=1.20.1-1.1 \ - zip=3.0-11+b1 \ - unzip=6.0-23+deb10u2 \ - git=1:2.20.1-2+deb10u3 \ - curl \ - npm=5.8.0+ds6-4+deb10u2 && \ - pip3 install --no-cache-dir --upgrade pip==20.1.1 && \ - npm install npm@7.0.0 -g && \ - npm install -g serverless@3.36.0 && \ - npm install -g serverless-compose@2.4.0 &&\ - apt-get -q -y clean && \ - rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* - -ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 -RUN curl -sL https://deb.nodesource.com/setup_18.x | bash -RUN apt-get install -y nodejs - -WORKDIR /work - -ENTRYPOINT ["/bin/sh"] diff --git a/3.7/Dockerfile b/3.7/Dockerfile deleted file mode 100644 index 19750b0..0000000 --- a/3.7/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM python:3.7-slim-buster - -RUN apt-get update && \ - apt-get install -y \ - wget=1.20.1-1.1 \ - zip=3.0-11+b1 \ - unzip=6.0-23+deb10u2 \ - git=1:2.20.1-2+deb10u3 \ - curl \ - npm=5.8.0+ds6-4+deb10u2 && \ - pip3 install --no-cache-dir --upgrade pip==20.1.1 && \ - npm install npm@7.0.0 -g && \ - npm install -g serverless@3.36.0 && \ - npm install -g serverless-compose@2.4.0 &&\ - apt-get -q -y clean && \ - rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* - -ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 -RUN curl -sL https://deb.nodesource.com/setup_18.x | bash -RUN apt-get install -y nodejs - -WORKDIR /work - -ENTRYPOINT ["/bin/sh"] diff --git a/3.8/Dockerfile b/3.8/Dockerfile deleted file mode 100644 index 87cb2c6..0000000 --- a/3.8/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM python:3.8-slim-buster - -RUN apt-get update && \ - apt-get install -y \ - wget=1.20.1-1.1 \ - zip=3.0-11+b1 \ - unzip=6.0-23+deb10u2 \ - git=1:2.20.1-2+deb10u3 \ - curl \ - npm=5.8.0+ds6-4+deb10u2 && \ - pip3 install --no-cache-dir --upgrade pip==20.1.1 && \ - npm install npm@7.0.0 -g && \ - npm install -g serverless@3.36.0 && \ - npm install -g serverless-compose@2.4.0 &&\ - apt-get -q -y clean && \ - rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* - -ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 -RUN curl -sL https://deb.nodesource.com/setup_18.x | bash -RUN apt-get install -y nodejs - -WORKDIR /work - -ENTRYPOINT ["/bin/sh"] diff --git a/3.8/hadolint.yaml b/3.8/hadolint.yaml deleted file mode 100644 index 0c6074f..0000000 --- a/3.8/hadolint.yaml +++ /dev/null @@ -1,4 +0,0 @@ -ignored: - - DL3008 - - DL3015 - - DL4006 \ No newline at end of file diff --git a/3.9/Dockerfile b/3.9/Dockerfile index 3dccac3..d87e757 100644 --- a/3.9/Dockerfile +++ b/3.9/Dockerfile @@ -1,23 +1,28 @@ -FROM python:3.9-slim-buster +FROM python:3.9-slim-bookworm RUN apt-get update && \ apt-get install -y \ - wget=1.20.1-1.1 \ - zip=3.0-11+b1 \ - unzip=6.0-23+deb10u2 \ - git=1:2.20.1-2+deb10u3 \ + wget \ + zip \ + unzip \ + git \ curl \ - npm=5.8.0+ds6-4+deb10u2 && \ + ca-certificates \ + gnupg && \ pip3 install --no-cache-dir --upgrade pip==23.3.1 && \ - npm install npm@7.0.0 -g && \ - npm install -g serverless@3.36.0 && \ - npm install -g serverless-compose@2.4.0 &&\ apt-get -q -y clean && \ rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 -RUN curl -sL https://deb.nodesource.com/setup_18.x | bash -RUN apt-get install -y nodejs +RUN mkdir -p /etc/apt/keyrings && \ + curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ + echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ + apt-get update && \ + apt-get install -y nodejs && \ + npm install -g serverless@3.36.0 && \ + npm install -g serverless-compose@2.4.0 && \ + apt-get -q -y clean && \ + rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* WORKDIR /work diff --git a/Makefile b/Makefile index 2ffb99f..d99ce1f 100644 --- a/Makefile +++ b/Makefile @@ -2,54 +2,32 @@ build: echo "Build specific tag/release" - # Python 3.6 - docker build \ - --build-arg base_image=python:3.6-slim \ - -t ${REPO}:3.6-${IMAGE_TAG} \ - ./3.6/. - - # Python 3.7 - docker build \ - --build-arg base_image=python:3.7-slim \ - -t ${REPO}:3.7-${IMAGE_TAG} \ - ./3.7/. - - # Python 3.8 - docker build \ - --build-arg base_image=python:3.8-slim \ - -t ${REPO}:3.8-${IMAGE_TAG} \ - ./3.8/. - # Python 3.9 docker build \ - --build-arg base_image=python:3.9-slim \ + --build-arg base_image=python:3.9-slim-bookworm \ -t ${REPO}:3.9-${IMAGE_TAG} \ ./3.9/. # Python 3.10 docker build \ - --build-arg base_image=python:3.10-slim \ + --build-arg base_image=python:3.10-slim-bookworm \ -t ${REPO}:3.10-${IMAGE_TAG} \ ./3.10/. # Python 3.11 docker build \ - --build-arg base_image=python:3.11-slim \ + --build-arg base_image=python:3.11-slim-bookworm \ -t ${REPO}:3.11-${IMAGE_TAG} \ ./3.11/. + # Python 3.12 + docker build \ + --build-arg base_image=python:3.12-slim-bookworm \ + -t ${REPO}:3.12-${IMAGE_TAG} \ + ./3.12/. push: echo "Push specific tag/release" - # Python 3.6 - docker push ${REPO}:3.6-${IMAGE_TAG} - - # Python 3.7 - docker push ${REPO}:3.7-${IMAGE_TAG} - - # Python 3.8 - docker push ${REPO}:3.8-${IMAGE_TAG} - # Python 3.9 docker push ${REPO}:3.9-${IMAGE_TAG} @@ -57,4 +35,7 @@ push: docker push ${REPO}:3.10-${IMAGE_TAG} # Python 3.11 - docker push ${REPO}:3.11-${IMAGE_TAG} \ No newline at end of file + docker push ${REPO}:3.11-${IMAGE_TAG} + + # Python 3.12 + docker push ${REPO}:3.12-${IMAGE_TAG} \ No newline at end of file diff --git a/test/build-images.sh b/test/build-images.sh index 625fb9f..8eca229 100755 --- a/test/build-images.sh +++ b/test/build-images.sh @@ -2,36 +2,38 @@ set -ex DOCKER_REPO=dnxsolutions/serverless-python -DOCKER_TAG=dnx-local +DOCKER_TAG=${DOCKER_TAG:-dnx-local} IMAGE_NAME=${DOCKER_REPO}:${DOCKER_TAG} -if [ ${DOCKER_TAG} != "latest" ] -then - echo "Build specific tag/release" - - # Python 3.6 - docker build \ - -f ../3.6/Dockerfile \ - -t ${DOCKER_REPO}:3.6-${DOCKER_TAG} \ - . - - # Python 3.7 - docker build \ - -f ../3.7/Dockerfile \ - -t ${DOCKER_REPO}:3.7-${DOCKER_TAG} \ - . - - # Python 3.8 - docker build \ - -f ../3.8/Dockerfile \ - -t ${DOCKER_REPO}:3.8-${DOCKER_TAG} \ - . -else - echo "Build latest" - - # Python 3.8 - docker build \ - -f ../3.8/Dockerfile \ - -t ${IMAGE_NAME} \ - . -fi \ No newline at end of file +echo "Building Docker images with tag: ${DOCKER_TAG}" + +# Build all Python versions +echo "Building Python 3.9..." +docker build \ + -f ../3.9/Dockerfile \ + -t ${DOCKER_REPO}:3.9-${DOCKER_TAG} \ + .. + +echo "Building Python 3.10..." +docker build \ + -f ../3.10/Dockerfile \ + -t ${DOCKER_REPO}:3.10-${DOCKER_TAG} \ + .. + +echo "Building Python 3.11..." +docker build \ + -f ../3.11/Dockerfile \ + -t ${DOCKER_REPO}:3.11-${DOCKER_TAG} \ + .. + +echo "Building Python 3.12..." +docker build \ + -f ../3.12/Dockerfile \ + -t ${DOCKER_REPO}:3.12-${DOCKER_TAG} \ + .. + +echo "All