docker/regclient
1
0
Fork 0
mirror of https://github.com/regclient/regclient.git synced 2025-04-18 22:44:00 +03:00
Code

Version bump

Browse Source 
- Update config to use yaml anchors and aliases
- docker/build-push-action to v6.9.0
- github/codeql-action to v3.26.10

Signed-off-by: Brandon Mitchell <git@bmitch.net>
This commit is contained in:
Brandon Mitchell 2024-09-30 09:56:54 -04:00
parent f314dce647
commit f5d94fee2b
No known key found for this signature in database
GPG Key ID: 6E0FF28C767A8BEE
4 changed files with 90 additions and 225 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/docker.yml vendored
View File

@ -103,7 +103,7 @@ jobs:
password: ${{ secrets.GHCR_TOKEN }} password: ${{ secrets.GHCR_TOKEN }}
- name: Build - name: Build
uses: docker/build-push-action@32945a339266b759abcbdc89316275140b0fc960 # v6.8.0 uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
id: build id: build
with: with:
context: . context: .

2
.github/workflows/scorecard.yml vendored
View File

@ -47,6 +47,6 @@ jobs:
# required for Code scanning alerts # required for Code scanning alerts
- name: "Upload SARIF results to code scanning" - name: "Upload SARIF results to code scanning"
uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
with: with:
sarif_file: results.sarif sarif_file: results.sarif

50
.version-bump.lock
View File

@ -13,31 +13,31 @@
{"name":"gha-golang-matrix","key":"golang-matrix","version":"[\"1.21\", \"1.22\", \"1.23\"]"} {"name":"gha-golang-matrix","key":"golang-matrix","version":"[\"1.21\", \"1.22\", \"1.23\"]"}
{"name":"gha-golang-release","key":"golang-latest","version":"1.23"} {"name":"gha-golang-release","key":"golang-latest","version":"1.23"}
{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.13.0"} {"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.13.0"}
{"name":"gha-uses-commit","key":"actions/checkout:v4.2.0","version":"d632683dd7b4114ad314bca15554477dd762a938"} {"name":"gha-uses-commit","key":"https://github.com/actions/checkout.git:v4.2.0","version":"d632683dd7b4114ad314bca15554477dd762a938"}
{"name":"gha-uses-commit","key":"actions/setup-go:v5.0.2","version":"0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32"} {"name":"gha-uses-commit","key":"https://github.com/actions/setup-go.git:v5.0.2","version":"0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32"}
{"name":"gha-uses-commit","key":"actions/stale:v9.0.0","version":"28ca1036281a5e5922ead5184a1bbf96e5fc984e"} {"name":"gha-uses-commit","key":"https://github.com/actions/stale.git:v9.0.0","version":"28ca1036281a5e5922ead5184a1bbf96e5fc984e"}
{"name":"gha-uses-commit","key":"actions/upload-artifact:v4.4.0","version":"50769540e7f4bd5e21e526ee35c689e35e0d6874"} {"name":"gha-uses-commit","key":"https://github.com/actions/upload-artifact.git:v4.4.0","version":"50769540e7f4bd5e21e526ee35c689e35e0d6874"}
{"name":"gha-uses-commit","key":"anchore/sbom-action:v0.17.2","version":"61119d458adab75f756bc0b9e4bde25725f86a7a"} {"name":"gha-uses-commit","key":"https://github.com/anchore/sbom-action.git:v0.17.2","version":"61119d458adab75f756bc0b9e4bde25725f86a7a"}
{"name":"gha-uses-commit","key":"docker/build-push-action:v6.8.0","version":"32945a339266b759abcbdc89316275140b0fc960"} {"name":"gha-uses-commit","key":"https://github.com/docker/build-push-action.git:v6.9.0","version":"4f58ea79222b3b9dc2c8bbdd6debcef730109a75"}
{"name":"gha-uses-commit","key":"docker/login-action:v3.3.0","version":"9780b0c442fbb1117ed29e0efdff1e18412f7567"} {"name":"gha-uses-commit","key":"https://github.com/docker/login-action.git:v3.3.0","version":"9780b0c442fbb1117ed29e0efdff1e18412f7567"}
