Merge branch 'master' into update-aws-cn-link

Checkmarx · Oct 29, 2024 · 4d2c74f · 4d2c74f
2 parents 2c271dd + 8b81742
commit 4d2c74f
Show file tree

Hide file tree

Showing 14 changed files with 177 additions and 418 deletions.
diff --git a/.github/workflows/go-ci-integration.yml b/.github/workflows/go-ci-integration.yml
@@ -49,7 +49,7 @@ jobs:
         run: echo ${{ steps.docker_build.outputs.digest }}
       - name: Run docker image and generate results.json
         run: |
-          docker run -v ${PWD}/assets/queries:/path \
+          docker run --user $(id -u):$(id -g) -v ${PWD}/assets/queries:/path \
             kics:${{ github.sha }} scan \
             --silent \
             --disable-full-descriptions \

diff --git a/.github/workflows/go-e2e.yaml b/.github/workflows/go-e2e.yaml
@@ -96,9 +96,10 @@ jobs:
       - name: Get docker name
         run: |
           DOCKER_NAME=$(echo ${{ matrix.kics-docker }} | sed 's/\//-/')
+          echo "DOCKER_NAME=$DOCKER_NAME" >> $GITHUB_ENV
       - name: Archive test report
         if: always()
         uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
         with:
-          name: e2e-tests-report-$DOCKER_NAME
+          name: e2e-tests-report-${{ env.DOCKER_NAME }}
           path: e2e-report.html
diff --git a/.github/workflows/release-apispec.yml b/.github/workflows/release-apispec.yml
diff --git a/.github/workflows/release-dkr-image-for-tag.yml b/.github/workflows/release-dkr-image-for-tag.yml
diff --git a/.github/workflows/release-dkr-image.yml b/.github/workflows/release-dkr-image.yml
@@ -41,14 +41,33 @@ jobs:
           image: tonistiigi/binfmt:latest
           platforms: linux/amd64,linux/arm64
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
       - name: Login to DockerHub
-        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Get current date
+        run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        with:
+          images: "checkmarx/kics"
+          labels: |
+            org.opencontainers.image.title=KICS
+            org.opencontainers.image.version=${{ steps.get-version.outputs.version }}
+            org.opencontainers.image.vendor=Checkmarx
+            org.opencontainers.image.authors=KICS
+            org.opencontainers.image.description=Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
+            org.opencontainers.image.documentation=https://docs.kics.io
+            org.opencontainers.image.url=https://github.com/Checkmarx/kics
+            org.opencontainers.image.source=https://github.com/Checkmarx/kics
+            org.opencontainers.image.licenses=Apache-2.0
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.created=${{ env.CREATED_AT }}
       - name: Push alpine to Docker Hub
-        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
         id: build_alpine
         with:
           context: .
@@ -60,9 +79,10 @@ jobs:
             COMMIT=${{ github.sha }}
             SENTRY_DSN=${{ secrets.SENTRY_DSN }}
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
+          labels: ${{ steps.meta.outputs.labels }}
       - name: Build and push debian to Docker Hub
         id: build_debian
-        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
         with:
           context: .
           file: ./docker/Dockerfile.debian
@@ -74,9 +94,10 @@ jobs:
             COMMIT=${{ github.sha }}
             SENTRY_DSN=${{ secrets.SENTRY_DSN }}
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
+          labels: ${{ steps.meta.outputs.labels }}
       - name: Build and push ubi8 to Docker Hub
         id: build_ubi8
-        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
         with:
           context: .
           file: ./docker/Dockerfile.ubi8
@@ -88,6 +109,7 @@ jobs:
             COMMIT=${{ github.sha }}
             SENTRY_DSN=${{ secrets.SENTRY_DSN }}
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
+          labels: ${{ steps.meta.outputs.labels }}
       # TODO: dockerhub api does not support PAT yet
       # https://github.com/docker/roadmap/issues/115#issuecomment-891694974
       # https://github.com/docker/roadmap/issues/115