diff --git a/CHANGELOG.md b/CHANGELOG.md index 67365e4dd..2474ed73d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## Unreleased +- Update OS packages by default and bump gitleaks version ([#1049](https://github.com/opendevstack/ods-quickstarters/issues/1049)) - Update Angular, Ionic and Typescript Quickstarters ([#1033](https://github.com/opendevstack/ods-quickstarters/issues/1033)) - Update Rust Axum Quickstarter to Rust 1.79.0 ([#1024](https://github.com/opendevstack/ods-quickstarters/pull/1024)) - Update jdk and scala quickstarters and agents ([#1032](https://github.com/opendevstack/ods-quickstarters/issues/1032)) diff --git a/be-fe-mono-repo-plain/files/.pre-commit-config.yaml b/be-fe-mono-repo-plain/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/be-fe-mono-repo-plain/files/.pre-commit-config.yaml +++ b/be-fe-mono-repo-plain/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/be-fe-mono-repo-plain/files/docker_be/Dockerfile b/be-fe-mono-repo-plain/files/docker_be/Dockerfile index 8efa5f6f2..e9399c117 100644 --- a/be-fe-mono-repo-plain/files/docker_be/Dockerfile +++ b/be-fe-mono-repo-plain/files/docker_be/Dockerfile @@ -3,6 +3,10 @@ FROM alpine:latest RUN echo "building simple backend container" +RUN apk update && \ + apk -i upgrade && \ + apk cache clean + EXPOSE 8081 CMD ["/bin/sh", "-c", "/usr/bin/nc -lk -p 8081 -e echo -e \"HTTP/1.1 200 OK\n\nHello World!\n$(date)\""] diff --git a/be-fe-mono-repo-plain/files/docker_fe/Dockerfile b/be-fe-mono-repo-plain/files/docker_fe/Dockerfile index 697659a7b..e7d0c6465 100644 --- a/be-fe-mono-repo-plain/files/docker_fe/Dockerfile +++ b/be-fe-mono-repo-plain/files/docker_fe/Dockerfile @@ -3,6 +3,10 @@ FROM alpine:latest RUN echo "building simple frontend container" +RUN apk update && \ + apk -i upgrade && \ + apk cache clean + EXPOSE 8080 CMD ["/bin/sh", "-c", "/usr/bin/nc -lk -p 8080 -e echo -e \"HTTP/1.1 200 OK\n\nHello World!\n$(date)\""] diff --git a/be-gateway-nginx/files/.pre-commit-config.yaml b/be-gateway-nginx/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/be-gateway-nginx/files/.pre-commit-config.yaml +++ b/be-gateway-nginx/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/be-gateway-nginx/files/docker/Dockerfile b/be-gateway-nginx/files/docker/Dockerfile index 6fc8d5b7b..abedfe9ba 100644 --- a/be-gateway-nginx/files/docker/Dockerfile +++ b/be-gateway-nginx/files/docker/Dockerfile @@ -15,6 +15,9 @@ COPY lua /usr/local/openresty/lualib COPY nginx.conf /usr/local/openresty/nginx/conf/ COPY entrypoint.sh /app/ +RUN dnf upgrade -y && \ + dnf clean all + RUN chgrp -R 0 /app /usr/local/openresty/nginx && \ chmod -R g=u /app /usr/local/openresty/nginx && \ chmod +x /app/entrypoint.sh && \ diff --git a/be-golang-plain/files/.pre-commit-config.yaml b/be-golang-plain/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/be-golang-plain/files/.pre-commit-config.yaml +++ b/be-golang-plain/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/be-golang-plain/files/docker/Dockerfile b/be-golang-plain/files/docker/Dockerfile index ba4aca44b..d88a7feb0 100644 --- a/be-golang-plain/files/docker/Dockerfile +++ b/be-golang-plain/files/docker/Dockerfile @@ -24,6 +24,10 @@ FROM alpine COPY app_linux_amd64 app_linux_amd64 +RUN apk update && \ + apk -i upgrade && \ + apk cache clean + EXPOSE 8080 CMD ["./app_linux_amd64"] diff --git a/be-java-springboot/files/.pre-commit-config.yaml b/be-java-springboot/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/be-java-springboot/files/.pre-commit-config.yaml +++ b/be-java-springboot/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/be-java-springboot/files/docker/Dockerfile b/be-java-springboot/files/docker/Dockerfile index 39b6f42a8..c4c6da9e5 100644 --- a/be-java-springboot/files/docker/Dockerfile +++ b/be-java-springboot/files/docker/Dockerfile @@ -6,6 +6,13 @@ ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true COPY app.jar app.jar +USER root + +RUN microdnf upgrade -y && \ + microdnf clean all + +USER 1001 + EXPOSE 8080 CMD ["java","-Xmx512m", "-jar", "app.jar"] diff --git a/be-python-flask/files/.pre-commit-config.yaml b/be-python-flask/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/be-python-flask/files/.pre-commit-config.yaml +++ b/be-python-flask/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/be-python-flask/files/docker/Dockerfile b/be-python-flask/files/docker/Dockerfile index 3ea80b68c..d5a1fac1a 100644 --- a/be-python-flask/files/docker/Dockerfile +++ b/be-python-flask/files/docker/Dockerfile @@ -8,6 +8,13 @@ COPY run.sh /app/ WORKDIR /app +USER root + +RUN yum -y update && \ + yum clean all + +USER 1001 + RUN if [ ! -z ${nexusHostWithBasicAuth} ]; \ then pip install -i ${nexusHostWithBasicAuth}/repository/pypi-all/simple --trusted-host ${nexusHostWithoutScheme} --upgrade pip && pip install -i ${nexusHostWithBasicAuth}/repository/pypi-all/simple --trusted-host ${nexusHostWithoutScheme} -r requirements.txt; \ else pip install --upgrade pip && pip install -r requirements.txt; \ diff --git a/be-rust-axum/rust-template/.pre-commit-config.yaml b/be-rust-axum/rust-template/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/be-rust-axum/rust-template/.pre-commit-config.yaml +++ b/be-rust-axum/rust-template/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/be-scala-play/files/.pre-commit-config.yaml b/be-scala-play/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/be-scala-play/files/.pre-commit-config.yaml +++ b/be-scala-play/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/be-scala-play/files/docker/Dockerfile b/be-scala-play/files/docker/Dockerfile index eee67fa24..ae273af0a 100644 --- a/be-scala-play/files/docker/Dockerfile +++ b/be-scala-play/files/docker/Dockerfile @@ -4,6 +4,13 @@ WORKDIR /app COPY lib/* /app/lib/ COPY conf /app/conf/ +USER root + +RUN microdnf upgrade -y && \ + microdnf clean all + +USER 1001 + EXPOSE 8080 ENTRYPOINT ["java", "-Duser.dir=/app", "-XX:+UnlockExperimentalVMOptions", "-cp", "conf/:lib/*"] diff --git a/be-typescript-express/files/.pre-commit-config.yaml b/be-typescript-express/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/be-typescript-express/files/.pre-commit-config.yaml +++ b/be-typescript-express/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/be-typescript-express/files/docker/Dockerfile b/be-typescript-express/files/docker/Dockerfile index 3c5d42d02..799565c84 100644 --- a/be-typescript-express/files/docker/Dockerfile +++ b/be-typescript-express/files/docker/Dockerfile @@ -2,6 +2,10 @@ FROM node:22-alpine COPY dist /node +RUN apk update && \ + apk -i upgrade && \ + apk cache clean + RUN chown -R node: /node EXPOSE 8080 diff --git a/docker-plain/files/.pre-commit-config.yaml b/docker-plain/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/docker-plain/files/.pre-commit-config.yaml +++ b/docker-plain/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/docker-plain/files/docker/Dockerfile b/docker-plain/files/docker/Dockerfile index 681c5069b..540cb64bd 100644 --- a/docker-plain/files/docker/Dockerfile +++ b/docker-plain/files/docker/Dockerfile @@ -3,6 +3,10 @@ FROM alpine:latest RUN echo "building simple container" +RUN apk update && \ + apk -i upgrade && \ + apk cache clean + EXPOSE 8080 CMD ["/bin/sh", "-c", "/usr/bin/nc -lk -p 8080 -e echo -e \"HTTP/1.1 200 OK\n\nHello World!\n$(date)\""] diff --git a/ds-jupyter-lab/files/.pre-commit-config.yaml b/ds-jupyter-lab/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/ds-jupyter-lab/files/.pre-commit-config.yaml +++ b/ds-jupyter-lab/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/ds-rshiny/files/.pre-commit-config.yaml b/ds-rshiny/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/ds-rshiny/files/.pre-commit-config.yaml +++ b/ds-rshiny/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/ds-streamlit/files/.pre-commit-config.yaml b/ds-streamlit/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/ds-streamlit/files/.pre-commit-config.yaml +++ b/ds-streamlit/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/ds-streamlit/files/docker_streamlit/Dockerfile b/ds-streamlit/files/docker_streamlit/Dockerfile index 002e9d886..b4cb02997 100644 --- a/ds-streamlit/files/docker_streamlit/Dockerfile +++ b/ds-streamlit/files/docker_streamlit/Dockerfile @@ -17,6 +17,9 @@ USER root RUN mkdir -p /app && \ mkdir -p /app/.streamlit +RUN yum -y update && \ + yum clean all + RUN chown -R 1001:0 /app && \ chmod -R g=u /app diff --git a/e2e-cypress/files/.pre-commit-config.yaml b/e2e-cypress/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/e2e-cypress/files/.pre-commit-config.yaml +++ b/e2e-cypress/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/e2e-spock-geb/files/.pre-commit-config.yaml b/e2e-spock-geb/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/e2e-spock-geb/files/.pre-commit-config.yaml +++ b/e2e-spock-geb/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/fe-angular/files/.pre-commit-config.yaml b/fe-angular/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/fe-angular/files/.pre-commit-config.yaml +++ b/fe-angular/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/fe-angular/files/docker/Dockerfile b/fe-angular/files/docker/Dockerfile index 9818c78cf..6b121d220 100644 --- a/fe-angular/files/docker/Dockerfile +++ b/fe-angular/files/docker/Dockerfile @@ -1,5 +1,9 @@ FROM nginx:1.27.1-alpine +RUN apk update && \ + apk -i upgrade && \ + apk cache clean + RUN chmod -R 777 /var/log/nginx /var/cache/nginx /var/run \ && chgrp -R 0 /etc/nginx \ && chmod -R g+rwX /etc/nginx diff --git a/fe-ionic/files/.pre-commit-config.yaml b/fe-ionic/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/fe-ionic/files/.pre-commit-config.yaml +++ b/fe-ionic/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/fe-ionic/files/docker/Dockerfile b/fe-ionic/files/docker/Dockerfile index 9818c78cf..6b121d220 100644 --- a/fe-ionic/files/docker/Dockerfile +++ b/fe-ionic/files/docker/Dockerfile @@ -1,5 +1,9 @@ FROM nginx:1.27.1-alpine +RUN apk update && \ + apk -i upgrade && \ + apk cache clean + RUN chmod -R 777 /var/log/nginx /var/cache/nginx /var/run \ && chgrp -R 0 /etc/nginx \ && chmod -R g+rwX /etc/nginx diff --git a/inf-terraform-aws/files/.pre-commit-config.yaml b/inf-terraform-aws/files/.pre-commit-config.yaml index 921ce09aa..9acbcd4e9 100644 --- a/inf-terraform-aws/files/.pre-commit-config.yaml +++ b/inf-terraform-aws/files/.pre-commit-config.yaml @@ -3,7 +3,7 @@ fail_fast: true repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks - repo: https://github.com/pre-commit/pre-commit-hooks.git diff --git a/inf-terraform-azure/files/.pre-commit-config.yaml b/inf-terraform-azure/files/.pre-commit-config.yaml index 248faf615..108f29478 100644 --- a/inf-terraform-azure/files/.pre-commit-config.yaml +++ b/inf-terraform-azure/files/.pre-commit-config.yaml @@ -2,7 +2,7 @@ exclude: .terraform fail_fast: true repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks - repo: https://github.com/pre-commit/pre-commit-hooks.git diff --git a/release-manager/files/.pre-commit-config.yaml b/release-manager/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/release-manager/files/.pre-commit-config.yaml +++ b/release-manager/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks diff --git a/saas-documentation/files/.pre-commit-config.yaml b/saas-documentation/files/.pre-commit-config.yaml index c9528f476..f1f8f73f5 100644 --- a/saas-documentation/files/.pre-commit-config.yaml +++ b/saas-documentation/files/.pre-commit-config.yaml @@ -1,5 +1,5 @@ repos: - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.1 + rev: v8.18.4 hooks: - id: gitleaks