diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 34aac41..4ab1a2d 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -16,7 +16,7 @@ jobs: timeout-minutes: 30 steps: - name: Check out the repo - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set imageName based on the repository name id: step_one run: | @@ -25,44 +25,38 @@ jobs: echo "imageName=$imageName" >> $GITHUB_ENV - name: Docker meta id: docker_meta - uses: crazy-max/ghaction-docker-meta@v1 + uses: docker/metadata-action@v4 with: images: ${{ env.imageName }} - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Login to Harbor - uses: docker/login-action@v1 + uses: docker/setup-buildx-action@v2 + - name: Login to DockerHub + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Buildx cache - uses: actions/cache@v1 - with: - path: ${{ github.workspace }}/cache - key: ${{ runner.os }}-docker-${{ hashfiles('cache/**') }} - restore-keys: | - ${{ runner.os }}-docker - name: Build and push id: docker_build - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: platforms: ${{ env.platforms }} push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.docker_meta.outputs.tags }} labels: ${{ steps.docker_meta.outputs.labels }} - cache-from: type=local,src=${{ github.workspace }}/cache - cache-to: type=local,dest=${{ github.workspace }}/cache - # temporarily disabled until https://github.com/aquasecurity/trivy-action/issues/22 is resolved - # - name: Run Trivy vulnerability scanner - # uses: aquasecurity/trivy-action@master - # with: - # image-ref: ${{ env.imageName }}:${{ steps.docker_meta.outputs.version }} - # format: "template" - # template: "@/contrib/sarif.tpl" - # output: "trivy-results.sarif" - # - name: Upload Trivy scan results to GitHub Security tab - # uses: github/codeql-action/upload-sarif@v1 - # with: - # sarif_file: "trivy-results.sarif" + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ env.imageName }}:${{ steps.docker_meta.outputs.version }} + format: 'sarif' + output: 'trivy-results.sarif' + ignore-unfixed: true + vuln-type: 'os,library' + security-checks: 'vuln' + severity: 'CRITICAL,HIGH' + timeout: '10m0s' + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: "trivy-results.sarif" diff --git a/Dockerfile b/Dockerfile index 208d9aa..0073d63 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM beevelop/android RUN apt-get update && apt-get install -y curl gnupg2 lsb-release && \ curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \ apt-key fingerprint 1655A0AB68576280 && \ - export VERSION=node_14.x && \ + export VERSION=node_16.x && \ export DISTRO="$(lsb_release -s -c)" && \ echo "deb https://deb.nodesource.com/$VERSION $DISTRO main" | tee /etc/apt/sources.list.d/nodesource.list && \ echo "deb-src https://deb.nodesource.com/$VERSION $DISTRO main" | tee -a /etc/apt/sources.list.d/nodesource.list && \ diff --git a/LICENSE b/LICENSE index 5038ddf..a18d63f 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2016-2021 Maik Hummel (beevelop) +Copyright (c) 2016-2023 Maik Hummel (beevelop) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 16b5fd0..a159ad6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![GitHub Workflow Status](https://img.shields.io/github/workflow/status/beevelop/docker-android-nodejs/Docker%20Image?style=for-the-badge) +![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/beevelop/docker-android-nodejs/docker.yml?style=for-the-badge) ![Docker Pulls](https://img.shields.io/docker/pulls/beevelop/android-nodejs.svg?style=for-the-badge) ![Docker Stars](https://img.shields.io/docker/stars/beevelop/android-nodejs?style=for-the-badge) ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/beevelop/android-nodejs/latest?style=for-the-badge) @@ -8,29 +8,34 @@ ![CalVer](https://img.shields.io/badge/CalVer-YYYY.MM.MICRO-22bfda.svg?style=for-the-badge) [![Beevelop](https://img.shields.io/badge/-%20Made%20with%20%F0%9F%8D%AF%20by%20%F0%9F%90%9Dvelop-blue.svg?style=for-the-badge)](https://beevelop.com) -# Android 11 with Node.js `v14` and npm / yarn +# Android 13 with Node.js `v16` and npm / yarn ### based on [beevelop/android](https://github.com/beevelop/docker-android) -- Java 8 (OpenJDK 1.8.0_282) -- Gradle 4.4.1 (Groovy: 2.4.16) -- Apache Maven 3.6.3 -- Ant 1.10.7 + +- Java `11.0.17` +- Gradle `4.4.1` (Groovy: `2.4.17`) +- Apache Maven `3.6.3` +- Ant `1.10.7` +- Node.js `v16.19.0` +- npm `8.19.3` ### Pull, build or run this image + ```bash # pull the most recent tag / release -docker pull beevelop/android-nodejs:v2021.06.1 +docker pull beevelop/android-nodejs:v2023.01.1 # or run the image interactively -docker run --rm --name beevelop -it beevelop/android-nodejs:v2021.06.1 bash +docker run --rm --name beevelop -it beevelop/android-nodejs:v2023.01.1 bash # or build the image from GitHub docker build -t beevelop/android-nodejs github.com/beevelop/docker-base ``` -### Or use as base image +### Or use it as a base image + ```Dockerfile -FROM beevelop/android-nodejs:v2021.06.1 +FROM beevelop/android-nodejs:v2023.01.1 ``` --- @@ -39,6 +44,6 @@ FROM beevelop/android-nodejs:v2021.06.1 --- -### Use tags where possible, because... +### Use tags where possible, because ![One does not simply use latest](https://i.imgflip.com/1fgwxr.jpg)