builds completed successfully!" + +# List the built images +echo "Built images:" +docker images | grep ${DOCKER_REPO} | grep ${DOCKER_TAG} From 99ace17f511c2e934101ca7e3f6f73d80f1a400b Mon Sep 17 00:00:00 2001 From: mvsnogueira-dnx <68834137+mvsnogueira-dnx@users.noreply.github.com> Date: Tue, 15 Jul 2025 16:50:46 +1000 Subject: [PATCH 2/6] Updating dockerfile --- 3.10/Dockerfile | 1 - 3.11/Dockerfile | 1 - 3.12/Dockerfile | 1 - 3.9/Dockerfile | 1 - 4 files changed, 4 deletions(-) diff --git a/3.10/Dockerfile b/3.10/Dockerfile index e5ce12e..5758d3f 100644 --- a/3.10/Dockerfile +++ b/3.10/Dockerfile @@ -13,7 +13,6 @@ RUN apt-get update && \ apt-get -q -y clean && \ rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* -ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 RUN mkdir -p /etc/apt/keyrings && \ curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ diff --git a/3.11/Dockerfile b/3.11/Dockerfile index 9b3923b..1176f17 100644 --- a/3.11/Dockerfile +++ b/3.11/Dockerfile @@ -13,7 +13,6 @@ RUN apt-get update && \ apt-get -q -y clean && \ rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* -ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 RUN mkdir -p /etc/apt/keyrings && \ curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ diff --git a/3.12/Dockerfile b/3.12/Dockerfile index 778a95d..82c1677 100644 --- a/3.12/Dockerfile +++ b/3.12/Dockerfile @@ -13,7 +13,6 @@ RUN apt-get update && \ apt-get -q -y clean && \ rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* -ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 RUN mkdir -p /etc/apt/keyrings && \ curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ diff --git a/3.9/Dockerfile b/3.9/Dockerfile index d87e757..4750906 100644 --- a/3.9/Dockerfile +++ b/3.9/Dockerfile @@ -13,7 +13,6 @@ RUN apt-get update && \ apt-get -q -y clean && \ rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* -ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 RUN mkdir -p /etc/apt/keyrings && \ curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ From 999d2572dc51a91de07a908149f25cc202bed1a7 Mon Sep 17 00:00:00 2001 From: mvsnogueira-dnx <68834137+mvsnogueira-dnx@users.noreply.github.com> Date: Tue, 15 Jul 2025 16:53:36 +1000 Subject: [PATCH 3/6] Updating dockerfile --- .github/workflows/security.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index b068f0d..6dcb182 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -9,17 +9,18 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v4 - name: Set tag var id: vars - run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA} + run: echo "docker_tag=$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA}" >> $GITHUB_OUTPUT - name: Build the Docker image - run: docker build . --file ./3.9/Dockerfile --tag docker-terraform:${{ steps.vars.outputs.docker_tag }} + run: docker build . --file ./3.12/Dockerfile --tag serverless-python:${{ steps.vars.outputs.docker_tag }} - name: Scan with Phonito Security uses: phonito/phonito-scanner-action@master with: - image: docker-terraform:${{ steps.vars.outputs.docker_tag }} - phonito-token: ${{ secrets.PHONITO_TOKEN }} \ No newline at end of file + image: serverless-python:${{ steps.vars.outputs.docker_tag }} + phonito-token: ${{ secrets.PHONITO_TOKEN }} + fail-level: HIGH From d0f9a2d8cacdb1d659ab016b7db4dacf938d9076 Mon Sep 17 00:00:00 2001 From: mvsnogueira-dnx <68834137+mvsnogueira-dnx@users.noreply.github.com> Date: Tue, 15 Jul 2025 16:55:43 +1000 Subject: [PATCH 4/6] Updating dockerfile --- .github/workflows/security.