{"name":"gha-uses-commit","key":"docker/setup-buildx-action:v3.6.1","version":"988b5a0280414f521da01fcc63a27aeeb4b104db"} {"name":"gha-uses-commit","key":"https://github.com/docker/setup-buildx-action.git:v3.6.1","version":"988b5a0280414f521da01fcc63a27aeeb4b104db"}
{"name":"gha-uses-commit","key":"github/codeql-action:v3.26.9","version":"461ef6c76dfe95d5c364de2f431ddbd31a417628"} {"name":"gha-uses-commit","key":"https://github.com/github/codeql-action.git:v3.26.10","version":"e2b3eafc8d227b0241d48be5f425d47c2d750a13"}
{"name":"gha-uses-commit","key":"ossf/scorecard-action:v2.4.0","version":"62b2cac7ed8198b15735ed49ab1e5cf35480ba46"} {"name":"gha-uses-commit","key":"https://github.com/ossf/scorecard-action.git:v2.4.0","version":"62b2cac7ed8198b15735ed49ab1e5cf35480ba46"}
{"name":"gha-uses-commit","key":"regclient/actions:main","version":"35bc5829dd3d37ace2717971f3151894b43bfabc"} {"name":"gha-uses-commit","key":"https://github.com/regclient/actions.git:main","version":"35bc5829dd3d37ace2717971f3151894b43bfabc"}
{"name":"gha-uses-commit","key":"sigstore/cosign-installer:v3.6.0","version":"4959ce089c160fddf62f7b42464195ba1a56d382"} {"name":"gha-uses-commit","key":"https://github.com/sigstore/cosign-installer.git:v3.6.0","version":"4959ce089c160fddf62f7b42464195ba1a56d382"}
{"name":"gha-uses-commit","key":"softprops/action-gh-release:v2.0.8","version":"c062e08bd532815e2082a85e87e3ef29c3e6d191"} {"name":"gha-uses-commit","key":"https://github.com/softprops/action-gh-release.git:v2.0.8","version":"c062e08bd532815e2082a85e87e3ef29c3e6d191"}
{"name":"gha-uses-semver","key":"actions/checkout","version":"v4.2.0"} {"name":"gha-uses-semver","key":"https://github.com/actions/checkout.git","version":"v4.2.0"}
{"name":"gha-uses-semver","key":"actions/setup-go","version":"v5.0.2"} {"name":"gha-uses-semver","key":"https://github.com/actions/setup-go.git","version":"v5.0.2"}
{"name":"gha-uses-semver","key":"actions/stale","version":"v9.0.0"} {"name":"gha-uses-semver","key":"https://github.com/actions/stale.git","version":"v9.0.0"}
{"name":"gha-uses-semver","key":"actions/upload-artifact","version":"v4.4.0"} {"name":"gha-uses-semver","key":"https://github.com/actions/upload-artifact.git","version":"v4.4.0"}
{"name":"gha-uses-semver","key":"anchore/sbom-action","version":"v0.17.2"} {"name":"gha-uses-semver","key":"https://github.com/anchore/sbom-action.git","version":"v0.17.2"}
{"name":"gha-uses-semver","key":"docker/build-push-action","version":"v6.8.0"} {"name":"gha-uses-semver","key":"https://github.com/docker/build-push-action.git","version":"v6.9.0"}
{"name":"gha-uses-semver","key":"docker/login-action","version":"v3.3.0"} {"name":"gha-uses-semver","key":"https://github.com/docker/login-action.git","version":"v3.3.0"}
{"name":"gha-uses-semver","key":"docker/setup-buildx-action","version":"v3.6.1"} {"name":"gha-uses-semver","key":"https://github.com/docker/setup-buildx-action.git","version":"v3.6.1"}
{"name":"gha-uses-semver","key":"github/codeql-action","version":"v3.26.9"} {"name":"gha-uses-semver","key":"https://github.com/github/codeql-action.git","version":"v3.26.10"}
{"name":"gha-uses-semver","key":"ossf/scorecard-action","version":"v2.4.0"} {"name":"gha-uses-semver","key":"https://github.com/ossf/scorecard-action.git","version":"v2.4.0"}
{"name":"gha-uses-semver","key":"sigstore/cosign-installer","version":"v3.6.0"} {"name":"gha-uses-semver","key":"https://github.com/sigstore/cosign-installer.git","version":"v3.6.0"}
