docker/regclient
1
0
Fork 0
mirror of https://github.com/regclient/regclient.git synced 2025-04-18 22:44:00 +03:00
Code

Merge pull request #828 from sudo-bmitch/pr-update-20240929

Browse Source 
Version bump
This commit is contained in:
Brandon Mitchell 2024-09-29 21:11:08 -04:00 committed by GitHub
commit f314dce647
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 445 additions and 344 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/ci-registry.yml vendored
View File

@ -23,7 +23,7 @@ jobs:
steps:
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: "Set up Go ${{ env.RELEASE_GO_VER }}"
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2

6
.github/workflows/docker.yml vendored
View File

@ -33,7 +33,7 @@ jobs:
steps:
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Prepare
id: prep
@ -103,7 +103,7 @@ jobs:
password: ${{ secrets.GHCR_TOKEN }}
- name: Build
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
uses: docker/build-push-action@32945a339266b759abcbdc89316275140b0fc960 # v6.8.0
id: build
with:
context: .
@ -128,7 +128,7 @@ jobs:
uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
id: syft
with:
syft-version: "v1.12.2"
syft-version: "v1.13.0"
# Dogfooding, use regctl to modify regclient images to improve reproducibility
- name: Install regctl

4
.github/workflows/go.yml vendored
View File

@ -32,7 +32,7 @@ jobs:
steps:
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: "Set up Go ${{ matrix.gover }}"
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
@ -63,7 +63,7 @@ jobs:
uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
id: syft
with:
syft-version: "v1.12.2"
syft-version: "v1.13.0"
- name: Build artifacts
if: startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main'

4
.github/workflows/scorecard.yml vendored
View File

@ -20,7 +20,7 @@ jobs:
steps:
- name: "Checkout code"
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
@ -47,6 +47,6 @@ jobs:
# required for Code scanning alerts
- name: "Upload SARIF results to code scanning"
uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
with:
sarif_file: results.sarif

2
.github/workflows/version-check.yml vendored
View File

@ -15,7 +15,7 @@ jobs:
steps:
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Version Check
uses: docker://ghcr.io/sudo-bmitch/version-bump:edge
with:

2
.github/workflows/vulnscans.yml vendored
View File

@ -17,7 +17,7 @@ jobs:
steps:
- name: Check out code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: "Set up Go"
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2

