From 20db648c62633271d0f71941b3ebb9d42f3baf28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Sat, 29 Jun 2024 07:27:27 -0400 Subject: [PATCH] Configure renovate updates for more docker images (#3700) * Configure renovate for terraform linters * Build * Configure renovate for protobuf linters * Uniformize other version variable names and newlines * Build * Configure renovate for dockerfile linters * Configure renovate for kubernetes linters * Configure renovate for action linters * Build * Configure renovate for some repository linters * Build * Configure renovate for SPELL_VALE * Build --- Dockerfile | 63 +++++++++++-------- flavors/c_cpp/Dockerfile | 42 ++++++++----- flavors/ci_light/Dockerfile | 17 +++-- flavors/cupcake/Dockerfile | 55 +++++++++------- flavors/documentation/Dockerfile | 42 ++++++++----- flavors/dotnet/Dockerfile | 42 ++++++++----- flavors/dotnetweb/Dockerfile | 42 ++++++++----- flavors/formatters/Dockerfile | 5 +- flavors/go/Dockerfile | 43 ++++++++----- flavors/java/Dockerfile | 42 ++++++++----- flavors/javascript/Dockerfile | 42 ++++++++----- flavors/php/Dockerfile | 43 ++++++++----- flavors/python/Dockerfile | 43 ++++++++----- flavors/ruby/Dockerfile | 42 ++++++++----- flavors/rust/Dockerfile | 42 ++++++++----- flavors/salesforce/Dockerfile | 42 ++++++++----- flavors/security/Dockerfile | 39 +++++++----- flavors/swift/Dockerfile | 42 ++++++++----- flavors/terraform/Dockerfile | 61 +++++++++++------- linters/action_actionlint/Dockerfile | 11 ++-- linters/bash_shellcheck/Dockerfile | 5 +- linters/dockerfile_hadolint/Dockerfile | 5 +- .../Dockerfile | 5 +- linters/go_revive/Dockerfile | 1 - linters/kubernetes_kubeconform/Dockerfile | 5 +- linters/kubernetes_kubescape/Dockerfile | 1 - linters/protobuf_protolint/Dockerfile | 5 +- linters/repository_dustilock/Dockerfile | 1 - linters/repository_gitleaks/Dockerfile | 5 +- linters/repository_kics/Dockerfile | 5 +- linters/repository_trufflehog/Dockerfile | 5 +- linters/spell_vale/Dockerfile | 5 +- linters/terraform_terraform_fmt/Dockerfile | 5 +- linters/terraform_terragrunt/Dockerfile | 5 +- linters/terraform_terrascan/Dockerfile | 5 +- linters/terraform_tflint/Dockerfile | 5 +- .../action.megalinter-descriptor.yml | 14 +++-- .../bash.megalinter-descriptor.yml | 5 +- .../dockerfile.megalinter-descriptor.yml | 5 +- .../editorconfig.megalinter-descriptor.yml | 6 +- .../descriptors/go.megalinter-descriptor.yml | 2 +- .../kubernetes.megalinter-descriptor.yml | 7 ++- .../protobuf.megalinter-descriptor.yml | 5 +- .../repository.megalinter-descriptor.yml | 18 ++++-- .../spell.megalinter-descriptor.yml | 5 +- .../terraform.megalinter-descriptor.yml | 21 +++++-- 46 files changed, 589 insertions(+), 367 deletions(-) diff --git a/Dockerfile b/Dockerfile index e68ad87ada2..c5166527dc4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,52 +11,66 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=checkmarx/kics +ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint -ARG TFLINT_VERSION=0.51.1 - +ARG TERRAFORM_TFLINT_VERSION=0.51.1 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRASCAN_VERSION=1.18.11 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM golang:1-alpine as revive ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787) ## for the released revive binaries not returning version numbers (devel). ## The install command should then be what is commented in the go.megalinter-descriptor.yml RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest - -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM ghcr.io/assignuser/chktex-alpine:latest as chktex -FROM yoheimuta/protolint:latest as protolint +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM golang:alpine as dustilock RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 - -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM checkmarx/kics:alpine as kics -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee -FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint -FROM tenable/terrascan:1.18.11 as terrascan -FROM alpine/terragrunt:latest as terragrunt +FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint +FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt # Next FROM line commented because already managed by another linter -# FROM alpine/terragrunt:latest as terragrunt +# FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## @@ -332,7 +346,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ COPY --from=composer/composer:2-bin /composer /usr/bin/composer COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/c_cpp/Dockerfile b/flavors/c_cpp/Dockerfile index 86256b4538f..5c50a2f7e55 100644 --- a/flavors/c_cpp/Dockerfile +++ b/flavors/c_cpp/Dockerfile @@ -12,32 +12,43 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -217,7 +228,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/ci_light/Dockerfile b/flavors/ci_light/Dockerfile index a055ac5ca18..29a7c88c32a 100644 --- a/flavors/ci_light/Dockerfile +++ b/flavors/ci_light/Dockerfile @@ -12,20 +12,25 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog #FROM__END ################## diff --git a/flavors/cupcake/Dockerfile b/flavors/cupcake/Dockerfile index 263f34a16fc..92fb6c94eb2 100644 --- a/flavors/cupcake/Dockerfile +++ b/flavors/cupcake/Dockerfile @@ -12,46 +12,57 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=checkmarx/kics +ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint -ARG TFLINT_VERSION=0.51.1 - +ARG TERRAFORM_TFLINT_VERSION=0.51.1 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRASCAN_VERSION=1.18.11 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM golang:1-alpine as revive ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787) ## for the released revive binaries not returning version numbers (devel). ## The install command should then be what is commented in the go.megalinter-descriptor.yml RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest - -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM checkmarx/kics:alpine as kics -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM lycheeverse/lychee:latest-alpine as lychee -FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint -FROM tenable/terrascan:1.18.11 as terrascan -FROM alpine/terragrunt:latest as terragrunt +FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint +FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt # Next FROM line commented because already managed by another linter -# FROM alpine/terragrunt:latest as terragrunt +# FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## @@ -286,7 +297,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ COPY --from=composer/composer:2-bin /composer /usr/bin/composer COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck @@ -463,7 +473,6 @@ RUN wget --quiet https://github.com/pmd/pmd/releases/download/pmd_releases%2F${P && ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \ curl --retry 5 --retry-delay 5 -sLv https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash -s -- -v v2.9.0 - # phpcs installation RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && composer global require squizlabs/php_codesniffer bartlett/sarif-php-sdk diff --git a/flavors/documentation/Dockerfile b/flavors/documentation/Dockerfile index 3b1e6075b87..e72189705d6 100644 --- a/flavors/documentation/Dockerfile +++ b/flavors/documentation/Dockerfile @@ -12,32 +12,43 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -215,7 +226,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/dotnet/Dockerfile b/flavors/dotnet/Dockerfile index 68eb4ded89e..30155d2e308 100644 --- a/flavors/dotnet/Dockerfile +++ b/flavors/dotnet/Dockerfile @@ -12,32 +12,43 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -229,7 +240,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/dotnetweb/Dockerfile b/flavors/dotnetweb/Dockerfile index 24e8e3d9ba6..f021c97d463 100644 --- a/flavors/dotnetweb/Dockerfile +++ b/flavors/dotnetweb/Dockerfile @@ -12,32 +12,43 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -251,7 +262,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/formatters/Dockerfile b/flavors/formatters/Dockerfile index 1f09704a922..353579b3b9b 100644 --- a/flavors/formatters/Dockerfile +++ b/flavors/formatters/Dockerfile @@ -12,7 +12,8 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# @@ -20,7 +21,7 @@ ############################################################################################# #FROM__START FROM mvdan/shfmt:latest-alpine as shfmt -FROM alpine/terragrunt:latest as terragrunt +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## diff --git a/flavors/go/Dockerfile b/flavors/go/Dockerfile index d9b7a2f6105..423c62f3af0 100644 --- a/flavors/go/Dockerfile +++ b/flavors/go/Dockerfile @@ -12,38 +12,48 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM golang:1-alpine as revive ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787) ## for the released revive binaries not