{"name":"gha-uses-semver","key":"softprops/action-gh-release","version":"v2.0.8"} {"name":"gha-uses-semver","key":"https://github.com/softprops/action-gh-release.git","version":"v2.0.8"}
{"name":"go-mod-golang-release","key":"golang-oldest","version":"1.21"} {"name":"go-mod-golang-release","key":"golang-oldest","version":"1.21"}
{"name":"makefile-ci-distribution","key":"docker.io/library/registry","version":"2.8.3"} {"name":"makefile-ci-distribution","key":"docker.io/library/registry","version":"2.8.3"}
{"name":"makefile-ci-zot","key":"ghcr.io/project-zot/zot-linux-amd64","version":"v2.1.1"} {"name":"makefile-ci-zot","key":"ghcr.io/project-zot/zot-linux-amd64","version":"v2.1.1"}

261
.version-bump.yml
View File

@ -46,401 +46,266 @@ files:
processors: processors:
- osv-golang-release - osv-golang-release
processors: x-processor-tmpl:
docker-arg-alpine-tag: git-commit: &git-commit
key: "{{ .SourceArgs.repo }}" key: "{{ .SourceArgs.url }}:{{ .SourceArgs.ref }}"
scan: "regexp" scan: "regexp"
scanArgs: source: "git-commit"
regexp: '^ARG ALPINE_VER=(?P<Version>v?\d+\.\d+\.\d+)@(?P<SHA>sha256:[0-9a-f]+)\s*$' filter:
source: "registry-tag" expr: "^{{ .SourceArgs.ref }}$"
sourceArgs: git-tag-semver: &git-tag-semver
repo: "docker.io/library/alpine" key: "{{ .SourceArgs.url }}"
scan: "regexp"
source: "git-tag"
filter: filter:
expr: '^v?\d+\.\d+\.\d+$' expr: '^v?\d+\.\d+\.\d+$'
sort: sort:
method: "semver" method: "semver"
docker-arg-alpine-digest: registry-digest: &registry-digest
key: "{{ .SourceArgs.image }}" key: "{{ .SourceArgs.image }}"
scan: "regexp" scan: "regexp"
source: "registry-digest"
registry-tag-semver: &registry-tag-semver
key: "{{ .SourceArgs.repo }}"
scan: "regexp"
source: "registry-tag"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
processors:
docker-arg-alpine-tag:
<<: *registry-tag-semver
scanArgs:
regexp: '^ARG ALPINE_VER=(?P<Version>v?\d+\.\d+\.\d+)@(?P<SHA>sha256:[0-9a-f]+)\s*$'
sourceArgs:
repo: "docker.io/library/alpine"
docker-arg-alpine-digest:
<<: *registry-digest
scanArgs: scanArgs:
regexp: '^ARG ALPINE_VER=(?P<Tag>v?\d+\.\d+\.\d+)@(?P<Version>sha256:[0-9a-f]+)\s*$' regexp: '^ARG ALPINE_VER=(?P<Tag>v?\d+\.\d+\.\d+)@(?P<Version>sha256:[0-9a-f]+)\s*$'
source: "registry-digest"
sourceArgs: sourceArgs:
image: "docker.io/library/alpine:{{.ScanMatch.Tag}}" image: "docker.io/library/alpine:{{.ScanMatch.Tag}}"
docker-arg-go-tag: docker-arg-go-tag:
key: "{{ .SourceArgs.repo }}" <<: *registry-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^ARG GO_VER=(?P<Version>[a-z0-9\-\.]+)-alpine@(?P<SHA>sha256:[0-9a-f]+)\s*$' regexp: '^ARG GO_VER=(?P<Version>[a-z0-9\-\.]+)-alpine@(?P<SHA>sha256:[0-9a-f]+)\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/library/golang" repo: "docker.io/library/golang"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
docker-arg-go-digest: docker-arg-go-digest:
key: "{{ .SourceArgs.image }}" <<: *registry-digest
scan: "regexp"
scanArgs: scanArgs:
regexp: '^ARG GO_VER=(?P<Tag>[a-z0-9\-\.]+)@(?P<Version>sha256:[0-9a-f]+)\s*$' regexp: '^ARG GO_VER=(?P<Tag>[a-z0-9\-\.]+)@(?P<Version>sha256:[0-9a-f]+)\s*$'
source: "registry-digest"
sourceArgs: sourceArgs:
image: "docker.io/library/golang:{{.ScanMatch.Tag}}" image: "docker.io/library/golang:{{.ScanMatch.Tag}}"
docker-arg-ecr: docker-arg-ecr:
key: "{{ .SourceArgs.url }}:{{ .SourceArgs.ref }}" <<: *git-commit
scan: "regexp"
scanArgs: scanArgs:
regexp: '^ARG ECR_HELPER_VER=(?P<Version>[0-9a-f]+)\s*$' regexp: '^ARG ECR_HELPER_VER=(?P<Version>[0-9a-f]+)\s*$'
source: "git-commit"
sourceArgs: sourceArgs:
url: "https://github.com/awslabs/amazon-ecr-credential-helper.git" url: "https://github.com/awslabs/amazon-ecr-credential-helper.git"
ref: main ref: main
filter:
expr: "^{{ .SourceArgs.ref }}$"
docker-arg-gcr: docker-arg-gcr:
key: "{{ .SourceArgs.url }}" <<: *git-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^ARG GCR_HELPER_VER=(?P<Version>v?\d+\.\d+\.\d+)\s*$' regexp: '^ARG GCR_HELPER_VER=(?P<Version>v?\d+\.\d+\.\d+)\s*$'
source: "git-tag"
sourceArgs: sourceArgs:
url: "https://github.com/GoogleCloudPlatform/docker-credential-gcr.git" url: "https://github.com/GoogleCloudPlatform/docker-credential-gcr.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
docker-arg-lunajson: docker-arg-lunajson:
key: "{{ .SourceArgs.url }}:{{ .SourceArgs.ref }}" <<: *git-commit
scan: "regexp"
scanArgs: scanArgs:
regexp: '^ARG LUNAJSON_COMMIT=(?P<Version>[0-9a-f]+)\s*$' regexp: '^ARG LUNAJSON_COMMIT=(?P<Version>[0-9a-f]+)\s*$'
source: "git-commit"
sourceArgs: sourceArgs:
url: "https://github.com/grafi-tt/lunajson.git" url: "https://github.com/grafi-tt/lunajson.git"
ref: master ref: master
filter:
expr: "^{{ .SourceArgs.ref }}$"
docker-arg-semver: docker-arg-semver:
key: "{{ .SourceArgs.url }}:{{ .SourceArgs.ref }}" <<: *git-commit
scan: "regexp"
scanArgs: scanArgs:
regexp: '^ARG SEMVER_COMMIT=(?P<Version>[0-9a-f]+)\s*$' regexp: '^ARG SEMVER_COMMIT=(?P<Version>[0-9a-f]+)\s*$'
source: "git-commit"
sourceArgs: sourceArgs:
url: "https://github.com/kikito/semver.lua.git" url: "https://github.com/kikito/semver.lua.git"
ref: master ref: master
filter:
expr: "^{{ .SourceArgs.ref }}$"
gha-alpine-digest: gha-alpine-digest:
key: "{{ .SourceArgs.image }}" <<: *registry-digest
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s*ALPINE_DIGEST: "(?P<Version>sha256:[0-9a-f]+)"\s*#\s*(?P<Tag>\d+\.\d+\.\d+)\s*$' regexp: '^\s*ALPINE_DIGEST: "(?P<Version>sha256:[0-9a-f]+)"\s*#\s*(?P<Tag>\d+\.\d+\.\d+)\s*$'
source: "registry-digest"
sourceArgs: sourceArgs:
image: "docker.io/library/alpine:{{ .ScanMatch.Tag }}" image: "docker.io/library/alpine:{{ .ScanMatch.Tag }}"
gha-alpine-tag-base: gha-alpine-tag-base:
key: "{{ .SourceArgs.repo }}" <<: *registry-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s*ALPINE_NAME: "alpine:(?P<Version>v?\d+)"\s*$' regexp: '^\s*ALPINE_NAME: "alpine:(?P<Version>v?\d+)"\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/library/alpine" repo: "docker.io/library/alpine"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
# only return the major version number in the tag to support detecting a change in the base image # only return the major version number in the tag to support detecting a change in the base image
template: '{{ index ( split .Version "." ) 0 }}' template: '{{ index ( split .Version "." ) 0 }}'
gha-alpine-tag-comment: gha-alpine-tag-comment:
key: "{{ .SourceArgs.repo }}" <<: *registry-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s*ALPINE_DIGEST: "(?P<Digest>sha256:[0-9a-f]+)"\s*#\s*(?P<Version>v?\d+\.\d+\.\d+)\s*$' regexp: '^\s*ALPINE_DIGEST: "(?P<Digest>sha256:[0-9a-f]+)"\s*#\s*(?P<Version>v?\d+\.\d+\.\d+)\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/library/alpine" repo: "docker.io/library/alpine"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
gha-cosign-version: gha-cosign-version:
key: "{{ .SourceArgs.url }}" <<: *git-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s*cosign-release: "(?P<Version>v?[0-9\.]+)"\s*$' regexp: '^\s*cosign-release: "(?P<Version>v?[0-9\.]+)"\s*$'
source: "git-tag"
sourceArgs: sourceArgs:
url: "https://github.com/sigstore/cosign.git" url: "https://github.com/sigstore/cosign.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
gha-golang-matrix: gha-golang-matrix:
<<: *registry-tag-semver
key: "golang-matrix" key: "golang-matrix"
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s*gover: (?P<Version>\[["0-9, \.]+\])\s*$' regexp: '^\s*gover: (?P<Version>\[["0-9, \.]+\])\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/library/golang" repo: "docker.io/library/golang"
filter: filter:
expr: '^v?\d+\.\d+$' expr: '^v?\d+\.\d+$'
sort:
method: "semver"
template: '["{{ index .VerMap ( index .VerList 2 ) }}", "{{ index .VerMap ( index .VerList 1 ) }}", "{{ index .VerMap ( index .VerList 0 ) }}"]' template: '["{{ index .VerMap ( index .VerList 2 ) }}", "{{ index .VerMap ( index .VerList 1 ) }}", "{{ index .VerMap ( index .VerList 0 ) }}"]'
gha-golang-release: gha-golang-release:
<<: *registry-tag-semver
key: "golang-latest" key: "golang-latest"
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s*RELEASE_GO_VER: "(?P<Version>v?[0-9\.]+)"\s*$' regexp: '^\s*RELEASE_GO_VER: "(?P<Version>v?[0-9\.]+)"\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/library/golang" repo: "docker.io/library/golang"
filter: filter:
expr: '^v?\d+\.\d+$' expr: '^v?\d+\.\d+$'
sort:
method: "semver"
gha-syft-version: gha-syft-version:
key: "{{ .SourceArgs.repo }}" <<: *registry-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s*syft-version: "(?P<Version>v?[0-9\.]+)"\s*$' regexp: '^\s*syft-version: "(?P<Version>v?[0-9\.]+)"\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/anchore/syft" repo: "docker.io/anchore/syft"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
gha-uses-vx: gha-uses-vx:
key: "{{ .ScanMatch.Repo }}" <<: *git-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s+-?\s+uses: (?P<Repo>[^@/]+/[^@/]+)[^@]*@(?P<Commit>[0-9a-f]+)\s+#\s+(?P<Version>v?\d+)\s*$' regexp: '^\s+-?\s+uses: (?P<Repo>[^@/]+/[^@/]+)[^@]*@(?P<Commit>[0-9a-f]+)\s+#\s+(?P<Version>v?\d+)\s*$'
source: "git-tag"
sourceArgs: sourceArgs:
url: "https://github.com/{{ .ScanMatch.Repo }}.git" url: "https://github.com/{{ .ScanMatch.Repo }}.git"
filter: filter:
expr: '^v?\d+$' expr: '^v?\d+$'
sort:
method: "semver"
gha-uses-semver: gha-uses-semver:
key: "{{ .ScanMatch.Repo }}" <<: *git-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s+-?\s+uses: (?P<Repo>[^@/]+/[^@/]+)[^@]*@(?P<Commit>[0-9a-f]+)\s+#\s+(?P<Version>v?\d+\.\d+\.\d+)\s*$' regexp: '^\s+-?\s+uses: (?P<Repo>[^@/]+/[^@/]+)[^@]*@(?P<Commit>[0-9a-f]+)\s+#\s+(?P<Version>v?\d+\.\d+\.\d+)\s*$'
source: "git-tag"
sourceArgs: sourceArgs:
url: "https://github.com/{{ .ScanMatch.Repo }}.git" url: "https://github.com/{{ .ScanMatch.Repo }}.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
gha-uses-commit: gha-uses-commit:
key: "{{ .ScanMatch.Repo }}:{{ .ScanMatch.Ref }}" <<: *git-commit
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s+-?\s+uses: (?P<Repo>[^@/]+/[^@/]+)[^@]*@(?P<Version>[0-9a-f]+)\s+#\s+(?P<Ref>[\w\d\.]+)\s*$' regexp: '^\s+-?\s+uses: (?P<Repo>[^@/]+/[^@/]+)[^@]*@(?P<Version>[0-9a-f]+)\s+#\s+(?P<Ref>[\w\d\.]+)\s*$'
source: "git-commit"
sourceArgs: sourceArgs:
url: "https://github.com/{{ .ScanMatch.Repo }}.git" url: "https://github.com/{{ .ScanMatch.Repo }}.git"
ref: "{{ .ScanMatch.Ref }}" ref: "{{ .ScanMatch.Ref }}"
filter:
expr: "^{{ .ScanMatch.Ref }}$"
go-mod-golang-release: go-mod-golang-release:
<<: *registry-tag-semver
key: "golang-oldest" key: "golang-oldest"
scan: "regexp"
scanArgs: scanArgs:
regexp: '^go (?P<Version>[0-9\.]+)\s*$' regexp: '^go (?P<Version>[0-9\.]+)\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/library/golang" repo: "docker.io/library/golang"
filter: filter:
expr: '^\d+\.\d+$' expr: '^\d+\.\d+$'
sort:
method: "semver"
template: '{{ index .VerMap ( index .VerList 2 ) }}' template: '{{ index .VerMap ( index .VerList 2 ) }}'
makefile-ci-distribution: makefile-ci-distribution:
key: "{{ .SourceArgs.repo }}" <<: *registry-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^CI_DISTRIBUTION_VER\?=(?P<Version>v?[0-9\.]+)\s*$' regexp: '^CI_DISTRIBUTION_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/library/registry" repo: "docker.io/library/registry"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-ci-zot: makefile-ci-zot:
key: "{{ .SourceArgs.repo }}" <<: *registry-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^CI_ZOT_VER\?=(?P<Version>v?[0-9\.]+)\s*$' regexp: '^CI_ZOT_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "ghcr.io/project-zot/zot-linux-amd64" repo: "ghcr.io/project-zot/zot-linux-amd64"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-gomajor: makefile-gomajor:
key: "{{ .SourceArgs.url }}" <<: *git-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^GOMAJOR_VER\?=(?P<Version>v?[0-9\.]+)\s*$' regexp: '^GOMAJOR_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "git-tag"
sourceArgs: sourceArgs:
url: "https://github.com/icholy/gomajor.git" url: "https://github.com/icholy/gomajor.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-gosec: makefile-gosec:
key: "{{ .SourceArgs.url }}" <<: *git-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^GOSEC_VER\?=(?P<Version>v?[0-9\.]+)\s*$' regexp: '^GOSEC_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "git-tag"
sourceArgs: sourceArgs:
url: "https://github.com/securego/gosec.git" url: "https://github.com/securego/gosec.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-go-vulncheck: makefile-go-vulncheck:
key: "{{ .SourceArgs.url }}" <<: *git-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^GO_VULNCHECK_VER\?=(?P<Version>v?[0-9\.]+)\s*$' regexp: '^GO_VULNCHECK_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "git-tag"
sourceArgs: sourceArgs:
url: "https://go.googlesource.com/vuln.git" url: "https://go.googlesource.com/vuln.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-markdown-lint: makefile-markdown-lint:
key: "{{ .SourceArgs.repo }}" <<: *registry-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^MARKDOWN_LINT_VER\?=(?P<Version>v?[0-9\.]+)\s*$' regexp: '^MARKDOWN_LINT_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/davidanson/markdownlint-cli2" repo: "docker.io/davidanson/markdownlint-cli2"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-osv-scanner: makefile-osv-scanner:
key: "{{ .SourceArgs.url }}" <<: *git-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^OSV_SCANNER_VER\?=(?P<Version>v?[0-9\.]+)\s*$' regexp: '^OSV_SCANNER_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "git-tag"
sourceArgs: sourceArgs:
url: "https://github.com/google/osv-scanner.git" url: "https://github.com/google/osv-scanner.git"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-staticcheck: makefile-staticcheck:
key: "{{ .SourceArgs.url }}" <<: *git-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^STATICCHECK_VER\?=(?P<Version>v?[0-9\.]+)\s*$' regexp: '^STATICCHECK_VER\?=(?P<Version>v?[0-9\.]+)\s*$'
source: "git-tag"
sourceArgs: sourceArgs:
url: "https://github.com/dominikh/go-tools.git" url: "https://github.com/dominikh/go-tools.git"
filter: filter:
# ignore versions without a preceding "v" # repo also has dated tags, ignore versions without a preceding "v"
expr: '^v\d+\.\d+\.\d+$' expr: '^v\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-syft-container-tag: makefile-syft-container-tag:
key: "{{ .SourceArgs.repo }}" <<: *registry-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^SYFT_CONTAINER\?=(?P<Repo>[^:]*):(?P<Version>v?[0-9\.]+)@(?P<Digest>sha256:[0-9a-f]+)\s*$' regexp: '^SYFT_CONTAINER\?=(?P<Repo>[^:]*):(?P<Version>v?[0-9\.]+)@(?P<Digest>sha256:[0-9a-f]+)\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "{{ .ScanMatch.Repo }}" repo: "{{ .ScanMatch.Repo }}"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
makefile-syft-container-digest: makefile-syft-container-digest:
key: "{{ .SourceArgs.image }}" <<: *registry-digest
scan: "regexp"
scanArgs: scanArgs:
regexp: '^SYFT_CONTAINER\?=(?P<Image>[^:]*):(?P<Tag>v?[0-9\.]+)@(?P<Version>sha256:[0-9a-f]+)\s*$' regexp: '^SYFT_CONTAINER\?=(?P<Image>[^:]*):(?P<Tag>v?[0-9\.]+)@(?P<Version>sha256:[0-9a-f]+)\s*$'
source: "registry-digest"
sourceArgs: sourceArgs:
image: "{{ .ScanMatch.Image }}:{{.ScanMatch.Tag}}" image: "{{ .ScanMatch.Image }}:{{.ScanMatch.Tag}}"
makefile-syft-version: makefile-syft-version:
key: "{{ .SourceArgs.repo }}" <<: *registry-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^SYFT_VERSION\?=(?P<Version>v[0-9\.]+)\s*$' regexp: '^SYFT_VERSION\?=(?P<Version>v[0-9\.]+)\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/anchore/syft" repo: "docker.io/anchore/syft"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
osv-golang-release: osv-golang-release:
key: "{{ .SourceArgs.repo }}" <<: *registry-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^GoVersionOverride = "(?P<Version>v?[0-9\.]+)"\s*$' regexp: '^GoVersionOverride = "(?P<Version>v?[0-9\.]+)"\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/library/golang" repo: "docker.io/library/golang"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
shell-alpine-tag-base: shell-alpine-tag-base:
key: "{{ .SourceArgs.repo }}" <<: *registry-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s*ALPINE_NAME="alpine:(?P<Version>v?\d+)"\s*$' regexp: '^\s*ALPINE_NAME="alpine:(?P<Version>v?\d+)"\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/library/alpine" repo: "docker.io/library/alpine"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
# only return the major version number in the tag to support detecting a change in the base image # only return the major version number in the tag to support detecting a change in the base image
template: '{{ index ( split .Version "." ) 0 }}' template: '{{ index ( split .Version "." ) 0 }}'
shell-alpine-tag-comment: shell-alpine-tag-comment:
key: "{{ .SourceArgs.repo }}" <<: *registry-tag-semver
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s*ALPINE_DIGEST="(?P<Digest>sha256:[0-9a-f]+)"\s*#\s*(?P<Version>v?\d+\.\d+\.\d+)\s*$' regexp: '^\s*ALPINE_DIGEST="(?P<Digest>sha256:[0-9a-f]+)"\s*#\s*(?P<Version>v?\d+\.\d+\.\d+)\s*$'
source: "registry-tag"
sourceArgs: sourceArgs:
repo: "docker.io/library/alpine" repo: "docker.io/library/alpine"
filter:
expr: '^v?\d+\.\d+\.\d+$'
sort:
method: "semver"
shell-alpine-digest: shell-alpine-digest:
key: "{{ .SourceArgs.image }}" <<: *registry-digest
scan: "regexp"
scanArgs: scanArgs:
regexp: '^\s*ALPINE_DIGEST="(?P<Version>sha256:[0-9a-f]+)"\s*#\s*(?P<Tag>\d+\.\d+\.\d+)\s*$' regexp: '^\s*ALPINE_DIGEST="(?P<Version>sha256:[0-9a-f]+)"\s*#\s*(?P<Tag>\d+\.\d+\.\d+)\s*$'
source: "registry-digest"
sourceArgs: sourceArgs:
image: "docker.io/library/alpine:{{ .ScanMatch.Tag }}" image: "docker.io/library/alpine:{{ .ScanMatch.Tag }}"