87
.version-bump.lock
View File

@ -1,49 +1,56 @@
{"name":"gha-uses-semver","key":"actions/checkout","version":"v4.1.7"}
{"name":"docker-arg-alpine-digest","key":"docker.io/library/alpine:3.20.3","version":"sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d"}
{"name":"docker-arg-alpine-tag","key":"docker.io/library/alpine","version":"3.20.3"}
{"name":"docker-arg-ecr","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git:main","version":"e21b7a4e92d1ae1e61a04fe290bdc0aae5ccc27e"}
{"name":"docker-arg-gcr","key":"https://github.com/GoogleCloudPlatform/docker-credential-gcr.git","version":"v2.1.25"}
{"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.23.1-alpine","version":"sha256:ac67716dd016429be8d4c2c53a248d7bcdf06d34127d3dc451bda6aa5a87bc06"}
{"name":"docker-arg-go-tag","key":"docker.io/library/golang","version":"1.23.1"}
{"name":"docker-arg-lunajson","key":"https://github.com/grafi-tt/lunajson.git:master","version":"3d10600874527d71519b33ecbb314eb93ccd1df6"}
{"name":"docker-arg-semver","key":"https://github.com/kikito/semver.lua.git:master","version":"af495adc857d51fd1507a112be18523828a1da0d"}
{"name":"gha-alpine-digest","key":"docker.io/library/alpine:3.20.3","version":"sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d"}
{"name":"gha-alpine-tag-base","key":"docker.io/library/alpine","version":"3"}
{"name":"gha-alpine-tag-comment","key":"docker.io/library/alpine","version":"3.20.3"}
{"name":"gha-cosign-version","key":"https://github.com/sigstore/cosign.git","version":"v2.4.0"}
{"name":"gha-golang-matrix","key":"golang-matrix","version":"[\"1.21\", \"1.22\", \"1.23\"]"}
{"name":"gha-golang-release","key":"golang-latest","version":"1.23"}
{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.13.0"}
{"name":"gha-uses-commit","key":"actions/checkout:v4.2.0","version":"d632683dd7b4114ad314bca15554477dd762a938"}
{"name":"gha-uses-commit","key":"actions/setup-go:v5.0.2","version":"0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32"}
{"name":"gha-uses-commit","key":"actions/stale:v9.0.0","version":"28ca1036281a5e5922ead5184a1bbf96e5fc984e"}
{"name":"gha-uses-commit","key":"actions/upload-artifact:v4.4.0","version":"50769540e7f4bd5e21e526ee35c689e35e0d6874"}
{"name":"gha-uses-commit","key":"anchore/sbom-action:v0.17.2","version":"61119d458adab75f756bc0b9e4bde25725f86a7a"}
{"name":"gha-uses-commit","key":"docker/build-push-action:v6.8.0","version":"32945a339266b759abcbdc89316275140b0fc960"}
{"name":"gha-uses-commit","key":"docker/login-action:v3.3.0","version":"9780b0c442fbb1117ed29e0efdff1e18412f7567"}
{"name":"gha-uses-commit","key":"docker/setup-buildx-action:v3.6.1","version":"988b5a0280414f521da01fcc63a27aeeb4b104db"}
{"name":"gha-uses-commit","key":"github/codeql-action:v3.26.9","version":"461ef6c76dfe95d5c364de2f431ddbd31a417628"}
{"name":"gha-uses-commit","key":"ossf/scorecard-action:v2.4.0","version":"62b2cac7ed8198b15735ed49ab1e5cf35480ba46"}
{"name":"gha-uses-commit","key":"regclient/actions:main","version":"35bc5829dd3d37ace2717971f3151894b43bfabc"}
{"name":"gha-uses-commit","key":"sigstore/cosign-installer:v3.6.0","version":"4959ce089c160fddf62f7b42464195ba1a56d382"}
{"name":"gha-uses-commit","key":"softprops/action-gh-release:v2.0.8","version":"c062e08bd532815e2082a85e87e3ef29c3e6d191"}
{"name":"gha-uses-semver","key":"actions/checkout","version":"v4.2.0"}
{"name":"gha-uses-semver","key":"actions/setup-go","version":"v5.0.2"}
{"name":"gha-uses-semver","key":"actions/stale","version":"v9.0.0"}
{"name":"gha-uses-semver","key":"actions/upload-artifact","version":"v4.4.0"}
{"name":"gha-uses-semver","key":"anchore/sbom-action","version":"v0.17.2"}
{"name":"gha-uses-semver","key":"docker/build-push-action","version":"v6.7.0"}
{"name":"gha-uses-semver","key":"docker/build-push-action","version":"v6.8.0"}
{"name":"gha-uses-semver","key":"docker/login-action","version":"v3.3.0"}
{"name":"gha-uses-semver","key":"docker/setup-buildx-action","version":"v3.6.1"}
{"name":"gha-uses-semver","key":"github/codeql-action","version":"v3.26.8"}
{"name":"gha-uses-semver","key":"github/codeql-action","version":"v3.26.9"}
{"name":"gha-uses-semver","key":"ossf/scorecard-action","version":"v2.4.0"}
{"name":"gha-uses-semver","key":"sigstore/cosign-installer","version":"v3.6.0"}
{"name":"gha-uses-semver","key":"softprops/action-gh-release","version":"v2.0.8"}
{"name":"git-commit","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git:main","version":"e21b7a4e92d1ae1e61a04fe290bdc0aae5ccc27e"}
{"name":"git-commit","key":"https://github.com/grafi-tt/lunajson.git:master","version":"3d10600874527d71519b33ecbb314eb93ccd1df6"}
{"name":"git-commit","key":"https://github.com/kikito/semver.lua.git:master","version":"af495adc857d51fd1507a112be18523828a1da0d"}
{"name":"git-tag-semver","key":"github.com/GoogleCloudPlatform/docker-credential-gcr","version":"v2.1.25"}
{"name":"git-tag-semver","key":"github.com/dominikh/go-tools","version":"v0.5.1"}