returning version numbers (devel). ## The install command should then be what is commented in the go.megalinter-descriptor.yml RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest - -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -222,7 +232,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/java/Dockerfile b/flavors/java/Dockerfile index 54bd53e4d5c..df17bac5beb 100644 --- a/flavors/java/Dockerfile +++ b/flavors/java/Dockerfile @@ -12,32 +12,43 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -218,7 +229,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/javascript/Dockerfile b/flavors/javascript/Dockerfile index 86e61964ef1..3da3706f05d 100644 --- a/flavors/javascript/Dockerfile +++ b/flavors/javascript/Dockerfile @@ -12,32 +12,43 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -239,7 +250,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/php/Dockerfile b/flavors/php/Dockerfile index f6eceecc713..4ce7c1c6e50 100644 --- a/flavors/php/Dockerfile +++ b/flavors/php/Dockerfile @@ -12,32 +12,43 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -230,7 +241,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ COPY --from=composer/composer:2-bin /composer /usr/bin/composer COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck @@ -320,7 +330,6 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel && ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \ curl --retry 5 --retry-delay 5 -sLv https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash -s -- -v v2.9.0 - # phpcs installation RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && composer global require squizlabs/php_codesniffer bartlett/sarif-php-sdk diff --git a/flavors/python/Dockerfile b/flavors/python/Dockerfile index 130dc452604..43a28161b99 100644 --- a/flavors/python/Dockerfile +++ b/flavors/python/Dockerfile @@ -12,32 +12,43 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -227,7 +238,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck @@ -298,7 +308,6 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel && ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \ curl --retry 5 --retry-delay 5 -sLv https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash -s -- -v v2.9.0 - # protolint installation # Managed with COPY --link --from=protolint /usr/local/bin/protolint /usr/bin/ diff --git a/flavors/ruby/Dockerfile b/flavors/ruby/Dockerfile index aa01464794f..d95756761fa 100644 --- a/flavors/ruby/Dockerfile +++ b/flavors/ruby/Dockerfile @@ -12,32 +12,43 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -221,7 +232,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/rust/Dockerfile b/flavors/rust/Dockerfile index 739d6d03181..78e56b7c833 100644 --- a/flavors/rust/Dockerfile +++ b/flavors/rust/Dockerfile @@ -12,32 +12,43 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -215,7 +226,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/salesforce/Dockerfile b/flavors/salesforce/Dockerfile index 99da47f72a1..22330f1c436 100644 --- a/flavors/salesforce/Dockerfile +++ b/flavors/salesforce/Dockerfile @@ -12,32 +12,43 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -228,7 +239,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/security/Dockerfile b/flavors/security/Dockerfile index 1099442cd76..f802f4cb86b 100644 --- a/flavors/security/Dockerfile +++ b/flavors/security/Dockerfile @@ -12,30 +12,41 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=checkmarx/kics +ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint -ARG TFLINT_VERSION=0.51.1 - +ARG TERRAFORM_TFLINT_VERSION=0.51.1 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRASCAN_VERSION=1.18.11 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM koalaman/shellcheck:stable as shellcheck -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM golang:alpine as dustilock RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 - -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM checkmarx/kics:alpine as kics -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint -FROM tenable/terrascan:1.18.11 as terrascan -FROM alpine/terragrunt:latest as terragrunt +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint +FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## diff --git a/flavors/swift/Dockerfile b/flavors/swift/Dockerfile index 7a51a242afe..e7834c60a3b 100644 --- a/flavors/swift/Dockerfile +++ b/flavors/swift/Dockerfile @@ -12,32 +12,43 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END @@ -217,7 +228,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/terraform/Dockerfile b/flavors/terraform/Dockerfile index 25f279f5fb2..e1fd3069c02 100644 --- a/flavors/terraform/Dockerfile +++ b/flavors/terraform/Dockerfile @@ -12,42 +12,58 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=checkmarx/kics +ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint -ARG TFLINT_VERSION=0.51.1 - +ARG TERRAFORM_TFLINT_VERSION=0.51.1 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRASCAN_VERSION=1.18.11 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks -FROM checkmarx/kics:alpine as kics -FROM trufflesecurity/trufflehog:latest as trufflehog -FROM jdkato/vale:latest as vale +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks +FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee -FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint -FROM tenable/terrascan:1.18.11 as terrascan -FROM alpine/terragrunt:latest as terragrunt +FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint +FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt # Next FROM line commented because already managed by another linter -# FROM alpine/terragrunt:latest as terragrunt +# FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## @@ -224,7 +240,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/linters/action_actionlint/Dockerfile b/linters/action_actionlint/Dockerfile index fdcc9c2c3cd..4c29a6680b5 100644 --- a/linters/action_actionlint/Dockerfile +++ b/linters/action_actionlint/Dockerfile @@ -11,17 +11,19 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck #FROM__END ################## @@ -129,7 +131,6 @@ ENV PATH="/node-deps/node_modules/.bin:${PATH}" \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck #COPY__END diff --git a/linters/bash_shellcheck/Dockerfile b/linters/bash_shellcheck/Dockerfile index 7602c815ef2..ff543462e5c 100644 --- a/linters/bash_shellcheck/Dockerfile +++ b/linters/bash_shellcheck/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck #FROM__END ################## diff --git a/linters/dockerfile_hadolint/Dockerfile b/linters/dockerfile_hadolint/Dockerfile index 9437fe7b12b..119c65d1c72 100644 --- a/linters/dockerfile_hadolint/Dockerfile +++ b/linters/dockerfile_hadolint/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint #FROM__END ################## diff --git a/linters/editorconfig_editorconfig_checker/Dockerfile b/linters/editorconfig_editorconfig_checker/Dockerfile index 5de719e6bc9..5d78121eb17 100644 --- a/linters/editorconfig_editorconfig_checker/Dockerfile +++ b/linters/editorconfig_editorconfig_checker/Dockerfile @@ -12,15 +12,14 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker #FROM__END ################## diff --git a/linters/go_revive/Dockerfile b/linters/go_revive/Dockerfile index 116a8ad0bf6..7225e7665ba 100644 --- a/linters/go_revive/Dockerfile +++ b/linters/go_revive/Dockerfile @@ -23,7 +23,6 @@ FROM golang:1-alpine as revive ## for the released revive binaries not returning version numbers (devel). ## The install command should then be what is commented in the go.megalinter-descriptor.yml RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest - #FROM__END ################## diff --git a/linters/kubernetes_kubeconform/Dockerfile b/linters/kubernetes_kubeconform/Dockerfile index 8f431480567..8c426d1cfec 100644 --- a/linters/kubernetes_kubeconform/Dockerfile +++ b/linters/kubernetes_kubeconform/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform #FROM__END ################## diff --git a/linters/kubernetes_kubescape/Dockerfile b/linters/kubernetes_kubescape/Dockerfile index 352525f17f1..afc77ecf39a 100644 --- a/linters/kubernetes_kubescape/Dockerfile +++ b/linters/kubernetes_kubescape/Dockerfile @@ -137,7 +137,6 @@ ENV PATH="/node-deps/node_modules/.bin:${PATH}" \ RUN ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \ curl --retry 5 --retry-delay 5 -sLv https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash -s -- -v v2.9.0 - #OTHER__END ################################ diff --git a/linters/protobuf_protolint/Dockerfile b/linters/protobuf_protolint/Dockerfile index 9952672a613..b7df2a23e38 100644 --- a/linters/protobuf_protolint/Dockerfile +++ b/linters/protobuf_protolint/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM yoheimuta/protolint:latest as protolint +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint #FROM__END ################## diff --git a/linters/repository_dustilock/Dockerfile