From 9b213ffc1f922ada58eca6e435623aacc57a866a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 00:28:45 +0000 Subject: [PATCH 01/13] Configure renovate for terraform linters --- .../terraform.megalinter-descriptor.yml | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/megalinter/descriptors/terraform.megalinter-descriptor.yml b/megalinter/descriptors/terraform.megalinter-descriptor.yml index ec423209ab6..d681345627b 100644 --- a/megalinter/descriptors/terraform.megalinter-descriptor.yml +++ b/megalinter/descriptors/terraform.megalinter-descriptor.yml @@ -43,10 +43,10 @@ linters: - "tflint -c .tflint.hcl" install: dockerfile: - - | + - |- # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint - ARG TFLINT_VERSION=0.51.1 - - FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint + ARG TERRAFORM_TFLINT_VERSION=0.51.1 + - FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint - COPY --link --from=tflint /usr/local/bin/tflint /usr/bin/ # TERRASCAN @@ -87,7 +87,10 @@ linters: downgraded_reason: https://github.com/tenable/terrascan/issues/1674 install: dockerfile: - - FROM tenable/terrascan:1.18.11 as terrascan + - |- + # renovate: datasource=docker depName=alpine/terragrunt + ARG TERRAFORM_TERRASCAN_VERSION=1.18.11 + - FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan - COPY --link --from=terrascan /go/bin/terrascan /usr/bin/ # TERRAGRUNT @@ -122,7 +125,10 @@ linters: - "terragrunt hclfmt --terragrunt-check --terragrunt-config terragrunt.hcl --terragrunt-hclfmt-file myfile.hcl" install: dockerfile: - - FROM alpine/terragrunt:latest as terragrunt + - |- + # renovate: datasource=docker depName=alpine/terragrunt + ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 + - FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt - COPY --link --from=terragrunt /usr/local/bin/terragrunt /usr/bin/ # TERRAFORM_FMT @@ -145,7 +151,10 @@ linters: - "terraform fmt myfile.tf" install: dockerfile: - - FROM alpine/terragrunt:latest as terragrunt + - |- + # renovate: datasource=docker depName=alpine/terragrunt + ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 + - FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt - COPY --link --from=terragrunt /bin/terraform /usr/bin/ ide: atom: From f549c9ac71f3d497fed7a3205dfd115a9856c12d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 00:31:45 +0000 Subject: [PATCH 02/13] Build --- Dockerfile | 15 +++++++++------ flavors/cupcake/Dockerfile | 15 +++++++++------ flavors/formatters/Dockerfile | 5 +++-- flavors/security/Dockerfile | 13 ++++++++----- flavors/terraform/Dockerfile | 15 +++++++++------ linters/terraform_terraform_fmt/Dockerfile | 5 +++-- linters/terraform_terragrunt/Dockerfile | 5 +++-- linters/terraform_terrascan/Dockerfile | 5 +++-- linters/terraform_tflint/Dockerfile | 5 ++--- 9 files changed, 49 insertions(+), 34 deletions(-) diff --git a/Dockerfile b/Dockerfile index eb83ea16cd0..75b78c4052c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,8 +18,11 @@ ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 ARG GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint -ARG TFLINT_VERSION=0.51.1 - +ARG TERRAFORM_TFLINT_VERSION=0.51.1 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRASCAN_VERSION=1.18.11 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# @@ -52,11 +55,11 @@ FROM checkmarx/kics:alpine as kics FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee -FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint -FROM tenable/terrascan:1.18.11 as terrascan -FROM alpine/terragrunt:latest as terragrunt +FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint +FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt # Next FROM line commented because already managed by another linter -# FROM alpine/terragrunt:latest as terragrunt +# FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## diff --git a/flavors/cupcake/Dockerfile b/flavors/cupcake/Dockerfile index b811601d431..7df926a43bc 100644 --- a/flavors/cupcake/Dockerfile +++ b/flavors/cupcake/Dockerfile @@ -19,8 +19,11 @@ ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 ARG GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint -ARG TFLINT_VERSION=0.51.1 - +ARG TERRAFORM_TFLINT_VERSION=0.51.1 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRASCAN_VERSION=1.18.11 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# @@ -47,11 +50,11 @@ FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks FROM checkmarx/kics:alpine as kics FROM trufflesecurity/trufflehog:latest as trufflehog FROM lycheeverse/lychee:latest-alpine as lychee -FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint -FROM tenable/terrascan:1.18.11 as terrascan -FROM alpine/terragrunt:latest as terragrunt +FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint +FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt # Next FROM line commented because already managed by another linter -# FROM alpine/terragrunt:latest as terragrunt +# FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## diff --git a/flavors/formatters/Dockerfile b/flavors/formatters/Dockerfile index 0d578ebd1f6..497c607ab17 100644 --- a/flavors/formatters/Dockerfile +++ b/flavors/formatters/Dockerfile @@ -12,7 +12,8 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# @@ -20,7 +21,7 @@ ############################################################################################# #FROM__START FROM mvdan/shfmt:latest-alpine as shfmt -FROM alpine/terragrunt:latest as terragrunt +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## diff --git a/flavors/security/Dockerfile b/flavors/security/Dockerfile index 712141607c2..7f81f2f05c4 100644 --- a/flavors/security/Dockerfile +++ b/flavors/security/Dockerfile @@ -16,8 +16,11 @@ ARG GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint -ARG TFLINT_VERSION=0.51.1 - +ARG TERRAFORM_TFLINT_VERSION=0.51.1 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRASCAN_VERSION=1.18.11 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# @@ -33,9 +36,9 @@ RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks FROM checkmarx/kics:alpine as kics FROM trufflesecurity/trufflehog:latest as trufflehog -FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint -FROM tenable/terrascan:1.18.11 as terrascan -FROM alpine/terragrunt:latest as terragrunt +FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint +FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## diff --git a/flavors/terraform/Dockerfile b/flavors/terraform/Dockerfile index 25f279f5fb2..fbb9703f184 100644 --- a/flavors/terraform/Dockerfile +++ b/flavors/terraform/Dockerfile @@ -19,8 +19,11 @@ ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 ARG GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint -ARG TFLINT_VERSION=0.51.1 - +ARG TERRAFORM_TFLINT_VERSION=0.51.1 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRASCAN_VERSION=1.18.11 +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# @@ -43,11 +46,11 @@ FROM checkmarx/kics:alpine as kics FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee -FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint -FROM tenable/terrascan:1.18.11 as terrascan -FROM alpine/terragrunt:latest as terragrunt +FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint +FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt # Next FROM line commented because already managed by another linter -# FROM alpine/terragrunt:latest as terragrunt +# FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## diff --git a/linters/terraform_terraform_fmt/Dockerfile b/linters/terraform_terraform_fmt/Dockerfile index 3652bf90d6d..67823019796 100644 --- a/linters/terraform_terraform_fmt/Dockerfile +++ b/linters/terraform_terraform_fmt/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM alpine/terragrunt:latest as terragrunt +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## diff --git a/linters/terraform_terragrunt/Dockerfile b/linters/terraform_terragrunt/Dockerfile index f0e48fc39c8..3b955d1d8e6 100644 --- a/linters/terraform_terragrunt/Dockerfile +++ b/linters/terraform_terragrunt/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM alpine/terragrunt:latest as terragrunt +FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt #FROM__END ################## diff --git a/linters/terraform_terrascan/Dockerfile b/linters/terraform_terrascan/Dockerfile index 6c4aa33dc2d..da4f3b4fc2e 100644 --- a/linters/terraform_terrascan/Dockerfile +++ b/linters/terraform_terrascan/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=alpine/terragrunt +ARG TERRAFORM_TERRASCAN_VERSION=1.18.11 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM tenable/terrascan:1.18.11 as terrascan +FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan #FROM__END ################## diff --git a/linters/terraform_tflint/Dockerfile b/linters/terraform_tflint/Dockerfile index cc222525428..3cb3a4105d9 100644 --- a/linters/terraform_tflint/Dockerfile +++ b/linters/terraform_tflint/Dockerfile @@ -12,15 +12,14 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint -ARG TFLINT_VERSION=0.51.1 - +ARG TERRAFORM_TFLINT_VERSION=0.51.1 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM ghcr.io/terraform-linters/tflint:v${TFLINT_VERSION} as tflint +FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint #FROM__END ################## From fd62f566325b8e73021c64e7ae45b479d5e88191 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 00:38:19 +0000 Subject: [PATCH 03/13] Configure renovate for protobuf linters --- megalinter/descriptors/protobuf.megalinter-descriptor.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/megalinter/descriptors/protobuf.megalinter-descriptor.yml b/megalinter/descriptors/protobuf.megalinter-descriptor.yml index 9d2ffe6cdff..1a824c85809 100644 --- a/megalinter/descriptors/protobuf.megalinter-descriptor.yml +++ b/megalinter/descriptors/protobuf.megalinter-descriptor.yml @@ -25,7 +25,10 @@ linters: - "protolint lint -fix --config_path .protolintrc.yml myfile.proto" install: dockerfile: - - FROM yoheimuta/protolint:latest as protolint + - |- + # renovate: datasource=docker depName=yoheimuta/protolint + ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 + - FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint - COPY --link --from=protolint /usr/local/bin/protolint /usr/bin/ ide: idea: From d8f712eb12dadb55046ad864e93f93f063ed3280 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 01:01:35 +0000 Subject: [PATCH 04/13] Uniformize other version variable names and newlines --- megalinter/descriptors/action.megalinter-descriptor.yml | 4 ++-- .../descriptors/editorconfig.megalinter-descriptor.yml | 6 +++--- megalinter/descriptors/go.megalinter-descriptor.yml | 2 +- .../descriptors/repository.megalinter-descriptor.yml | 8 ++++---- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/megalinter/descriptors/action.megalinter-descriptor.yml b/megalinter/descriptors/action.megalinter-descriptor.yml index 8ec25aee512..46877fcab3c 100644 --- a/megalinter/descriptors/action.megalinter-descriptor.yml +++ b/megalinter/descriptors/action.megalinter-descriptor.yml @@ -28,11 +28,11 @@ linters: apk: - py3-pyflakes dockerfile: - - | + - |- FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck - - | + - |- COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/megalinter/descriptors/editorconfig.megalinter-descriptor.yml b/megalinter/descriptors/editorconfig.megalinter-descriptor.yml index 1f40441536c..a342e101d89 100644 --- a/megalinter/descriptors/editorconfig.megalinter-descriptor.yml +++ b/megalinter/descriptors/editorconfig.megalinter-descriptor.yml @@ -25,8 +25,8 @@ linters: - "editorconfig-checker myfile.js" install: dockerfile: - - | + - |- # renovate: datasource=docker depName=mstruebing/editorconfig-checker - ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - - FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker + ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 + - FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker - COPY --link --from=editorconfig-checker /usr/bin/ec /usr/bin/editorconfig-checker diff --git a/megalinter/descriptors/go.megalinter-descriptor.yml b/megalinter/descriptors/go.megalinter-descriptor.yml index ad7fa7338ee..ac33ccea8f4 100644 --- a/megalinter/descriptors/go.megalinter-descriptor.yml +++ b/megalinter/descriptors/go.megalinter-descriptor.yml @@ -80,7 +80,7 @@ linters: ## Until "FROM ghcr.io/mgechev/revive:1.2.5 as revive" is available, use # - FROM ghcr.io/mgechev/revive:1.2.5 as revive # - COPY --link --from=revive /usr/bin/revive /usr/bin/revive - - | + - |- FROM golang:1-alpine as revive ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787) ## for the released revive binaries not returning version numbers (devel). diff --git a/megalinter/descriptors/repository.megalinter-descriptor.yml b/megalinter/descriptors/repository.megalinter-descriptor.yml index 5a8e5c26c5a..c1942019185 100644 --- a/megalinter/descriptors/repository.megalinter-descriptor.yml +++ b/megalinter/descriptors/repository.megalinter-descriptor.yml @@ -137,7 +137,7 @@ linters: dockerfile: # The golang image used as a builder is a temporary workaround # Dustilock is not released as a binary or container - - | + - |- FROM golang:alpine as dustilock RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 - COPY --link --from=dustilock /usr/bin/dustilock /usr/bin/dustilock @@ -247,10 +247,10 @@ linters: - "gitleaks detect -c .gitleaks.toml --redact --no-git --verbose --source ." install: dockerfile: - - | + - |- # renovate: datasource=docker depName=zricethezav/gitleaks - ARG GITLEAKS_VERSION=v8.18.4 - - FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks + ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 + - FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks - COPY --link --from=gitleaks /usr/bin/gitleaks /usr/bin/ variables: - name: REPOSITORY_GITLEAKS_PR_COMMITS_SCAN From 9ff1179ac59d0beae50598767788eeef588b51d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 01:08:33 +0000 Subject: [PATCH 05/13] Build --- Dockerfile | 18 +++++++----------- flavors/c_cpp/Dockerfile | 16 +++++++--------- flavors/ci_light/Dockerfile | 5 ++--- flavors/cupcake/Dockerfile | 13 ++++--------- flavors/documentation/Dockerfile | 16 +++++++--------- flavors/dotnet/Dockerfile | 16 +++++++--------- flavors/dotnetweb/Dockerfile | 16 +++++++--------- flavors/go/Dockerfile | 17 +++++++---------- flavors/java/Dockerfile | 16 +++++++--------- flavors/javascript/Dockerfile | 16 +++++++--------- flavors/php/Dockerfile | 16 +++++++--------- flavors/python/Dockerfile | 16 +++++++--------- flavors/ruby/Dockerfile | 16 +++++++--------- flavors/rust/Dockerfile | 16 +++++++--------- flavors/salesforce/Dockerfile | 16 +++++++--------- flavors/security/Dockerfile | 6 ++---- flavors/swift/Dockerfile | 16 +++++++--------- flavors/terraform/Dockerfile | 16 +++++++--------- linters/action_actionlint/Dockerfile | 2 -- .../Dockerfile | 5 ++--- linters/go_revive/Dockerfile | 1 - linters/protobuf_protolint/Dockerfile | 5 +++-- linters/repository_dustilock/Dockerfile | 1 - linters/repository_gitleaks/Dockerfile | 5 ++--- 24 files changed, 120 insertions(+), 166 deletions(-) diff --git a/Dockerfile b/Dockerfile index 75b78c4052c..96dd3a1a921 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,11 +12,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint ARG TERRAFORM_TFLINT_VERSION=0.51.1 # renovate: datasource=docker depName=alpine/terragrunt @@ -31,26 +31,23 @@ ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM golang:1-alpine as revive ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787) ## for the released revive binaries not returning version numbers (devel). ## The install command should then be what is commented in the go.megalinter-descriptor.yml RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest - FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform FROM ghcr.io/assignuser/chktex-alpine:latest as chktex -FROM yoheimuta/protolint:latest as protolint +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM golang:alpine as dustilock RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 - -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM checkmarx/kics:alpine as kics FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale @@ -325,7 +322,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ COPY --from=composer/composer:2-bin /composer /usr/bin/composer COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/c_cpp/Dockerfile b/flavors/c_cpp/Dockerfile index 86256b4538f..ea9593caffa 100644 --- a/flavors/c_cpp/Dockerfile +++ b/flavors/c_cpp/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,16 +26,15 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -217,7 +216,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/ci_light/Dockerfile b/flavors/ci_light/Dockerfile index a055ac5ca18..6f1b7578a40 100644 --- a/flavors/ci_light/Dockerfile +++ b/flavors/ci_light/Dockerfile @@ -13,8 +13,7 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -24,7 +23,7 @@ ARG GITLEAKS_VERSION=v8.18.4 FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog #FROM__END diff --git a/flavors/cupcake/Dockerfile b/flavors/cupcake/Dockerfile index 7df926a43bc..abdd804fb93 100644 --- a/flavors/cupcake/Dockerfile +++ b/flavors/cupcake/Dockerfile @@ -13,11 +13,9 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint ARG TERRAFORM_TFLINT_VERSION=0.51.1 # renovate: datasource=docker depName=alpine/terragrunt @@ -32,21 +30,19 @@ ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM golang:1-alpine as revive ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787) ## for the released revive binaries not returning version numbers (devel). ## The install command should then be what is commented in the go.megalinter-descriptor.yml RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest - FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM checkmarx/kics:alpine as kics FROM trufflesecurity/trufflehog:latest as trufflehog FROM lycheeverse/lychee:latest-alpine as lychee @@ -289,7 +285,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ COPY --from=composer/composer:2-bin /composer /usr/bin/composer COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/documentation/Dockerfile b/flavors/documentation/Dockerfile index 3b1e6075b87..94f835ca2c2 100644 --- a/flavors/documentation/Dockerfile +++ b/flavors/documentation/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,16 +26,15 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -215,7 +214,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/dotnet/Dockerfile b/flavors/dotnet/Dockerfile index d9028d110f2..9f5c23de257 100644 --- a/flavors/dotnet/Dockerfile +++ b/flavors/dotnet/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,16 +26,15 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -229,7 +228,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/dotnetweb/Dockerfile b/flavors/dotnetweb/Dockerfile index 1267acffec0..25ad8cf87bf 100644 --- a/flavors/dotnetweb/Dockerfile +++ b/flavors/dotnetweb/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,16 +26,15 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -251,7 +250,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/go/Dockerfile b/flavors/go/Dockerfile index d9b7a2f6105..3f7432e8075 100644 --- a/flavors/go/Dockerfile +++ b/flavors/go/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,22 +26,20 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM golang:1-alpine as revive ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787) ## for the released revive binaries not returning version numbers (devel). ## The install command should then be what is commented in the go.megalinter-descriptor.yml RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest - FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -222,7 +220,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/java/Dockerfile b/flavors/java/Dockerfile index 811b9d48b45..993dfe032e6 100644 --- a/flavors/java/Dockerfile +++ b/flavors/java/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,16 +26,15 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -218,7 +217,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/javascript/Dockerfile b/flavors/javascript/Dockerfile index 86e61964ef1..692cca5c637 100644 --- a/flavors/javascript/Dockerfile +++ b/flavors/javascript/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,16 +26,15 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -239,7 +238,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/php/Dockerfile b/flavors/php/Dockerfile index f6eceecc713..6dcb30eb756 100644 --- a/flavors/php/Dockerfile +++ b/flavors/php/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,16 +26,15 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -230,7 +229,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ COPY --from=composer/composer:2-bin /composer /usr/bin/composer COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/python/Dockerfile b/flavors/python/Dockerfile index 130dc452604..49cbc455a2c 100644 --- a/flavors/python/Dockerfile +++ b/flavors/python/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,16 +26,15 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -227,7 +226,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/ruby/Dockerfile b/flavors/ruby/Dockerfile index aa01464794f..42331cf0688 100644 --- a/flavors/ruby/Dockerfile +++ b/flavors/ruby/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,16 +26,15 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -221,7 +220,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/rust/Dockerfile b/flavors/rust/Dockerfile index 739d6d03181..0bb5b64be94 100644 --- a/flavors/rust/Dockerfile +++ b/flavors/rust/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,16 +26,15 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -215,7 +214,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/salesforce/Dockerfile b/flavors/salesforce/Dockerfile index 14fed704fe3..81765f9bc1a 100644 --- a/flavors/salesforce/Dockerfile +++ b/flavors/salesforce/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,16 +26,15 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -218,7 +217,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/security/Dockerfile b/flavors/security/Dockerfile index 7f81f2f05c4..291a2b8b40f 100644 --- a/flavors/security/Dockerfile +++ b/flavors/security/Dockerfile @@ -13,8 +13,7 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint ARG TERRAFORM_TFLINT_VERSION=0.51.1 # renovate: datasource=docker depName=alpine/terragrunt @@ -32,8 +31,7 @@ FROM hadolint/hadolint:v2.12.0-alpine as hadolint FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform FROM golang:alpine as dustilock RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 - -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM checkmarx/kics:alpine as kics FROM trufflesecurity/trufflehog:latest as trufflehog FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint diff --git a/flavors/swift/Dockerfile b/flavors/swift/Dockerfile index 7a51a242afe..2171ffd7d05 100644 --- a/flavors/swift/Dockerfile +++ b/flavors/swift/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# @@ -26,16 +26,15 @@ ARG GITLEAKS_VERSION=v8.18.4 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee @@ -217,7 +216,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/flavors/terraform/Dockerfile b/flavors/terraform/Dockerfile index fbb9703f184..eecf83f2a2b 100644 --- a/flavors/terraform/Dockerfile +++ b/flavors/terraform/Dockerfile @@ -13,11 +13,11 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint ARG TERRAFORM_TFLINT_VERSION=0.51.1 # renovate: datasource=docker depName=alpine/terragrunt @@ -32,16 +32,15 @@ ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck # Next FROM line commented because already managed by another linter # FROM koalaman/shellcheck:stable as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform -FROM yoheimuta/protolint:latest as protolint -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM checkmarx/kics:alpine as kics FROM trufflesecurity/trufflehog:latest as trufflehog FROM jdkato/vale:latest as vale @@ -227,7 +226,6 @@ RUN echo 'gem: --no-document' >> ~/.gemrc && \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck # Next COPY line commented because already managed by another linter # COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck diff --git a/linters/action_actionlint/Dockerfile b/linters/action_actionlint/Dockerfile index fdcc9c2c3cd..b83a10dcbb6 100644 --- a/linters/action_actionlint/Dockerfile +++ b/linters/action_actionlint/Dockerfile @@ -20,7 +20,6 @@ #FROM__START FROM rhysd/actionlint:latest as actionlint # shellcheck is a dependency for actionlint - FROM koalaman/shellcheck:stable as shellcheck #FROM__END @@ -129,7 +128,6 @@ ENV PATH="/node-deps/node_modules/.bin:${PATH}" \ #COPY__START COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck #COPY__END diff --git a/linters/editorconfig_editorconfig_checker/Dockerfile b/linters/editorconfig_editorconfig_checker/Dockerfile index 5de719e6bc9..5d78121eb17 100644 --- a/linters/editorconfig_editorconfig_checker/Dockerfile +++ b/linters/editorconfig_editorconfig_checker/Dockerfile @@ -12,15 +12,14 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=mstruebing/editorconfig-checker -ARG EDITORCONFIG_CHECKER_VERSION=v3.0.1 - +ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM mstruebing/editorconfig-checker:${EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker +FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker #FROM__END ################## diff --git a/linters/go_revive/Dockerfile b/linters/go_revive/Dockerfile index 116a8ad0bf6..7225e7665ba 100644 --- a/linters/go_revive/Dockerfile +++ b/linters/go_revive/Dockerfile @@ -23,7 +23,6 @@ FROM golang:1-alpine as revive ## for the released revive binaries not returning version numbers (devel). ## The install command should then be what is commented in the go.megalinter-descriptor.yml RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest - #FROM__END ################## diff --git a/linters/protobuf_protolint/Dockerfile b/linters/protobuf_protolint/Dockerfile index 9952672a613..b7df2a23e38 100644 --- a/linters/protobuf_protolint/Dockerfile +++ b/linters/protobuf_protolint/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=yoheimuta/protolint +ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM yoheimuta/protolint:latest as protolint +FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint #FROM__END ################## diff --git a/linters/repository_dustilock/Dockerfile b/linters/repository_dustilock/Dockerfile index eaf0d3d8c0f..924be833b8e 100644 --- a/linters/repository_dustilock/Dockerfile +++ b/linters/repository_dustilock/Dockerfile @@ -20,7 +20,6 @@ #FROM__START FROM golang:alpine as dustilock RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 - #FROM__END ################## diff --git a/linters/repository_gitleaks/Dockerfile b/linters/repository_gitleaks/Dockerfile index a47acfeaf75..79c64dfbfb5 100644 --- a/linters/repository_gitleaks/Dockerfile +++ b/linters/repository_gitleaks/Dockerfile @@ -12,15 +12,14 @@ ############################################################################################# #ARGTOP__START # renovate: datasource=docker depName=zricethezav/gitleaks -ARG GITLEAKS_VERSION=v8.18.4 - +ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM zricethezav/gitleaks:${GITLEAKS_VERSION} as gitleaks +FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks #FROM__END ################## From cc2cc6d64fbfd0cf81a1601cd0ab00dd6ca593c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 01:10:22 +0000 Subject: [PATCH 06/13] Configure renovate for dockerfile linters --- megalinter/descriptors/dockerfile.megalinter-descriptor.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/megalinter/descriptors/dockerfile.megalinter-descriptor.yml b/megalinter/descriptors/dockerfile.megalinter-descriptor.yml index f463701e671..1d755f2cc4b 100644 --- a/megalinter/descriptors/dockerfile.megalinter-descriptor.yml +++ b/megalinter/descriptors/dockerfile.megalinter-descriptor.yml @@ -37,7 +37,10 @@ linters: - "hadolint --config .hadolint.yml Dockerfile" install: dockerfile: - - FROM hadolint/hadolint:v2.12.0-alpine as hadolint + - |- + # renovate: datasource=docker depName=hadolint/hadolint + ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine + - FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint - COPY --link --from=hadolint /bin/hadolint /usr/bin/hadolint ide: atom: From bf3ab0f0b8d86ab913085940d15735a213825ada Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 01:17:23 +0000 Subject: [PATCH 07/13] Configure renovate for kubernetes linters --- .../descriptors/kubernetes.megalinter-descriptor.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/megalinter/descriptors/kubernetes.megalinter-descriptor.yml b/megalinter/descriptors/kubernetes.megalinter-descriptor.yml index 0197f64dac2..18d74696453 100644 --- a/megalinter/descriptors/kubernetes.megalinter-descriptor.yml +++ b/megalinter/descriptors/kubernetes.megalinter-descriptor.yml @@ -38,7 +38,10 @@ linters: - kubeconform -ignore-missing-schemas -skip SomeCRD,AnotherCRD -kubernetes-version '1.18.0' -strict myfile.yml install: dockerfile: - - FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform + - |- + # renovate: datasource=docker depName=ghcr.io/yannh/kubeconform + ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine + - FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform - COPY --link --from=kubeconform /kubeconform /usr/bin/ # HELM LINT @@ -110,6 +113,6 @@ linters: - libc6-compat - libstdc++ dockerfile: - - | + - |- RUN ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \ curl --retry 5 --retry-delay 5 -sLv https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash -s -- -v v2.9.0 From 8f59fdc1f4e535d1fc38e33c9efe3018fb2213b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 01:25:54 +0000 Subject: [PATCH 08/13] Configure renovate for action linters --- .../descriptors/action.megalinter-descriptor.yml | 10 ++++++++-- megalinter/descriptors/bash.megalinter-descriptor.yml | 5 ++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/megalinter/descriptors/action.megalinter-descriptor.yml b/megalinter/descriptors/action.megalinter-descriptor.yml index 46877fcab3c..724fcafcc4c 100644 --- a/megalinter/descriptors/action.megalinter-descriptor.yml +++ b/megalinter/descriptors/action.megalinter-descriptor.yml @@ -29,9 +29,15 @@ linters: - py3-pyflakes dockerfile: - |- - FROM rhysd/actionlint:latest as actionlint + # renovate: datasource=docker depName=rhysd/actionlint + ARG ACTION_ACTIONLINT_VERSION=1.7.1 + - |- + # renovate: datasource=docker depName=koalaman/shellcheck + ARG BASH_SHELLCHECK_VERSION=v0.10.0 + - |- + FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint - - FROM koalaman/shellcheck:stable as shellcheck + - FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck - |- COPY --link --from=actionlint /usr/local/bin/actionlint /usr/bin/actionlint # shellcheck is a dependency for actionlint diff --git a/megalinter/descriptors/bash.megalinter-descriptor.yml b/megalinter/descriptors/bash.megalinter-descriptor.yml index 1c568d28556..8589006bcfd 100644 --- a/megalinter/descriptors/bash.megalinter-descriptor.yml +++ b/megalinter/descriptors/bash.megalinter-descriptor.yml @@ -78,7 +78,10 @@ linters: - shellcheck-sarif dockerfile: # Also update shellcheck version in action.megalinter-descriptor.yml - - FROM koalaman/shellcheck:stable as shellcheck + - |- + # renovate: datasource=docker depName=koalaman/shellcheck + ARG BASH_SHELLCHECK_VERSION=v0.10.0 + - FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck - COPY --link --from=shellcheck /bin/shellcheck /usr/bin/shellcheck ide: atom: From ade4830666dbb314c0bf8cf88e14348913360cf0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 01:27:22 +0000 Subject: [PATCH 09/13] Build --- Dockerfile | 18 +++++++++++++----- flavors/c_cpp/Dockerfile | 18 +++++++++++++----- flavors/ci_light/Dockerfile | 8 ++++++-- flavors/cupcake/Dockerfile | 19 +++++++++++++------ flavors/documentation/Dockerfile | 18 +++++++++++++----- flavors/dotnet/Dockerfile | 18 +++++++++++++----- flavors/dotnetweb/Dockerfile | 18 +++++++++++++----- flavors/go/Dockerfile | 18 +++++++++++++----- flavors/java/Dockerfile | 18 +++++++++++++----- flavors/javascript/Dockerfile | 18 +++++++++++++----- flavors/php/Dockerfile | 19 +++++++++++++------ flavors/python/Dockerfile | 19 +++++++++++++------ flavors/ruby/Dockerfile | 18 +++++++++++++----- flavors/rust/Dockerfile | 18 +++++++++++++----- flavors/salesforce/Dockerfile | 18 +++++++++++++----- flavors/security/Dockerfile | 12 +++++++++--- flavors/swift/Dockerfile | 18 +++++++++++++----- flavors/terraform/Dockerfile | 18 +++++++++++++----- linters/action_actionlint/Dockerfile | 9 ++++++--- linters/bash_shellcheck/Dockerfile | 5 +++-- linters/dockerfile_hadolint/Dockerfile | 5 +++-- linters/kubernetes_kubeconform/Dockerfile | 5 +++-- linters/kubernetes_kubescape/Dockerfile | 1 - 23 files changed, 238 insertions(+), 98 deletions(-) diff --git a/Dockerfile b/Dockerfile index 96dd3a1a921..a67f609ceb9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,8 +11,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -29,20 +37,20 @@ ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM golang:1-alpine as revive ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787) ## for the released revive binaries not returning version numbers (devel). ## The install command should then be what is commented in the go.megalinter-descriptor.yml RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM ghcr.io/assignuser/chktex-alpine:latest as chktex FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM golang:alpine as dustilock diff --git a/flavors/c_cpp/Dockerfile b/flavors/c_cpp/Dockerfile index ea9593caffa..2c84ee6a037 100644 --- a/flavors/c_cpp/Dockerfile +++ b/flavors/c_cpp/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,15 +32,15 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog diff --git a/flavors/ci_light/Dockerfile b/flavors/ci_light/Dockerfile index 6f1b7578a40..511f12e56e8 100644 --- a/flavors/ci_light/Dockerfile +++ b/flavors/ci_light/Dockerfile @@ -12,6 +12,10 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 #ARGTOP__END @@ -20,9 +24,9 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog #FROM__END diff --git a/flavors/cupcake/Dockerfile b/flavors/cupcake/Dockerfile index abdd804fb93..cf955f9612f 100644 --- a/flavors/cupcake/Dockerfile +++ b/flavors/cupcake/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint @@ -28,20 +36,20 @@ ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM golang:1-alpine as revive ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787) ## for the released revive binaries not returning version numbers (devel). ## The install command should then be what is commented in the go.megalinter-descriptor.yml RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM checkmarx/kics:alpine as kics FROM trufflesecurity/trufflehog:latest as trufflehog @@ -461,7 +469,6 @@ RUN wget --quiet https://github.com/pmd/pmd/releases/download/pmd_releases%2F${P && ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \ curl --retry 5 --retry-delay 5 -sLv https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash -s -- -v v2.9.0 - # phpcs installation RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && composer global require squizlabs/php_codesniffer bartlett/sarif-php-sdk diff --git a/flavors/documentation/Dockerfile b/flavors/documentation/Dockerfile index 94f835ca2c2..4be2dd706b2 100644 --- a/flavors/documentation/Dockerfile +++ b/flavors/documentation/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,15 +32,15 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog diff --git a/flavors/dotnet/Dockerfile b/flavors/dotnet/Dockerfile index 9f5c23de257..1989e2b2e06 100644 --- a/flavors/dotnet/Dockerfile +++ b/flavors/dotnet/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,15 +32,15 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog diff --git a/flavors/dotnetweb/Dockerfile b/flavors/dotnetweb/Dockerfile index 25ad8cf87bf..65e57b51f19 100644 --- a/flavors/dotnetweb/Dockerfile +++ b/flavors/dotnetweb/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,15 +32,15 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog diff --git a/flavors/go/Dockerfile b/flavors/go/Dockerfile index 3f7432e8075..d26495f21ae 100644 --- a/flavors/go/Dockerfile +++ b/flavors/go/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,20 +32,20 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker FROM golang:1-alpine as revive ## The golang image used as a builder is a temporary workaround (https://github.com/mgechev/revive/issues/787) ## for the released revive binaries not returning version numbers (devel). ## The install command should then be what is commented in the go.megalinter-descriptor.yml RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog diff --git a/flavors/java/Dockerfile b/flavors/java/Dockerfile index 993dfe032e6..737fc903fec 100644 --- a/flavors/java/Dockerfile +++ b/flavors/java/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,15 +32,15 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog diff --git a/flavors/javascript/Dockerfile b/flavors/javascript/Dockerfile index 692cca5c637..4aa29b12c96 100644 --- a/flavors/javascript/Dockerfile +++ b/flavors/javascript/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,15 +32,15 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog diff --git a/flavors/php/Dockerfile b/flavors/php/Dockerfile index 6dcb30eb756..152055f935b 100644 --- a/flavors/php/Dockerfile +++ b/flavors/php/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,15 +32,15 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog @@ -318,7 +326,6 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel && ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \ curl --retry 5 --retry-delay 5 -sLv https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash -s -- -v v2.9.0 - # phpcs installation RUN --mount=type=secret,id=GITHUB_TOKEN GITHUB_AUTH_TOKEN="$(cat /run/secrets/GITHUB_TOKEN)" && export GITHUB_AUTH_TOKEN && composer global require squizlabs/php_codesniffer bartlett/sarif-php-sdk diff --git a/flavors/python/Dockerfile b/flavors/python/Dockerfile index 49cbc455a2c..41e8a284f60 100644 --- a/flavors/python/Dockerfile +++ b/flavors/python/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,15 +32,15 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog @@ -296,7 +304,6 @@ RUN curl --retry 5 --retry-delay 5 -sSLO https://github.com/pinterest/ktlint/rel && ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \ curl --retry 5 --retry-delay 5 -sLv https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash -s -- -v v2.9.0 - # protolint installation # Managed with COPY --link --from=protolint /usr/local/bin/protolint /usr/bin/ diff --git a/flavors/ruby/Dockerfile b/flavors/ruby/Dockerfile index 42331cf0688..07888e71b68 100644 --- a/flavors/ruby/Dockerfile +++ b/flavors/ruby/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,15 +32,15 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog diff --git a/flavors/rust/Dockerfile b/flavors/rust/Dockerfile index 0bb5b64be94..bda353ff714 100644 --- a/flavors/rust/Dockerfile +++ b/flavors/rust/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,15 +32,15 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog diff --git a/flavors/salesforce/Dockerfile b/flavors/salesforce/Dockerfile index 81765f9bc1a..a6ad1a2e05e 100644 --- a/flavors/salesforce/Dockerfile +++ b/flavors/salesforce/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,15 +32,15 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog diff --git a/flavors/security/Dockerfile b/flavors/security/Dockerfile index 291a2b8b40f..25b35ba67e4 100644 --- a/flavors/security/Dockerfile +++ b/flavors/security/Dockerfile @@ -12,6 +12,12 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint @@ -26,9 +32,9 @@ ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM koalaman/shellcheck:stable as shellcheck -FROM hadolint/hadolint:v2.12.0-alpine as hadolint -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM golang:alpine as dustilock RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks diff --git a/flavors/swift/Dockerfile b/flavors/swift/Dockerfile index 2171ffd7d05..8ea014efdf2 100644 --- a/flavors/swift/Dockerfile +++ b/flavors/swift/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -24,15 +32,15 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:latest as trufflehog diff --git a/flavors/terraform/Dockerfile b/flavors/terraform/Dockerfile index eecf83f2a2b..d8ff59297b7 100644 --- a/flavors/terraform/Dockerfile +++ b/flavors/terraform/Dockerfile @@ -12,8 +12,16 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=mstruebing/editorconfig-checker ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=yoheimuta/protolint ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks @@ -30,15 +38,15 @@ ARG TERRAFORM_TERRAGRUNT_VERSION=1.8.5 ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck # Next FROM line commented because already managed by another linter -# FROM koalaman/shellcheck:stable as shellcheck +# FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION} as editorconfig-checker -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM checkmarx/kics:alpine as kics diff --git a/linters/action_actionlint/Dockerfile b/linters/action_actionlint/Dockerfile index b83a10dcbb6..4c29a6680b5 100644 --- a/linters/action_actionlint/Dockerfile +++ b/linters/action_actionlint/Dockerfile @@ -11,16 +11,19 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=rhysd/actionlint +ARG ACTION_ACTIONLINT_VERSION=1.7.1 +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM rhysd/actionlint:latest as actionlint +FROM rhysd/actionlint:${ACTION_ACTIONLINT_VERSION} as actionlint # shellcheck is a dependency for actionlint -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck #FROM__END ################## diff --git a/linters/bash_shellcheck/Dockerfile b/linters/bash_shellcheck/Dockerfile index 7602c815ef2..ff543462e5c 100644 --- a/linters/bash_shellcheck/Dockerfile +++ b/linters/bash_shellcheck/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=koalaman/shellcheck +ARG BASH_SHELLCHECK_VERSION=v0.10.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM koalaman/shellcheck:stable as shellcheck +FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck #FROM__END ################## diff --git a/linters/dockerfile_hadolint/Dockerfile b/linters/dockerfile_hadolint/Dockerfile index 9437fe7b12b..119c65d1c72 100644 --- a/linters/dockerfile_hadolint/Dockerfile +++ b/linters/dockerfile_hadolint/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=hadolint/hadolint +ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM hadolint/hadolint:v2.12.0-alpine as hadolint +FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint #FROM__END ################## diff --git a/linters/kubernetes_kubeconform/Dockerfile b/linters/kubernetes_kubeconform/Dockerfile index 8f431480567..8c426d1cfec 100644 --- a/linters/kubernetes_kubeconform/Dockerfile +++ b/linters/kubernetes_kubeconform/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform +ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform +FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform #FROM__END ################## diff --git a/linters/kubernetes_kubescape/Dockerfile b/linters/kubernetes_kubescape/Dockerfile index 352525f17f1..afc77ecf39a 100644 --- a/linters/kubernetes_kubescape/Dockerfile +++ b/linters/kubernetes_kubescape/Dockerfile @@ -137,7 +137,6 @@ ENV PATH="/node-deps/node_modules/.bin:${PATH}" \ RUN ln -s /lib/libc.so.6 /usr/lib/libresolv.so.2 && \ curl --retry 5 --retry-delay 5 -sLv https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash -s -- -v v2.9.0 - #OTHER__END ################################ From 437ac2039e4ed3630c7ba58fb05c32fac643c0ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 01:42:57 +0000 Subject: [PATCH 10/13] Configure renovate for some repository linters --- .../descriptors/repository.megalinter-descriptor.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/megalinter/descriptors/repository.megalinter-descriptor.yml b/megalinter/descriptors/repository.megalinter-descriptor.yml index c1942019185..60596f473ce 100644 --- a/megalinter/descriptors/repository.megalinter-descriptor.yml +++ b/megalinter/descriptors/repository.megalinter-descriptor.yml @@ -335,7 +335,10 @@ linters: - "kics scan --path ." install: dockerfile: - - FROM checkmarx/kics:alpine as kics + - |- + # renovate: datasource=docker depName=checkmarx/kics + ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine + - FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics - COPY --link --from=kics /app/bin/kics /usr/bin/kics - ENV KICS_QUERIES_PATH=/usr/bin/assets/queries KICS_LIBRARIES_PATH=/usr/bin/assets/libraries - COPY --from=kics /app/bin/assets /usr/bin/assets @@ -609,6 +612,9 @@ linters: - "trufflehog filesystem ." install: dockerfile: - - FROM trufflesecurity/trufflehog:latest as trufflehog + - |- + # renovate: datasource=docker depName=trufflesecurity/trufflehog + ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 + - FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog - COPY --link --from=trufflehog /usr/bin/trufflehog /usr/bin/ test_folder: gitleaks From 0296d7ebc7ed9a5ca40b489f5270979f31fe3166 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 01:43:50 +0000 Subject: [PATCH 11/13] Build --- Dockerfile | 8 ++++++-- flavors/c_cpp/Dockerfile | 4 +++- flavors/ci_light/Dockerfile | 4 +++- flavors/cupcake/Dockerfile | 8 ++++++-- flavors/documentation/Dockerfile | 4 +++- flavors/dotnet/Dockerfile | 4 +++- flavors/dotnetweb/Dockerfile | 4 +++- flavors/go/Dockerfile | 4 +++- flavors/java/Dockerfile | 4 +++- flavors/javascript/Dockerfile | 4 +++- flavors/php/Dockerfile | 4 +++- flavors/python/Dockerfile | 4 +++- flavors/ruby/Dockerfile | 4 +++- flavors/rust/Dockerfile | 4 +++- flavors/salesforce/Dockerfile | 4 +++- flavors/security/Dockerfile | 8 ++++++-- flavors/swift/Dockerfile | 4 +++- flavors/terraform/Dockerfile | 8 ++++++-- linters/repository_kics/Dockerfile | 5 +++-- linters/repository_trufflehog/Dockerfile | 5 +++-- 20 files changed, 72 insertions(+), 26 deletions(-) diff --git a/Dockerfile b/Dockerfile index a67f609ceb9..87dd02c1332 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,6 +25,10 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=checkmarx/kics +ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint ARG TERRAFORM_TFLINT_VERSION=0.51.1 # renovate: datasource=docker depName=alpine/terragrunt @@ -56,8 +60,8 @@ FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM golang:alpine as dustilock RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM checkmarx/kics:alpine as kics -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint diff --git a/flavors/c_cpp/Dockerfile b/flavors/c_cpp/Dockerfile index 2c84ee6a037..1a603cc5252 100644 --- a/flavors/c_cpp/Dockerfile +++ b/flavors/c_cpp/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -43,7 +45,7 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/ci_light/Dockerfile b/flavors/ci_light/Dockerfile index 511f12e56e8..29a7c88c32a 100644 --- a/flavors/ci_light/Dockerfile +++ b/flavors/ci_light/Dockerfile @@ -18,6 +18,8 @@ ARG BASH_SHELLCHECK_VERSION=v0.10.0 ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -28,7 +30,7 @@ FROM koalaman/shellcheck:${BASH_SHELLCHECK_VERSION} as shellcheck FROM mvdan/shfmt:latest-alpine as shfmt FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} as hadolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog #FROM__END ################## diff --git a/flavors/cupcake/Dockerfile b/flavors/cupcake/Dockerfile index cf955f9612f..141624c4a94 100644 --- a/flavors/cupcake/Dockerfile +++ b/flavors/cupcake/Dockerfile @@ -24,6 +24,10 @@ ARG EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION=v3.0.1 ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=checkmarx/kics +ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint ARG TERRAFORM_TFLINT_VERSION=0.51.1 # renovate: datasource=docker depName=alpine/terragrunt @@ -51,8 +55,8 @@ FROM golang:1-alpine as revive RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM checkmarx/kics:alpine as kics -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM lycheeverse/lychee:latest-alpine as lychee FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan diff --git a/flavors/documentation/Dockerfile b/flavors/documentation/Dockerfile index 4be2dd706b2..18b7170a06d 100644 --- a/flavors/documentation/Dockerfile +++ b/flavors/documentation/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -43,7 +45,7 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/dotnet/Dockerfile b/flavors/dotnet/Dockerfile index 1989e2b2e06..c101a9b5365 100644 --- a/flavors/dotnet/Dockerfile +++ b/flavors/dotnet/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -43,7 +45,7 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/dotnetweb/Dockerfile b/flavors/dotnetweb/Dockerfile index 65e57b51f19..39cfd406a54 100644 --- a/flavors/dotnetweb/Dockerfile +++ b/flavors/dotnetweb/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -43,7 +45,7 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/go/Dockerfile b/flavors/go/Dockerfile index d26495f21ae..dd66e6af7c2 100644 --- a/flavors/go/Dockerfile +++ b/flavors/go/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -48,7 +50,7 @@ RUN GOBIN=/usr/bin go install github.com/mgechev/revive@latest FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/java/Dockerfile b/flavors/java/Dockerfile index 737fc903fec..dd2ffd672ab 100644 --- a/flavors/java/Dockerfile +++ b/flavors/java/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -43,7 +45,7 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/javascript/Dockerfile b/flavors/javascript/Dockerfile index 4aa29b12c96..f19937814d5 100644 --- a/flavors/javascript/Dockerfile +++ b/flavors/javascript/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -43,7 +45,7 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/php/Dockerfile b/flavors/php/Dockerfile index 152055f935b..e73b8d1d676 100644 --- a/flavors/php/Dockerfile +++ b/flavors/php/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -43,7 +45,7 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/python/Dockerfile b/flavors/python/Dockerfile index 41e8a284f60..2218c381222 100644 --- a/flavors/python/Dockerfile +++ b/flavors/python/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -43,7 +45,7 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/ruby/Dockerfile b/flavors/ruby/Dockerfile index 07888e71b68..cec87ffbf43 100644 --- a/flavors/ruby/Dockerfile +++ b/flavors/ruby/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -43,7 +45,7 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/rust/Dockerfile b/flavors/rust/Dockerfile index bda353ff714..d5d135559ba 100644 --- a/flavors/rust/Dockerfile +++ b/flavors/rust/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -43,7 +45,7 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/salesforce/Dockerfile b/flavors/salesforce/Dockerfile index a6ad1a2e05e..bee97db0b0c 100644 --- a/flavors/salesforce/Dockerfile +++ b/flavors/salesforce/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -43,7 +45,7 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/security/Dockerfile b/flavors/security/Dockerfile index 25b35ba67e4..a9f2094b3fc 100644 --- a/flavors/security/Dockerfile +++ b/flavors/security/Dockerfile @@ -20,6 +20,10 @@ ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=checkmarx/kics +ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint ARG TERRAFORM_TFLINT_VERSION=0.51.1 # renovate: datasource=docker depName=alpine/terragrunt @@ -38,8 +42,8 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM golang:alpine as dustilock RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM checkmarx/kics:alpine as kics -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan FROM alpine/terragrunt:${TERRAFORM_TERRAGRUNT_VERSION} as terragrunt diff --git a/flavors/swift/Dockerfile b/flavors/swift/Dockerfile index 8ea014efdf2..7c7d857c605 100644 --- a/flavors/swift/Dockerfile +++ b/flavors/swift/Dockerfile @@ -26,6 +26,8 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# @@ -43,7 +45,7 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/terraform/Dockerfile b/flavors/terraform/Dockerfile index d8ff59297b7..409a80fde63 100644 --- a/flavors/terraform/Dockerfile +++ b/flavors/terraform/Dockerfile @@ -26,6 +26,10 @@ ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.6-alpine ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 # renovate: datasource=docker depName=zricethezav/gitleaks ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 +# renovate: datasource=docker depName=checkmarx/kics +ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint ARG TERRAFORM_TFLINT_VERSION=0.51.1 # renovate: datasource=docker depName=alpine/terragrunt @@ -49,8 +53,8 @@ FROM mstruebing/editorconfig-checker:${EDITORCONFIG_EDITORCONFIG_CHECKER_VERSION FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks -FROM checkmarx/kics:alpine as kics -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog FROM jdkato/vale:latest as vale FROM lycheeverse/lychee:latest-alpine as lychee FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint diff --git a/linters/repository_kics/Dockerfile b/linters/repository_kics/Dockerfile index 83ac8e6fb12..a55620b3c51 100644 --- a/linters/repository_kics/Dockerfile +++ b/linters/repository_kics/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=checkmarx/kics +ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM checkmarx/kics:alpine as kics +FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics #FROM__END ################## diff --git a/linters/repository_trufflehog/Dockerfile b/linters/repository_trufflehog/Dockerfile index c83ddc62a15..c5abfdf3221 100644 --- a/linters/repository_trufflehog/Dockerfile +++ b/linters/repository_trufflehog/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName=trufflesecurity/trufflehog +ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM trufflesecurity/trufflehog:latest as trufflehog +FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog #FROM__END ################## From a12c74fdf53322055fab2303464c8df0aa4e5933 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 01:52:01 +0000 Subject: [PATCH 12/13] Configure renovate for SPELL_VALE --- megalinter/descriptors/spell.megalinter-descriptor.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/megalinter/descriptors/spell.megalinter-descriptor.yml b/megalinter/descriptors/spell.megalinter-descriptor.yml index 01120c47932..4b87a17044f 100644 --- a/megalinter/descriptors/spell.megalinter-descriptor.yml +++ b/megalinter/descriptors/spell.megalinter-descriptor.yml @@ -121,7 +121,10 @@ linters: test_folder: spell_vale install: dockerfile: - - FROM jdkato/vale:latest as vale + - |- + # renovate: datasource=docker depName= + ARG SPELL_VALE_VERSION=v3.6.0 + - FROM jdkato/vale:${SPELL_VALE_VERSION} as vale - COPY --link --from=vale /bin/vale /bin/vale ide: emacs: From 6540e193bb9307b07cc7a04df13c6590cbe9a31e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edouard=20Choini=C3=A8re?= <27212526+echoix@users.noreply.github.com> Date: Thu, 27 Jun 2024 01:52:43 +0000 Subject: [PATCH 13/13] Build --- Dockerfile | 4 +++- flavors/c_cpp/Dockerfile | 4 +++- flavors/documentation/Dockerfile | 4 +++- flavors/dotnet/Dockerfile | 4 +++- flavors/dotnetweb/Dockerfile | 4 +++- flavors/go/Dockerfile | 4 +++- flavors/java/Dockerfile | 4 +++- flavors/javascript/Dockerfile | 4 +++- flavors/php/Dockerfile | 4 +++- flavors/python/Dockerfile | 4 +++- flavors/ruby/Dockerfile | 4 +++- flavors/rust/Dockerfile | 4 +++- flavors/salesforce/Dockerfile | 4 +++- flavors/swift/Dockerfile | 4 +++- flavors/terraform/Dockerfile | 4 +++- linters/spell_vale/Dockerfile | 5 +++-- 16 files changed, 48 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index 87dd02c1332..3a4ecc001b0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,8 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint ARG TERRAFORM_TFLINT_VERSION=0.51.1 # renovate: datasource=docker depName=alpine/terragrunt @@ -62,7 +64,7 @@ RUN GOBIN=/usr/bin go install github.com/checkmarx/dustilock@v1.2.0 FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan diff --git a/flavors/c_cpp/Dockerfile b/flavors/c_cpp/Dockerfile index 1a603cc5252..5c50a2f7e55 100644 --- a/flavors/c_cpp/Dockerfile +++ b/flavors/c_cpp/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -46,7 +48,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/documentation/Dockerfile b/flavors/documentation/Dockerfile index 18b7170a06d..e72189705d6 100644 --- a/flavors/documentation/Dockerfile +++ b/flavors/documentation/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -46,7 +48,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/dotnet/Dockerfile b/flavors/dotnet/Dockerfile index c101a9b5365..dc4296fa1e6 100644 --- a/flavors/dotnet/Dockerfile +++ b/flavors/dotnet/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -46,7 +48,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/dotnetweb/Dockerfile b/flavors/dotnetweb/Dockerfile index 39cfd406a54..9076d505d17 100644 --- a/flavors/dotnetweb/Dockerfile +++ b/flavors/dotnetweb/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -46,7 +48,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/go/Dockerfile b/flavors/go/Dockerfile index dd66e6af7c2..423c62f3af0 100644 --- a/flavors/go/Dockerfile +++ b/flavors/go/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -51,7 +53,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/java/Dockerfile b/flavors/java/Dockerfile index dd2ffd672ab..2023f5085e9 100644 --- a/flavors/java/Dockerfile +++ b/flavors/java/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -46,7 +48,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/javascript/Dockerfile b/flavors/javascript/Dockerfile index f19937814d5..3da3706f05d 100644 --- a/flavors/javascript/Dockerfile +++ b/flavors/javascript/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -46,7 +48,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/php/Dockerfile b/flavors/php/Dockerfile index e73b8d1d676..4ce7c1c6e50 100644 --- a/flavors/php/Dockerfile +++ b/flavors/php/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -46,7 +48,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/python/Dockerfile b/flavors/python/Dockerfile index 2218c381222..43a28161b99 100644 --- a/flavors/python/Dockerfile +++ b/flavors/python/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -46,7 +48,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/ruby/Dockerfile b/flavors/ruby/Dockerfile index cec87ffbf43..d95756761fa 100644 --- a/flavors/ruby/Dockerfile +++ b/flavors/ruby/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -46,7 +48,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/rust/Dockerfile b/flavors/rust/Dockerfile index d5d135559ba..78e56b7c833 100644 --- a/flavors/rust/Dockerfile +++ b/flavors/rust/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -46,7 +48,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/salesforce/Dockerfile b/flavors/salesforce/Dockerfile index bee97db0b0c..ff3abe0ad48 100644 --- a/flavors/salesforce/Dockerfile +++ b/flavors/salesforce/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -46,7 +48,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/swift/Dockerfile b/flavors/swift/Dockerfile index 7c7d857c605..e7834c60a3b 100644 --- a/flavors/swift/Dockerfile +++ b/flavors/swift/Dockerfile @@ -28,6 +28,8 @@ ARG PROTOBUF_PROTOLINT_VERSION=0.49.8 ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# @@ -46,7 +48,7 @@ FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} as kubeconform FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee #FROM__END diff --git a/flavors/terraform/Dockerfile b/flavors/terraform/Dockerfile index 409a80fde63..e1fd3069c02 100644 --- a/flavors/terraform/Dockerfile +++ b/flavors/terraform/Dockerfile @@ -30,6 +30,8 @@ ARG REPOSITORY_GITLEAKS_VERSION=v8.18.4 ARG REPOSITORY_KICS_VERSION=v2.1.0-alpine # renovate: datasource=docker depName=trufflesecurity/trufflehog ARG REPOSITORY_TRUFFLEHOG_VERSION=3.78.2 +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 # renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint ARG TERRAFORM_TFLINT_VERSION=0.51.1 # renovate: datasource=docker depName=alpine/terragrunt @@ -55,7 +57,7 @@ FROM yoheimuta/protolint:${PROTOBUF_PROTOLINT_VERSION} as protolint FROM zricethezav/gitleaks:${REPOSITORY_GITLEAKS_VERSION} as gitleaks FROM checkmarx/kics:${REPOSITORY_KICS_VERSION} as kics FROM trufflesecurity/trufflehog:${REPOSITORY_TRUFFLEHOG_VERSION} as trufflehog -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale FROM lycheeverse/lychee:latest-alpine as lychee FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} as tflint FROM tenable/terrascan:${TERRAFORM_TERRASCAN_VERSION} as terrascan diff --git a/linters/spell_vale/Dockerfile b/linters/spell_vale/Dockerfile index b672419506d..aef6e48ab39 100644 --- a/linters/spell_vale/Dockerfile +++ b/linters/spell_vale/Dockerfile @@ -11,14 +11,15 @@ ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #ARGTOP__START - +# renovate: datasource=docker depName= +ARG SPELL_VALE_VERSION=v3.6.0 #ARGTOP__END ############################################################################################# ## @generated by .automation/build.py using descriptor files, please do not update manually ## ############################################################################################# #FROM__START -FROM jdkato/vale:latest as vale +FROM jdkato/vale:${SPELL_VALE_VERSION} as vale #FROM__END ##################