diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 96c5b33f..7daa1731 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -17,8 +17,12 @@ jobs: docker_pipeline: needs: ["lint_test"] - uses: babylonlabs-io/.github/.github/workflows/reusable_docker_pipeline.yml@v0.6.0 + uses: babylonlabs-io/.github/.github/workflows/reusable_docker_pipeline.yml@v0.10.2 secrets: inherit with: publish: true - dockerfile: ./contrib/images/staking-api-service/Dockerfile \ No newline at end of file + dockerfile: ./contrib/images/staking-api-service/Dockerfile + docker_scan: true + permissions: + security-events: write + packages: read \ No newline at end of file diff --git a/contrib/images/staking-api-service/Dockerfile b/contrib/images/staking-api-service/Dockerfile index b737632f..433b7c22 100644 --- a/contrib/images/staking-api-service/Dockerfile +++ b/contrib/images/staking-api-service/Dockerfile @@ -1,7 +1,7 @@ -FROM golang:1.22.3-alpine AS builder +FROM golang:1.23-alpine AS builder ARG VERSION="HEAD" - +# hadolint ignore=DL3018 RUN apk add --no-cache \ make \ git \ @@ -12,7 +12,7 @@ RUN apk add --no-cache \ alpine-sdk \ libsodium-dev \ libsodium-static \ - openssh + openssh && rm -rf /var/cache/apk/* # Build WORKDIR /go/src/github.com/babylonlabs-io/staking-api-service @@ -31,10 +31,11 @@ RUN LDFLAGS='-extldflags "-static" -v' \ make build # Final minimal image with binary only -FROM alpine:3.16 as run +FROM alpine:3.20 as run RUN addgroup --gid 1138 -S staking-api-service && adduser --uid 1138 -S staking-api-service -G staking-api-service -RUN apk add bash curl jq +# hadolint ignore=DL3018 +RUN apk add --no-cache bash curl jq && rm -rf /var/cache/apk/* # Label should match your github repo LABEL org.opencontainers.image.source="https://github.com/babylonlabs-io/staking-api-service:${VERSION}" diff --git a/go.mod b/go.mod index d1e1e9ec..d1d1941e 100644 --- a/go.mod +++ b/go.mod @@ -224,7 +224,7 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/pelletier/go-toml/v2 v2.2.0 // indirect github.com/prometheus/client_golang v1.19.0 - github.com/rs/cors v1.10.1 + github.com/rs/cors v1.11.0 github.com/rs/zerolog v1.32.0 github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect diff --git a/go.sum b/go.sum index 68d8e553..1327ff68 100644 --- a/go.sum +++ b/go.sum @@ -1011,6 +1011,8 @@ github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.10.1 h1:L0uuZVXIKlI1SShY2nhFfo44TYvDPQ1w4oFkUJNfhyo= github.com/rs/cors v1.10.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= +github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po= +github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.32.0 h1:keLypqrlIjaFsbmJOBdB/qvyF8KEtCWHwobLp5l/mQ0= github.com/rs/zerolog v1.32.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=