b/linters/repository_dustilock/Dockerfile index eaf0d3d8c0f..924be833b8e 100644 --- a/linters/repository_dustilock/Dockerfile +++ b/linters/repository_dustilock/Dockerfile @@ -20,7 +20,6 @@ #FROM__START FROM golang:alpine as dustilock RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 - #FROM__END ################## diff --git a/linters/repository_gitleaks/Dockerfile b/linters/repository_gitleaks/Dockerfile index a47acfeaf75..79c64dfbfb5 100644 --- a/linters/repository_gitleaks/Dockerfile +++ b/linters/repository_gitleaks/Dockerfile @@ -12,15 +12,14 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks #FROM__END ################## diff --git a/linters/repository_kics/Dockerfile b/linters/repository_kics/Dockerfile index 83ac8e6fb12..a55620b3c51 100644 --- a/linters/repository_kics/Dockerfile +++ b/linters/repository_kics/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=checkmarx/kics +ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM checkmarx/kics:alpine as kics +FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics #FROM__END ################## diff --git a/linters/repository_trufflehog/Dockerfile b/linters/repository_trufflehog/Dockerfile index c83ddc62a15..c5abfdf3221 100644 --- a/linters/repository_trufflehog/Dockerfile +++ b/linters/repository_trufflehog/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog #FROM__END ################## diff --git a/linters/spell_vale/Dockerfile b/linters/spell_vale/Dockerfile index b672419506d..aef6e48ab39 100644 --- a/linters/spell_vale/Dockerfile +++ b/linters/spell_vale/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale #FROM__END ################## diff --git a/linters/terraform_terraform_fmt/Dockerfile b/linters/terraform_terraform_fmt/Dockerfile index 3652bf90d6d..67823019796 100644 --- a/linters/terraform_terraform_fmt/Dockerfile +++ b/linters/terraform_terraform_fmt/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM alpine/terragrunt:latest as terragrunt +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## diff --git a/linters/terraform_terragrunt/Dockerfile b/linters/terraform_terragrunt/Dockerfile index f0e48fc39c8..3b955d1d8e6 100644 --- a/linters/terraform_terragrunt/Dockerfile +++ b/linters/terraform_terragrunt/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM alpine/terragrunt:latest as terragrunt +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## diff --git a/linters/terraform_terrascan/Dockerfile b/linters/terraform_terrascan/Dockerfile index 6c4aa33dc2d..da4f3b4fc2e 100644 --- a/linters/terraform_terrascan/Dockerfile +++ b/linters/terraform_terrascan/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRASCAN_VERSION=1.18.11 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM tenable/terrascan:1.18.11 as terrascan +FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan #FROM__END ################## diff --git a/linters/terraform_tflint/Dockerfile b/linters/terraform_tflint/Dockerfile index cc222525428..3cb3a4105d9 100644 --- a/linters/terraform_tflint/Dockerfile +++ b/linters/terraform_tflint/Dockerfile @@ -12,15 +12,14 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint -ARG TFLINT_VERSION=0.51.1 - +ARG TERRAFORM_TFLINT_VERSION=0.51.1 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint +FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint #FROM__END ################## diff --git a/megalinter/descriptors/action.megalinter-descriptor.yml b/megalinter/descriptors/action.megalinter-descriptor.yml index 8ec25aee512..724fcafcc4c 100644 --- a/megalinter/descriptors/action.megalinter-descriptor.yml +++ b/megalinter/descriptors/action.megalinter-descriptor.yml @@ -28,11 +28,17 @@ linters: apk: - py3-pyflakes dockerfile: - - | - FROM rhysd/actionlint:latest as actionlint + - |- + # renovate: datasource=docker depName=rhysd/actionlint + ARG ACTION_ACTIONLINT_VERSION=1.7.1 + - |- + # renovate: datasource=docker depName=koalaman/shellcheck + ARG BASH_SHELLCHECK_VERSION=v0.10.0 + - |- + FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - - FROM koalaman/shellcheck:stable as shellcheck - - | + - FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck + - |- COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/megalinter/descriptors/bash.megalinter-descriptor.yml b/megalinter/descriptors/bash.megalinter-descriptor.yml index 1c568d28556..8589006bcfd 100644 --- a/megalinter/descriptors/bash.megalinter-descriptor.yml +++ b/megalinter/descriptors/bash.megalinter-descriptor.yml @@ -78,7 +78,10 @@ linters: - shellcheck-sarif dockerfile: # Also update shellcheck version in action.megalinter-descriptor.yml - - FROM koalaman/shellcheck:stable as shellcheck + - |- + # renovate: datasource=docker depName=koalaman/shellcheck + ARG BASH_SHELLCHECK_VERSION=v0.10.0 + - FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck ide: atom: diff --git a/megalinter/descriptors/dockerfile.megalinter-descriptor.yml b/megalinter/descriptors/dockerfile.megalinter-descriptor.yml index f463701e671..1d755f2cc4b 100644 --- a/megalinter/descriptors/dockerfile.megalinter-descriptor.yml +++ b/megalinter/descriptors/dockerfile.megalinter-descriptor.yml @@ -37,7 +37,10 @@ linters: - "hadolint --config .hadolint.yml Dockerfile" install: dockerfile: - - FROM hadolint/hadolint:v2.12.0-alpine as hadolint + - |- + # renovate: datasource=docker depName=hadolint/hadolint + ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine + - FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint - COPY --link --from=hadolint /bin/hadolint /usr/bin/hadolint ide: atom: diff --git a/megalinter/descriptors/editorconfig.megalinter-descriptor.yml b/megalinter/descriptors/editorconfig.megalinter-descriptor.yml index 1f40441536c..a342e101d89 100644 --- a/megalinter/descriptors/editorconfig.megalinter-descriptor.yml +++ b/megalinter/descriptors/editorconfig.megalinter-descriptor.yml @@ -25,8 +25,8 @@ linters: - "editorconfig-checker myfile.js" install: dockerfile: - - | + - |- # renovate: datasource=docker depName=mstruebing/editorconfig-checker - ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - - FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker + ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 + - FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker - COPY --link --from=editorconfig-checker /usr/bin/ec /usr/bin/editorconfig-checker diff --git a/megalinter/descriptors/go.megalinter-descriptor.yml b/megalinter/descriptors/go.megalinter-descriptor.yml index ad7fa7338ee..ac33ccea8f4 100644 --- a/megalinter/descriptors/go.megalinter-descriptor.yml +++ b/megalinter/descriptors/go.megalinter-descriptor.yml @@ -80,7 +80,7 @@ linters: ## Until "FROM ghcr.io/mgechev/revive:1.2.5 as revive" is available, use # - FROM ghcr.io/mgechev/revive:1.2.5 as revive # - COPY --link --from=revive /usr/bin/revive /usr/bin/revive - - | + - |- FROM golang:1-alpine as revive ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787) ## for the released revive binaries not returning version numbers (devel). diff --git a/megalinter/descriptors/kubernetes.megalinter-descriptor.yml b/megalinter/descriptors/kubernetes.megalinter-descriptor.yml index 0197f64dac2..18d74696453 100644 --- a/megalinter/descriptors/kubernetes.megalinter-descriptor.yml +++ b/megalinter/descriptors/kubernetes.megalinter-descriptor.yml @@ -38,7 +38,10 @@ linters: - kubeconform -ignore-missing-schemas -skip SomeCRD,AnotherCRD -kubernetes-version '1.18.0' -strict myfile.yml install: dockerfile: - - FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform + - |- + # renovate: datasource=docker depName=ghcr.io/yannh/kubeconform + ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine + - FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform - COPY --link --from=kubeconform /kubeconform /usr/bin/ # HELM LINT @@ -110,6 +113,6 @@ linters: - libc6-compat - libstdc++ dockerfile: - - | + - |- RUN ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \ curl --retry 5 --retry-delay 5 -sLv https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash -s -- -v v2.9.0 diff --git a/megalinter/descriptors/protobuf.megalinter-descriptor.yml b/megalinter/descriptors/protobuf.megalinter-descriptor.yml index 9d2ffe6cdff..1a824c85809 100644 --- a/megalinter/descriptors/protobuf.megalinter-descriptor.yml +++ b/megalinter/descriptors/protobuf.megalinter-descriptor.yml @@ -25,7 +25,10 @@ linters: - "protolint lint -fix --config_path .protolintrc.yml myfile.proto" install: dockerfile: - - FROM yoheimuta/protolint:latest as protolint + - |- + # renovate: datasource=docker depName=yoheimuta/protolint + ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 + - FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint - COPY --link --from=protolint /usr/local/bin/protolint /usr/bin/ ide: idea: diff --git a/megalinter/descriptors/repository.megalinter-descriptor.yml b/megalinter/descriptors/repository.megalinter-descriptor.yml index 