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 6dcb182..2ca3d54 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -18,9 +18,15 @@ jobs: - name: Build the Docker image run: docker build . --file ./3.12/Dockerfile --tag serverless-python:${{ steps.vars.outputs.docker_tag }} - - name: Scan with Phonito Security - uses: phonito/phonito-scanner-action@master + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master with: - image: serverless-python:${{ steps.vars.outputs.docker_tag }} - phonito-token: ${{ secrets.PHONITO_TOKEN }} - fail-level: HIGH + image-ref: serverless-python:${{ steps.vars.outputs.docker_tag }} + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + if: always() + with: + sarif_file: 'trivy-results.sarif' From 66d0106646e625dffc7dae12814cbe499caf61d9 Mon Sep 17 00:00:00 2001 From: mvsnogueira-dnx <68834137+mvsnogueira-dnx@users.noreply.github.com> Date: Tue, 15 Jul 2025 16:58:57 +1000 Subject: [PATCH 5/6] Updating dockerfile --- .github/workflows/security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 2ca3d54..ee12927 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -26,7 +26,7 @@ jobs: output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: 'trivy-results.sarif' From 9f9dbbc54199f1954d00ace6d18305c1e5f2af92 Mon Sep 17 00:00:00 2001 From: mvsnogueira-dnx <68834137+mvsnogueira-dnx@users.noreply.github.com> Date: Tue, 15 Jul 2025 17:01:20 +1000 Subject: [PATCH 6/6] Upgrading pip version --- 3.10/Dockerfile | 2 +- 3.11/Dockerfile | 2 +- 3.12/Dockerfile | 2 +- 3.9/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/3.10/Dockerfile b/3.10/Dockerfile index 5758d3f..095885a 100644 --- a/3.10/Dockerfile +++ b/3.10/Dockerfile @@ -9,7 +9,7 @@ RUN apt-get update && \ curl \ ca-certificates \ gnupg && \ - pip3 install --no-cache-dir --upgrade pip==23.3.1 && \ + pip3 install --no-cache-dir --upgrade pip==25.1.1 && \ apt-get -q -y clean && \ rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* diff --git a/3.11/Dockerfile b/3.11/Dockerfile index 1176f17..806dde4 100644 --- a/3.11/Dockerfile +++ b/3.11/Dockerfile @@ -9,7 +9,7 @@ RUN apt-get update && \ curl \ ca-certificates \ gnupg && \ - pip3 install --no-cache-dir --upgrade pip==23.3.1 && \ + pip3 install --no-cache-dir --upgrade pip==25.1.1 && \ apt-get -q -y clean && \ rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* diff --git a/3.12/Dockerfile b/3.12/Dockerfile index 82c1677..23c837f 100644 --- a/3.12/Dockerfile +++ b/3.12/Dockerfile @@ -9,7 +9,7 @@ RUN apt-get update && \ curl \ ca-certificates \ gnupg && \ - pip3 install --no-cache-dir --upgrade pip==23.3.1 && \ + pip3 install --no-cache-dir --upgrade pip==25.1.1 && \ apt-get -q -y clean && \ rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* diff --git a/3.9/Dockerfile b/3.9/Dockerfile index 4750906..604a343 100644 --- a/3.9/Dockerfile +++ b/3.9/Dockerfile @@ -9,7 +9,7 @@ RUN apt-get update && \ curl \ ca-certificates \ gnupg && \ - pip3 install --no-cache-dir --upgrade pip==23.3.1 && \ + pip3 install --no-cache-dir --upgrade pip==25.1.1 && \ apt-get -q -y clean && \ rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/*