Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sync: deps: update dependency anchore/syft to v1.18.0 #76

Closed
Closed
Changes from 1 commit
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
6043b39
Remove unwanted CI setup
Jun 10, 2024
069e6b8
Apply Red Hat specific modifications
Jun 10, 2024
4b8fb8d
Copy Tekton pipelines from 'redhat-latest' branch
Jun 10, 2024
78fe046
Merge pull request #64 from redhat-appstudio/downstream/renovate/anch…
chmeliik Jun 10, 2024
49c9102
deps: update konflux references
red-hat-konflux[bot] Jun 25, 2024
1e024d8
Merge pull request #69 from redhat-appstudio/konflux/references/redha…
chmeliik Jun 28, 2024
5086b8b
sync: deps: update registry.access.redhat.com/ubi9/ubi-micro docker t…
Jun 28, 2024
14eb6f7
Merge pull request #73 from redhat-appstudio/downstream/renovate/base…
chmeliik Jun 28, 2024
617ddfd
deps: update konflux references
red-hat-konflux[bot] Jun 28, 2024
d0363c5
Upload Snyk results to snyk.io
chmeliik Jul 3, 2024
25ae378
Merge pull request #80 from redhat-appstudio/upload-snyk-results
chmeliik Jul 3, 2024
c9525ab
Format Tekton PipelineRun files
ccronca Jul 15, 2024
f2ca45c
Upload SAST results to quay.io
ccronca Jul 15, 2024
63c6f6b
Merge pull request #83 from ccronca/update-sast-snyk-check
chmeliik Jul 17, 2024
326bf68
Merge pull request #79 from redhat-appstudio/konflux/references/redha…
chmeliik Jul 17, 2024
c6bb9d4
deps: update konflux references
red-hat-konflux[bot] Jul 17, 2024
0ff04ad
Merge pull request #84 from redhat-appstudio/konflux/references/redha…
chmeliik Jul 18, 2024
89afe3d
deps: update konflux references to 2e49aec
red-hat-konflux[bot] Jul 18, 2024
64995bb
Merge pull request #85 from redhat-appstudio/konflux/references/konfl…
chmeliik Jul 19, 2024
c258997
deps: update konflux references to v0.2
red-hat-konflux[bot] Jul 19, 2024
1b57bcc
Apply buildah/0.2 migration
chmeliik Jul 22, 2024
7e5b82a
Merge pull request #86 from redhat-appstudio/konflux/references/konfl…
chmeliik Jul 22, 2024
9d2f119
deps: update konflux references to 1fd10a7
red-hat-konflux[bot] Jul 22, 2024
e9cc611
Merge pull request #87 from redhat-appstudio/konflux/references/konfl…
chmeliik Jul 22, 2024
c47e986
sync: deps: update registry.access.redhat.com/ubi9/ubi-micro docker t…
Jul 24, 2024
84695b3
deps: update konflux references
red-hat-konflux[bot] Jul 25, 2024
4b3bae2
Merge pull request #91 from redhat-appstudio/downstream/renovate/base…
chmeliik Jul 26, 2024
6836e21
Merge pull request #89 from redhat-appstudio/konflux/references/redha…
chmeliik Jul 26, 2024
bc877c0
deps: update konflux references
red-hat-konflux[bot] Aug 5, 2024
831e3fd
Merge pull request #92 from redhat-appstudio/konflux/references/redha…
chmeliik Aug 5, 2024
14310cc
fix(KONFLUX-3663): format Tekton PipelineRun files
ccronca Aug 14, 2024
6231499
fix(KONFLUX-3663): upload SAST results to quay.io
ccronca Aug 14, 2024
369cf7f
deps: update konflux references
red-hat-konflux[bot] Aug 22, 2024
5bd5061
Merge pull request #93 from redhat-appstudio/konflux/references/redha…
chmeliik Aug 26, 2024
bccafed
sync: deps: update registry.access.redhat.com/ubi9/ubi-micro docker t…
Sep 16, 2024
c7bdab9
Merge pull request #99 from redhat-appstudio/downstream/renovate/base…
chmeliik Sep 16, 2024
7413fde
deps: update konflux references
red-hat-konflux[bot] Oct 4, 2024
e0e3a74
Merge pull request #96 from redhat-appstudio/konflux/references/redha…
chmeliik Oct 8, 2024
c8a0a25
Merge pull request #94 from ccronca/update-sast-snyk-check-redhat-latest
chmeliik Oct 10, 2024
6d50771
deps: update konflux references
red-hat-konflux[bot] Jan 11, 2025
15ce660
.tekton/*: apply migration for buildah/0.3
chmeliik Jan 13, 2025
2069737
Merge pull request #100 from redhat-appstudio/konflux/references/redh…
mmorhun Jan 13, 2025
c1f19c7
Remove unwanted CI setup
Jan 13, 2025
77b034a
Remove fluff to avoid SAST false positives
Jan 13, 2025
a97d310
Apply Red Hat specific modifications
Jan 13, 2025
8343dc2
Copy Tekton pipelines from 'redhat-latest' branch
Jan 13, 2025
48e3d50
Merge branch 'redhat-latest' into downstream/renovate/anchore-syft-1.x
mmorhun Jan 13, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Apply Red Hat specific modifications
Signed-off-by: downstream-sync <[email protected]>
downstream-sync committed Jun 10, 2024
commit 069e6b80ab61fa51eb58417c3d8719b7ea072fc6
2 changes: 2 additions & 0 deletions .syft/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
exclude:
- "**/test-fixtures"
52 changes: 33 additions & 19 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,29 +1,43 @@
FROM gcr.io/distroless/static-debian11:debug@sha256:a0a404776dec98be120089ae42bbdfbe48c177921d856937d124d48eb8c0b951 AS build
FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.21 AS build