357b0c8f93f..7b09afdc89b 100644 --- a/megalinter/descriptors/repository.megalinter-descriptor.yml +++ b/megalinter/descriptors/repository.megalinter-descriptor.yml @@ -136,7 +136,7 @@ linters: dockerfile: # The golang image used as a builder is a temporary workaround # Dustilock is not released as a binary or container - - | + - |- FROM golang:alpine as dustilock RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 - COPY --link --from=dustilock /usr/bin/dustilock /usr/bin/dustilock @@ -246,10 +246,10 @@ linters: - "gitleaks detect -c .gitleaks.toml --redact --no-git --verbose --source ." install: dockerfile: - - | + - |- # renovate: datasource=docker depName=zricethezav/gitleaks - ARG GITLEAKS_VERSION=v8.18.4 - - FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks + ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 + - FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks - COPY --link --from=gitleaks /usr/bin/gitleaks /usr/bin/ variables: - name: REPOSITORY_GITLEAKS_PR_COMMITS_SCAN @@ -334,7 +334,10 @@ linters: - "kics scan --path ." install: dockerfile: - - FROM checkmarx/kics:alpine as kics + - |- + # renovate: datasource=docker depName=checkmarx/kics + ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine + - FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics - COPY --link --from=kics /app/bin/kics /usr/bin/kics - ENV KICS_QUERIES_PATH=/usr/bin/assets/queries KICS_LIBRARIES_PATH=/usr/bin/assets/libraries - COPY --from=kics /app/bin/assets /usr/bin/assets @@ -608,6 +611,9 @@ linters: - "trufflehog filesystem ." install: dockerfile: - - FROM trufflesecurity/trufflehog:latest as trufflehog + - |- + # renovate: datasource=docker depName=trufflesecurity/trufflehog + ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 + - FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog - COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ test_folder: gitleaks diff --git a/megalinter/descriptors/spell.megalinter-descriptor.yml b/megalinter/descriptors/spell.megalinter-descriptor.yml index 01120c47932..4b87a17044f 100644 --- a/megalinter/descriptors/spell.megalinter-descriptor.yml +++ b/megalinter/descriptors/spell.megalinter-descriptor.yml @@ -121,7 +121,10 @@ linters: test_folder: spell_vale install: dockerfile: - - FROM jdkato/vale:latest as vale + - |- + # renovate: datasource=docker depName= + ARG SPELL_VALE_VERSION=v3.6.0 + - FROM jdkato/vale:${SPELL_VALE_VERSION} as vale - COPY --link --from=vale /bin/vale /bin/vale ide: emacs: diff --git a/megalinter/descriptors/terraform.megalinter-descriptor.yml b/megalinter/descriptors/terraform.megalinter-descriptor.yml index ec423209ab6..d681345627b 100644 --- a/megalinter/descriptors/terraform.megalinter-descriptor.yml +++ b/megalinter/descriptors/terraform.megalinter-descriptor.yml @@ -43,10 +43,10 @@ linters: - "tflint -c .tflint.hcl" install: dockerfile: - - | + - |- # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint - ARG TFLINT_VERSION=0.51.1 - - FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint + ARG TERRAFORM_TFLINT_VERSION=0.51.1 + - FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint - COPY --link --from=tflint /usr/local/bin/tflint /usr/bin/ # TERRASCAN @@ -87,7 +87,10 @@ linters: downgraded_reason: https://github.com/tenable/terrascan/issues/1674 install: dockerfile: - - FROM tenable/terrascan:1.18.11 as terrascan + - |- + # renovate: datasource=docker depName=alpine/terragrunt + ARG TERRAFORM_TERRASCAN_VERSION=1.18.11 + - FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan - COPY --link --from=terrascan /go/bin/terrascan /usr/bin/ # TERRAGRUNT @@ -122,7 +125,10 @@ linters: - "terragrunt hclfmt --terragrunt-check --terragrunt-config terragrunt.hcl --terragrunt-hclfmt-file myfile.hcl" install: dockerfile: - - FROM alpine/terragrunt:latest as terragrunt + - |- + # renovate: datasource=docker depName=alpine/terragrunt + ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 + - FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt - COPY --link --from=terragrunt /usr/local/bin/terragrunt /usr/bin/ # TERRAFORM_FMT @@ -145,7 +151,10 @@ linters: - "terraform fmt myfile.tf" install: dockerfile: - - FROM alpine/terragrunt:latest as terragrunt + - |- + # renovate: datasource=docker depName=alpine/terragrunt + ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 + - FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt - COPY --link --from=terragrunt /bin/terraform /usr/bin/ ide: atom: