fix: update em all

.github/workflows/release.yaml

@@ -1,4 +1,4 @@
-name: Publish Container Images
+name: Release
 
 on:
   push:
@@ -9,124 +9,10 @@ on:
   pull_request:
 
 jobs:
-  docker:
-    runs-on: ubuntu-latest
-
-    permissions:
-      actions: none
-      checks: none
-      contents: none
-      deployments: none
-      issues: none
-      packages: write
-      pull-requests: none
-      repository-projects: none
-      security-events: write
-      statuses: none
-      id-token: write # needed for signing the images with GitHub OIDC using cosign
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Install Cosign
-        uses: sigstore/[email protected]
-
-      - name: Prepare additional Metadata
-        id: additional_meta
-        run: |
-          echo created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') >> $GITHUB_OUTPUT
-
-      - name: Prepare Image Metadata
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: |
-            ghcr.io/radiorabe/s2i-python
-          tags: |
-            type=schedule
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-          labels: |
-            name=s21-python-minimal
-            summary=${{ github.event.repository.description }}
-            url=${{ github.event.repository.html_url }}
-            vcs-ref=${{ github.sha }}
-            revision=${{ github.sha }}
-            release=${{ github.sha }}
-            build-date=${{ steps.additional_meta.outputs.created }}
-            io.k8s.display-name=RaBe S2I Python Minimal
-            io.k8s.description=${{ github.event.repository.description }}
-            io.openshift.tags=minimal rhel8 rabe s2i python python39
-            version=1
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Verify signature and annotations on images in Dockerfile using cosign
-        run: cosign dockerfile verify --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp 'https://github.com/radiorabe/container-image-rabe-s2i-base-minimal/.*' Dockerfile > /dev/null
-
-      - name: Build Container Image
-        id: docker_build
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          file: ./Dockerfile
-          platforms: linux/amd64
-          load: true
-          push: false
-          tags: ${{ steps.meta.outputs.tags }}
-          cache-to: type=gha,mode=max
-          labels: |
-            ${{ steps.meta.outputs.labels }}
-            version=${{ steps.meta.outputs.version }}
-        env:
-          DOCKER_CONTENT_TRUST: 1
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: 'ghcr.io/radiorabe/s2i-python:${{ steps.meta.outputs.version }}'
-          format: 'sarif'
-          ignore-unfixed: true
-          output: 'trivy-results.sarif'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        if: always()
-        with:
-          sarif_file: 'trivy-results.sarif'
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
-        if: github.event_name != 'pull_request'
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Push Container Image
-        id: docker_push
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          file: ./Dockerfile
-          platforms: linux/amd64
-          push: ${{ github.event_name != 'pull_request' && startsWith(github.event.ref, 'refs/tags/v') }}
-          tags: ${{ steps.meta.outputs.tags }}
-          cache-from: type=gha
-          labels: |
-            ${{ steps.meta.outputs.labels }}
-            version=${{ steps.meta.outputs.version }}
-        env:
-          DOCKER_CONTENT_TRUST: 1
-
-      - name: Sign the images with GitHub OIDC Token using cosign
-        run: cosign sign --yes ghcr.io/radiorabe/s2i-python@${{ steps.docker_push.outputs.digest }}
-        if: ${{ github.event_name != 'pull_request' && startsWith(github.event.ref, 'refs/tags/v') }}
+  release-container:
+    uses: radiorabe/actions/.github/workflows/[email protected]
+    with:
+      image: ghcr.io/radiorabe/s2i-python
+      name: s2i-python
+      display-name: RaBe S2I Python Minimal
+      tags: minimal rhel8 rabe s2i python python311

.github/workflows/schedule.yaml

@@ -7,6 +7,6 @@ on:
 
 jobs:
   call-workflow:
-    uses: radiorabe/actions/.github/workflows/schedule-trivy.yaml@main
+    uses: radiorabe/actions/.github/workflows/schedule-trivy.yaml@v0.11.1
     with:
       image-ref: 'ghcr.io/radiorabe/s2i-python:latest'

.github/workflows/semantic-release.yaml

@@ -1,4 +1,4 @@
-name: Run semantic-release
+name: Semantic Release
 
 on:
   push:
@@ -8,6 +8,6 @@ on:
 
 jobs:
   call-workflow:
-    uses: radiorabe/actions/.github/workflows/semantic-release.yaml@main
+    uses: radiorabe/actions/.github/workflows/semantic-release.yaml@v0.11.0
     secrets:
       RABE_ITREAKTION_GITHUB_TOKEN: ${{ secrets.RABE_ITREAKTION_GITHUB_TOKEN }}

Dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/radiorabe/s2i-base:2.0.0-alpha.11
+FROM ghcr.io/radiorabe/s2i-base:2.0.0-alpha.13
 
 EXPOSE 8080