{"name":"git-tag-semver","key":"github.com/google/osv-scanner","version":"v1.8.5"}
{"name":"git-tag-semver","key":"github.com/icholy/gomajor","version":"v0.13.2"}
{"name":"git-tag-semver","key":"github.com/securego/gosec","version":"v2.21.3"}
{"name":"git-tag-semver","key":"github.com/sigstore/cosign","version":"v2.4.0"}
{"name":"git-tag-semver","key":"go.googlesource.com/vuln","version":"v1.1.3"}
{"name":"github-commit-match","key":"actions/checkout:v4.1.7","version":"692973e3d937129bcbf40652eb9f2f61becf3332"}
{"name":"github-commit-match","key":"actions/setup-go:v5.0.2","version":"0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32"}
{"name":"github-commit-match","key":"actions/stale:v9.0.0","version":"28ca1036281a5e5922ead5184a1bbf96e5fc984e"}
{"name":"github-commit-match","key":"actions/upload-artifact:v4.4.0","version":"50769540e7f4bd5e21e526ee35c689e35e0d6874"}
{"name":"github-commit-match","key":"anchore/sbom-action:v0.17.2","version":"61119d458adab75f756bc0b9e4bde25725f86a7a"}
{"name":"github-commit-match","key":"docker/build-push-action:v6.7.0","version":"5cd11c3a4ced054e52742c5fd54dca954e0edd85"}
{"name":"github-commit-match","key":"docker/login-action:v3.3.0","version":"9780b0c442fbb1117ed29e0efdff1e18412f7567"}
{"name":"github-commit-match","key":"docker/setup-buildx-action:v3.6.1","version":"988b5a0280414f521da01fcc63a27aeeb4b104db"}
{"name":"github-commit-match","key":"github/codeql-action:v3.26.8","version":"294a9d92911152fe08befb9ec03e240add280cb3"}
{"name":"github-commit-match","key":"ossf/scorecard-action:v2.4.0","version":"62b2cac7ed8198b15735ed49ab1e5cf35480ba46"}
{"name":"github-commit-match","key":"regclient/actions:main","version":"35bc5829dd3d37ace2717971f3151894b43bfabc"}
{"name":"github-commit-match","key":"sigstore/cosign-installer:v3.6.0","version":"4959ce089c160fddf62f7b42464195ba1a56d382"}
{"name":"github-commit-match","key":"softprops/action-gh-release:v2.0.8","version":"c062e08bd532815e2082a85e87e3ef29c3e6d191"}
{"name":"registry-digest-arg-match","key":"docker.io/library/alpine:3.20.3","version":"sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d"}
{"name":"registry-digest-arg-match","key":"docker.io/library/golang:1.23.1-alpine","version":"sha256:ac67716dd016429be8d4c2c53a248d7bcdf06d34127d3dc451bda6aa5a87bc06"}
{"name":"registry-digest-match","key":"anchore/syft:v1.12.2","version":"sha256:ffccbc4bf4a3582b7c1d962e0359154f24b70f1810680b5b153f1f5907b2a2ab"}
{"name":"registry-golang-latest","key":"golang-latest","version":"1.23"}
{"name":"registry-golang-matrix","key":"golang-matrix","version":"[\"1.21\", \"1.22\", \"1.23\"]"}
{"name":"registry-golang-oldest","key":"golang-oldest","version":"1.21"}
{"name":"registry-tag-arg-semver","key":"anchore/syft","version":"v1.12.2"}
{"name":"registry-tag-arg-semver","key":"davidanson/markdownlint-cli2","version":"v0.14.0"}
{"name":"registry-tag-arg-semver","key":"docker.io/library/alpine","version":"3.20.3"}
{"name":"registry-tag-arg-semver","key":"docker.io/library/golang","version":"1.23.1"}
{"name":"registry-tag-arg-semver","key":"docker.io/library/registry","version":"2.8.3"}
{"name":"registry-tag-arg-semver","key":"ghcr.io/project-zot/zot-linux-amd64","version":"v2.1.1"}
{"name":"registry-tag-arg-semver-major","key":"docker.io/library/alpine","version":"3"}
{"name":"registry-tag-match-semver","key":"anchore/syft","version":"v1.12.2"}
{"name":"go-mod-golang-release","key":"golang-oldest","version":"1.21"}
{"name":"makefile-ci-distribution","key":"docker.io/library/registry","version":"2.8.3"}
{"name":"makefile-ci-zot","key":"ghcr.io/project-zot/zot-linux-amd64","version":"v2.1.1"}
{"name":"makefile-go-vulncheck","key":"https://go.googlesource.com/vuln.git","version":"v1.1.3"}
{"name":"makefile-gomajor","key":"https://github.com/icholy/gomajor.git","version":"v0.14.0"}
{"name":"makefile-gosec","key":"https://github.com/securego/gosec.git","version":"v2.21.4"}
{"name":"makefile-markdown-lint","key":"docker.io/davidanson/markdownlint-cli2","version":"v0.14.0"}
{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v1.8.5"}
{"name":"makefile-staticcheck","key":"https://github.com/dominikh/go-tools.git","version":"v0.5.1"}
{"name":"makefile-syft-container-digest","key":"anchore/syft:v1.13.0","version":"sha256:673582430d66a6c1e1d158ae12b273f260bb8605c6e4623c47b2eb1c32deeb74"}
{"name":"makefile-syft-container-tag","key":"anchore/syft","version":"v1.13.0"}
{"name":"makefile-syft-version","key":"docker.io/anchore/syft","version":"v1.13.0"}
{"name":"osv-golang-release","key":"docker.io/library/golang","version":"1.23.1"}
{"name":"shell-alpine-digest","key":"docker.io/library/alpine:3.20.3","version":"sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d"}
{"name":"shell-alpine-tag-base","key":"docker.io/library/alpine","version":"3"}
{"name":"shell-alpine-tag-comment","key":"docker.io/library/alpine","version":"3.20.3"}

674
.version-bump.yml
View File

@ -1,21 +1,21 @@
files:
"build/Dockerfile*":
scans:
processors:
- docker-arg-alpine-tag
- docker-arg-alpine-digest
- docker-arg-go-tag
- docker-arg-go-digest
- git-commit-ecr
- git-tag-gcr
- git-commit-lunajson
- git-commit-semver
- docker-arg-ecr
- docker-arg-gcr
- docker-arg-lunajson
- docker-arg-semver
"build/oci-image.sh":
scans:
- shell-alpine-tag
processors:
- shell-alpine-tag-base
- shell-alpine-tag-comment
- shell-alpine-digest
".github/workflows/*.yml":
scans:
processors:
- gha-golang-matrix
- gha-golang-release
- gha-uses-vx
@ -23,11 +23,11 @@ files:
- gha-uses-commit
- gha-syft-version
- gha-cosign-version
- gha-alpine-tag
- gha-alpine-tag-base
- gha-alpine-tag-comment
- gha-alpine-digest
"Makefile":
scans:
processors:
- makefile-gomajor
- makefile-go-vulncheck
- makefile-markdown-lint
@ -35,337 +35,431 @@ files:
- makefile-osv-scanner
- makefile-staticcheck
- makefile-syft-version
- makefile-syft-version2
- makefile-syft-digest
- makefile-syft-container-tag
- makefile-syft-container-digest
- makefile-ci-distribution
- makefile-ci-zot
"go.mod":
scans:
processors:
- go-mod-golang-release
".osv-scanner.toml":
scans:
processors:
- osv-golang-release
scans:
processors:
docker-arg-alpine-tag:
type: "regexp"
source: "registry-tag-arg-semver"
args:
regexp: '^ARG ALPINE_VER=(?P<Version>\d+\.\d+\.\d+)@(?P<SHA>sha256:[0-9a-f]+)\s*$'
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^ARG ALPINE_VER=(?P<Version>v?\d+\.\d+\.\d+)@(?P<SHA>sha256:[0-9a-f]+)\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/library/alpine"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
docker-arg-alpine-digest:
type: "regexp"
source: "registry-digest-arg-match"
args:
regexp: '^ARG ALPINE_VER=(?P<Tag>\d+\.\d+\.\d+)@(?P<Version>sha256:[0-9a-f]+)\s*$'
image: "docker.io/library/alpine"
key: "{{ .SourceArgs.image }}"
scan: "regexp"
scanArgs:
regexp: '^ARG ALPINE_VER=(?P<Tag>v?\d+\.\d+\.\d+)@(?P<Version>sha256:[0-9a-f]+)\s*$'
source: "registry-digest"
sourceArgs:
image: "docker.io/library/alpine:{{.ScanMatch.Tag}}"
docker-arg-go-tag:
type: "regexp"
source: "registry-tag-arg-semver"
args:
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^ARG GO_VER=(?P<Version>[a-z0-9\-\.]+)-alpine@(?P<SHA>sha256:[0-9a-f]+)\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/library/golang"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
docker-arg-go-digest:
type: "regexp"
source: "registry-digest-arg-match"
args:
key: "{{ .SourceArgs.image }}"
scan: "regexp"
scanArgs:
regexp: '^ARG GO_VER=(?P<Tag>[a-z0-9\-\.]+)@(?P<Version>sha256:[0-9a-f]+)\s*$'
image: "docker.io/library/golang"
git-commit-ecr:
type: "regexp"
source: "git-commit"
args:
source: "registry-digest"
sourceArgs:
image: "docker.io/library/golang:{{.ScanMatch.Tag}}"
docker-arg-ecr:
key: "{{ .SourceArgs.url }}:{{ .SourceArgs.ref }}"
scan: "regexp"
scanArgs:
regexp: '^ARG ECR_HELPER_VER=(?P<Version>[0-9a-f]+)\s*$'
repo: "https://github.com/awslabs/amazon-ecr-credential-helper.git"
source: "git-commit"
sourceArgs:
url: "https://github.com/awslabs/amazon-ecr-credential-helper.git"
ref: main
git-tag-gcr:
type: "regexp"
source: "git-tag-semver"
args:
regexp: '^ARG GCR_HELPER_VER=(?P<Version>[^\s]+)\s*$'
repo: "github.com/GoogleCloudPlatform/docker-credential-gcr"
ref: master
git-commit-lunajson:
type: "regexp"
source: "git-commit"
args:
filter:
expr: "^{{ .SourceArgs.ref }}$"
docker-arg-gcr:
key: "{{ .SourceArgs.url }}"
scan: "regexp"
scanArgs:
regexp: '^ARG GCR_HELPER_VER=(?P<Version>v?\d+\.\d+\.\d+)\s*$'
source: "git-tag"
sourceArgs:
url: "https://github.com/GoogleCloudPlatform/docker-credential-gcr.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
docker-arg-lunajson:
key: "{{ .SourceArgs.url }}:{{ .SourceArgs.ref }}"
scan: "regexp"
scanArgs:
regexp: '^ARG LUNAJSON_COMMIT=(?P<Version>[0-9a-f]+)\s*$'
repo: "https://github.com/grafi-tt/lunajson.git"
ref: master
git-commit-semver:
type: "regexp"
source: "git-commit"
args:
regexp: '^ARG SEMVER_COMMIT=(?P<Version>[0-9a-f]+)\s*$'
repo: "https://github.com/kikito/semver.lua.git"
sourceArgs:
url: "https://github.com/grafi-tt/lunajson.git"
ref: master
gha-uses-vx:
type: "regexp"
source: "gha-uses-vx"
args:
regexp: '^\s+-?\s+uses: (?P<Repo>[^@/]+/[^@/]+)[^@]*@(?P<Commit>[0-9a-f]+)\s+#\s+(?P<Version>v\d+)\s*$'
gha-uses-semver:
type: "regexp"
source: "gha-uses-semver"
args:
regexp: '^\s+-?\s+uses: (?P<Repo>[^@/]+/[^@/]+)[^@]*@(?P<Commit>[0-9a-f]+)\s+#\s+(?P<Version>v\d+\.\d+\.\d+)\s*$'
gha-uses-commit:
type: "regexp"
source: "github-commit-match"
args:
regexp: '^\s+-?\s+uses: (?P<Repo>[^@/]+/[^@/]+)[^@]*@(?P<Version>[0-9a-f]+)\s+#\s+(?P<Ref>[\w\d\.]+)\s*$'
gha-golang-matrix:
type: "regexp"
source: "registry-golang-matrix"
args:
regexp: '^\s*gover: (?P<Version>\[["0-9, \.]+\])\s*$'
gha-golang-release:
type: "regexp"
source: "registry-golang-latest"
args:
regexp: '^\s*RELEASE_GO_VER: "(?P<Version>[0-9\.]+)"\s*$'
gha-syft-version:
type: "regexp"
source: "registry-tag-arg-semver"
args:
regexp: '^\s*syft-version: "(?P<Version>v[0-9\.]+)"\s*$'
repo: "anchore/syft"
gha-cosign-version:
type: "regexp"
source: "git-tag-semver"
args:
regexp: '^\s*cosign-release: "(?P<Version>v[0-9\.]+)"\s*$'
repo: "github.com/sigstore/cosign"
gha-alpine-tag:
type: "regexp"
source: "registry-tag-arg-semver-major"
args:
regexp: '^\s*ALPINE_NAME: "alpine:(?P<Version>\d+)"\s*$'
repo: "docker.io/library/alpine"
gha-alpine-tag-comment:
type: "regexp"
source: "registry-tag-arg-semver"
args:
regexp: '^\s*ALPINE_DIGEST: "(?P<Digest>sha256:[0-9a-f]+)"\s*#\s*(?P<Version>\d+\.\d+\.\d+)\s*$'
repo: "docker.io/library/alpine"
gha-alpine-digest:
type: "regexp"
source: "registry-digest-arg-match"
args:
regexp: '^\s*ALPINE_DIGEST: "(?P<Version>sha256:[0-9a-f]+)"\s*#\s*(?P<Tag>\d+\.\d+\.\d+)\s*$'
image: "docker.io/library/alpine"
go-mod-golang-release:
type: "regexp"
source: "registry-golang-oldest"
args:
regexp: '^go (?P<Version>[0-9\.]+)\s*$'
makefile-ci-distribution:
type: "regexp"
source: "registry-tag-arg-semver"
args:
regexp: '^CI_DISTRIBUTION_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
repo: "docker.io/library/registry"
makefile-ci-zot:
type: "regexp"
source: "registry-tag-arg-semver"
args:
regexp: '^CI_ZOT_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
repo: "ghcr.io/project-zot/zot-linux-amd64"
makefile-gomajor:
type: "regexp"
source: "git-tag-semver"
args:
regexp: '^GOMAJOR_VER\?=(?P<Version>v[0-9\.]+)\s*$'
repo: "github.com/icholy/gomajor"
makefile-go-vulncheck:
type: "regexp"
source: "git-tag-semver"
args:
regexp: '^GO_VULNCHECK_VER\?=(?P<Version>v[0-9\.]+)\s*$'
repo: "go.googlesource.com/vuln"
makefile-gosec:
type: "regexp"
source: "git-tag-semver"
args:
regexp: '^GOSEC_VER\?=(?P<Version>v[0-9\.]+)\s*$'
repo: "github.com/securego/gosec"
makefile-markdown-lint:
type: "regexp"
source: "registry-tag-arg-semver"
args:
regexp: '^MARKDOWN_LINT_VER\?=(?P<Version>v[0-9\.]+)\s*$'
repo: "davidanson/markdownlint-cli2"
makefile-osv-scanner:
type: "regexp"
source: "git-tag-semver"
args:
regexp: '^OSV_SCANNER_VER\?=(?P<Version>v[0-9\.]+)\s*$'
repo: "github.com/google/osv-scanner"
makefile-staticcheck:
type: "regexp"
source: "git-tag-semver"
args:
regexp: '^STATICCHECK_VER\?=(?P<Version>v[0-9\.]+)\s*$'
repo: "github.com/dominikh/go-tools"
makefile-syft-version:
type: "regexp"
source: "registry-tag-arg-semver"
args:
regexp: '^SYFT_VERSION\?=(?P<Version>v[0-9\.]+)\s*$'
repo: "anchore/syft"
makefile-syft-version2:
type: "regexp"
source: "registry-tag-match-semver"
args:
regexp: '^SYFT_CONTAINER\?=(?P<Repo>[^:]*):(?P<Version>v[0-9\.]+)@(?P<Digest>sha256:[0-9a-f]+)\s*$'
makefile-syft-digest:
type: "regexp"
source: "registry-digest-match"
args:
regexp: '^SYFT_CONTAINER\?=(?P<Image>[^:]*):(?P<Tag>v[0-9\.]+)@(?P<Version>sha256:[0-9a-f]+)\s*$'
osv-golang-release:
type: "regexp"
source: "registry-tag-arg-semver"
args:
regexp: '^GoVersionOverride = "(?P<Version>[0-9\.]+)"\s*$'
repo: "docker.io/library/golang"
shell-alpine-tag:
type: "regexp"
source: "registry-tag-arg-semver-major"
args:
regexp: '^\s*ALPINE_NAME="alpine:(?P<Version>\d+)"\s*$'
repo: "docker.io/library/alpine"
shell-alpine-tag-comment:
type: "regexp"
source: "registry-tag-arg-semver"
args:
regexp: '^\s*ALPINE_DIGEST="(?P<Digest>sha256:[0-9a-f]+)"\s*#\s*(?P<Version>\d+\.\d+\.\d+)\s*$'
repo: "docker.io/library/alpine"
shell-alpine-digest:
type: "regexp"
source: "registry-digest-arg-match"
args:
regexp: '^\s*ALPINE_DIGEST="(?P<Version>sha256:[0-9a-f]+)"\s*#\s*(?P<Tag>\d+\.\d+\.\d+)\s*$'
image: "docker.io/library/alpine"
filter:
expr: "^{{ .SourceArgs.ref }}$"
docker-arg-semver:
key: "{{ .SourceArgs.url }}:{{ .SourceArgs.ref }}"
scan: "regexp"
scanArgs:
regexp: '^ARG SEMVER_COMMIT=(?P<Version>[0-9a-f]+)\s*$'
source: "git-commit"
sourceArgs:
url: "https://github.com/kikito/semver.lua.git"
ref: master
filter:
expr: "^{{ .SourceArgs.ref }}$"
sources:
registry-tag-arg-semver:
type: "registry"
key: "{{ .ScanArgs.repo }}"
args:
type: "tag"
repo: "{{ .ScanArgs.repo }}"
gha-alpine-digest:
key: "{{ .SourceArgs.image }}"
scan: "regexp"
scanArgs:
regexp: '^\s*ALPINE_DIGEST: "(?P<Version>sha256:[0-9a-f]+)"\s*#\s*(?P<Tag>\d+\.\d+\.\d+)\s*$'
source: "registry-digest"
sourceArgs:
image: "docker.io/library/alpine:{{ .ScanMatch.Tag }}"
gha-alpine-tag-base:
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^\s*ALPINE_NAME: "alpine:(?P<Version>v?\d+)"\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/library/alpine"
filter:
expr: '^v?[0-9]+\.[0-9]+\.[0-9]+$'
sort:
method: "semver"
registry-tag-arg-semver-major:
type: "registry"
key: "{{ .ScanArgs.repo }}"
args:
type: "tag"
repo: "{{ .ScanArgs.repo }}"
filter:
expr: '^v?[0-9]+\.[0-9]+\.[0-9]+$'
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
# only return the major version number in the tag to support detecting a change in the base image
template: '{{ index ( split .Version "." ) 0 }}'
registry-tag-match-semver:
type: "registry"
key: "{{ .ScanMatch.Repo }}"
args:
type: "tag"
repo: "{{ .ScanMatch.Repo }}"
gha-alpine-tag-comment:
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^\s*ALPINE_DIGEST: "(?P<Digest>sha256:[0-9a-f]+)"\s*#\s*(?P<Version>v?\d+\.\d+\.\d+)\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/library/alpine"
filter:
expr: '^v?[0-9]+\.[0-9]+\.[0-9]+$'
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
registry-digest-arg-match:
type: "registry"
key: "{{ .ScanArgs.image }}:{{.ScanMatch.Tag}}"
args:
image: "{{ .ScanArgs.image }}:{{.ScanMatch.Tag}}"
registry-digest-match:
type: "registry"
key: "{{ .ScanMatch.Image }}:{{.ScanMatch.Tag}}"
args:
image: "{{ .ScanMatch.Image }}:{{.ScanMatch.Tag}}"
registry-golang-latest:
type: "registry"
gha-cosign-version:
key: "{{ .SourceArgs.url }}"
scan: "regexp"
scanArgs:
regexp: '^\s*cosign-release: "(?P<Version>v?[0-9\.]+)"\s*$'
source: "git-tag"
sourceArgs:
url: "https://github.com/sigstore/cosign.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
gha-golang-matrix:
key: "golang-matrix"
scan: "regexp"
scanArgs:
regexp: '^\s*gover: (?P<Version>\[["0-9, \.]+\])\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/library/golang"
filter:
expr: '^v?\d+\.\d+$'
sort:
method: "semver"
template: '["{{ index .VerMap ( index .VerList 2 ) }}", "{{ index .VerMap ( index .VerList 1 ) }}", "{{ index .VerMap ( index .VerList 0 ) }}"]'
gha-golang-release:
key: "golang-latest"
args:
repo: "golang"
type: "tag"
scan: "regexp"
scanArgs:
regexp: '^\s*RELEASE_GO_VER: "(?P<Version>v?[0-9\.]+)"\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/library/golang"
filter:
expr: '^\d+\.\d+$'
expr: '^v?\d+\.\d+$'
sort:
method: "semver"
registry-golang-oldest:
type: "registry"
gha-syft-version:
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^\s*syft-version: "(?P<Version>v?[0-9\.]+)"\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/anchore/syft"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
gha-uses-vx:
key: "{{ .ScanMatch.Repo }}"
scan: "regexp"
scanArgs:
regexp: '^\s+-?\s+uses: (?P<Repo>[^@/]+/[^@/]+)[^@]*@(?P<Commit>[0-9a-f]+)\s+#\s+(?P<Version>v?\d+)\s*$'
source: "git-tag"
sourceArgs:
url: "https://github.com/{{ .ScanMatch.Repo }}.git"
filter:
expr: '^v?\d+$'
sort:
method: "semver"
gha-uses-semver:
key: "{{ .ScanMatch.Repo }}"
scan: "regexp"
scanArgs:
regexp: '^\s+-?\s+uses: (?P<Repo>[^@/]+/[^@/]+)[^@]*@(?P<Commit>[0-9a-f]+)\s+#\s+(?P<Version>v?\d+\.\d+\.\d+)\s*$'
source: "git-tag"
sourceArgs:
url: "https://github.com/{{ .ScanMatch.Repo }}.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
gha-uses-commit:
key: "{{ .ScanMatch.Repo }}:{{ .ScanMatch.Ref }}"
scan: "regexp"
scanArgs:
regexp: '^\s+-?\s+uses: (?P<Repo>[^@/]+/[^@/]+)[^@]*@(?P<Version>[0-9a-f]+)\s+#\s+(?P<Ref>[\w\d\.]+)\s*$'
source: "git-commit"
sourceArgs:
url: "https://github.com/{{ .ScanMatch.Repo }}.git"
ref: "{{ .ScanMatch.Ref }}"
filter:
expr: "^{{ .ScanMatch.Ref }}$"
go-mod-golang-release:
key: "golang-oldest"
args:
repo: "golang"
type: "tag"
scan: "regexp"
scanArgs:
regexp: '^go (?P<Version>[0-9\.]+)\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/library/golang"
filter:
expr: '^\d+\.\d+$'
sort:
method: "semver"
template: '{{ index .VerMap ( index .VerList 2 ) }}'
registry-golang-matrix:
type: "registry"
key: "golang-matrix"
args:
repo: "golang"
type: "tag"
makefile-ci-distribution:
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^CI_DISTRIBUTION_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/library/registry"
filter:
expr: '^\d+\.\d+$'
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
template: '["{{ index .VerMap ( index .VerList 2 ) }}", "{{ index .VerMap ( index .VerList 1 ) }}", "{{ index .VerMap ( index .VerList 0 ) }}"]'
gha-uses-vx:
type: "git"
key: "{{ .ScanMatch.Repo }}"
args:
type: "tag"
url: "https://github.com/{{ .ScanMatch.Repo }}.git"
makefile-ci-zot:
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^CI_ZOT_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "registry-tag"
sourceArgs:
repo: "ghcr.io/project-zot/zot-linux-amd64"
filter:
expr: '^v\d+$'
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
gha-uses-semver:
type: "git"
key: "{{ .ScanMatch.Repo }}"
args:
type: "tag"
url: "https://github.com/{{ .ScanMatch.Repo }}.git"
makefile-gomajor:
key: "{{ .SourceArgs.url }}"
scan: "regexp"
scanArgs:
regexp: '^GOMAJOR_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "git-tag"
sourceArgs:
url: "https://github.com/icholy/gomajor.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-gosec:
key: "{{ .SourceArgs.url }}"
scan: "regexp"
scanArgs:
regexp: '^GOSEC_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "git-tag"
sourceArgs:
url: "https://github.com/securego/gosec.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-go-vulncheck:
key: "{{ .SourceArgs.url }}"
scan: "regexp"
scanArgs:
regexp: '^GO_VULNCHECK_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "git-tag"
sourceArgs:
url: "https://go.googlesource.com/vuln.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-markdown-lint:
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^MARKDOWN_LINT_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/davidanson/markdownlint-cli2"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-osv-scanner:
key: "{{ .SourceArgs.url }}"
scan: "regexp"
scanArgs:
regexp: '^OSV_SCANNER_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "git-tag"
sourceArgs:
url: "https://github.com/google/osv-scanner.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-staticcheck:
key: "{{ .SourceArgs.url }}"
scan: "regexp"
scanArgs:
regexp: '^STATICCHECK_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "git-tag"
sourceArgs:
url: "https://github.com/dominikh/go-tools.git"
filter:
# ignore versions without a preceding "v"
expr: '^v\d+\.\d+\.\d+$'
sort:
method: "semver"
git-commit:
type: "git"
key: "{{ .ScanArgs.repo }}:{{ .ScanArgs.ref }}"
args:
type: "commit"
url: "{{ .ScanArgs.repo }}"
makefile-syft-container-tag:
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^SYFT_CONTAINER\?=(?P<Repo>[^:]*):(?P<Version>v?[0-9\.]+)@(?P<Digest>sha256:[0-9a-f]+)\s*$'
source: "registry-tag"
sourceArgs:
repo: "{{ .ScanMatch.Repo }}"
filter:
expr: '^{{ .ScanArgs.ref }}$'
git-tag-semver:
type: "git"
key: "{{ .ScanArgs.repo }}"
args:
type: "tag"
url: "https://{{ .ScanArgs.repo }}.git"
filter:
expr: '^v[0-9]+\.[0-9]+\.[0-9]+$'
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
github-commit-match:
makefile-syft-container-digest:
key: "{{ .SourceArgs.image }}"
scan: "regexp"
scanArgs:
regexp: '^SYFT_CONTAINER\?=(?P<Image>[^:]*):(?P<Tag>v?[0-9\.]+)@(?P<Version>sha256:[0-9a-f]+)\s*$'
source: "registry-digest"
sourceArgs:
image: "{{ .ScanMatch.Image }}:{{.ScanMatch.Tag}}"
makefile-syft-version:
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^SYFT_VERSION\?=(?P<Version>v[0-9\.]+)\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/anchore/syft"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
osv-golang-release:
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^GoVersionOverride = "(?P<Version>v?[0-9\.]+)"\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/library/golang"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
shell-alpine-tag-base:
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^\s*ALPINE_NAME="alpine:(?P<Version>v?\d+)"\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/library/alpine"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
# only return the major version number in the tag to support detecting a change in the base image
template: '{{ index ( split .Version "." ) 0 }}'
shell-alpine-tag-comment:
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
scanArgs:
regexp: '^\s*ALPINE_DIGEST="(?P<Digest>sha256:[0-9a-f]+)"\s*#\s*(?P<Version>v?\d+\.\d+\.\d+)\s*$'
source: "registry-tag"
sourceArgs:
repo: "docker.io/library/alpine"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
shell-alpine-digest:
key: "{{ .SourceArgs.image }}"
scan: "regexp"
scanArgs:
regexp: '^\s*ALPINE_DIGEST="(?P<Version>sha256:[0-9a-f]+)"\s*#\s*(?P<Tag>\d+\.\d+\.\d+)\s*$'
source: "registry-digest"
sourceArgs:
image: "docker.io/library/alpine:{{ .ScanMatch.Tag }}"
scans:
regexp:
type: "regexp"
sources:
git-commit:
type: "git"
key: "{{ .ScanMatch.Repo }}:{{ .ScanMatch.Ref }}"
args:
type: "commit"
url: "https://github.com/{{ .ScanMatch.Repo }}.git"
ref: "{{ .ScanMatch.Ref }}"
filter:
expr: "^{{ .ScanMatch.Ref }}$"
git-tag:
type: "git"
args:
type: "tag"
registry-digest:
type: "registry"
registry-tag:
type: "registry"
args:
type: "tag"

8
Makefile
View File

@ -34,14 +34,14 @@ ifeq "$(strip $(VER_BUMP))" ''
$(VER_BUMP_CONTAINER)
endif
MARKDOWN_LINT_VER?=v0.14.0
GOMAJOR_VER?=v0.13.2
GOSEC_VER?=v2.21.3
GOMAJOR_VER?=v0.14.0
GOSEC_VER?=v2.21.4
GO_VULNCHECK_VER?=v1.1.3
OSV_SCANNER_VER?=v1.8.5
SYFT?=$(shell command -v syft 2>/dev/null)
SYFT_CMD_VER:=$(shell [ -x "$(SYFT)" ] && echo "v$$($(SYFT) version | awk '/^Version: / {print $$2}')" || echo "0")
SYFT_VERSION?=v1.12.2
SYFT_CONTAINER?=anchore/syft:v1.12.2@sha256:ffccbc4bf4a3582b7c1d962e0359154f24b70f1810680b5b153f1f5907b2a2ab
SYFT_VERSION?=v1.13.0
SYFT_CONTAINER?=anchore/syft:v1.13.0@sha256:673582430d66a6c1e1d158ae12b273f260bb8605c6e4623c47b2eb1c32deeb74
ifneq "$(SYFT_CMD_VER)" "$(SYFT_VERSION)"
SYFT=docker run --rm \
-v "$(shell pwd)/:$(shell pwd)/" -w "$(shell pwd)" \