FROM scratch
# needed for version check HTTPS request
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
WORKDIR /src/syft

# openshift-golang-builder sets GOFLAGS=-mod=vendor, unset it (we don't vendor dependencies)
ENV GOFLAGS=""

COPY go.mod go.sum .
RUN go mod download

COPY . .
RUN ./build-syft-binary.sh

FROM registry.access.redhat.com/ubi9/ubi-micro:9.4-6.1716471860@sha256:1c8483e0fda0e990175eb9855a5f15e0910d2038dd397d9e2b357630f0321e6d

ENV SYFT_CHECK_FOR_APP_UPDATE=false

# create the /tmp dir, which is needed for image content cache
WORKDIR /tmp

COPY syft /

ARG BUILD_DATE
ARG BUILD_VERSION
ARG VCS_REF
ARG VCS_URL
COPY --from=build /src/syft/dist/syft /usr/local/bin/syft

LABEL org.opencontainers.image.created=$BUILD_DATE
LABEL org.opencontainers.image.title="syft"
LABEL org.opencontainers.image.description="CLI tool and library for generating a Software Bill of Materials from container images and filesystems"
LABEL org.opencontainers.image.source=$VCS_URL
LABEL org.opencontainers.image.revision=$VCS_REF
LABEL org.opencontainers.image.vendor="Anchore, Inc."
LABEL org.opencontainers.image.version=$BUILD_VERSION
LABEL org.opencontainers.image.vendor="Red Hat, Inc."
LABEL org.opencontainers.image.licenses="Apache-2.0"
LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/anchore/syft/main/README.md"
LABEL io.artifacthub.package.logo-url="https://user-images.githubusercontent.com/5199289/136844524-1527b09f-c5cb-4aa9-be54-5aa92a6086c1.png"
LABEL io.artifacthub.package.license="Apache-2.0"

ENTRYPOINT ["/syft"]
# required per https://github.com/release-engineering/rhtap-ec-policy/blob/main/data/rule_data.yml
# TODO: set up in Bugzilla
LABEL com.redhat.component="syft"
LABEL version="1.5.0"
# TODO: document the need to bump this on every re-release of the same version
LABEL release="1"
LABEL name="syft"
LABEL io.k8s.display-name="syft"
LABEL summary="syft"
LABEL description="CLI tool and library for generating a Software Bill of Materials from container images and filesystems"
LABEL io.k8s.description="CLI tool and library for generating a Software Bill of Materials from container images and filesystems"
LABEL vendor="Red Hat, Inc."
LABEL url="https://github.com/redhat-appstudio/rh-syft"
LABEL distribution-scope="public"

ENTRYPOINT ["/usr/local/bin/syft"]
32 changes: 32 additions & 0 deletions build-syft-binary.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#!/usr/bin/env bash
set -o errexit -o nounset -o pipefail

# Roughly replicate goreleaser templating: https://goreleaser.com/customization/templates/.
# Needed for passing version information to the Syft build (see the upstream .goreleaser.yaml).

get_version() {
local version
version=$(git describe --tags --abbrev=0)
# TODO: should we indicate the Red Hat patches in the version?
# TODO: how to version re-releases of past versions?
echo "${version#v}" # strip the 'v' prefix
}

version=$(get_version)
full_commit=$(git rev-parse HEAD)
date="$(date --utc --iso-8601=seconds | cut -d '+' -f 1)Z" # yyyy-mm-ddThh:mm:ssZ
summary=$(git describe --dirty --always --tags)

# command based on .goreleaser.yaml configuration
CGO_ENABLED=0 go build -ldflags "
-w
-s
-extldflags '-static'
-X main.version=$version
-X main.gitCommit=$full_commit
-X main.buildDate=$date
-X main.gitDescription=$summary
" -o dist/syft ./cmd/syft

echo "--- output path: dist/syft ---"
dist/syft version