bump to alpine 3.18

.github/workflows/docker-image.yml

@@ -39,15 +39,15 @@ jobs:
 
     - 
       name: build docker images
-      run: |
+      run: | # shellcheck disable=SC2086
         for image in $BASE_IMAGES;do
           echo "Processing $image"
           bundle exec rake build:$image
         done
 
     -
       name: test docker images
-      run: |
+      run: | # shellcheck disable=SC2086
         for image in $BASE_IMAGES;do
           echo "Processing $image"
           bundle exec rake spec:$image
@@ -145,15 +145,15 @@ jobs:
         IMAGE: spruce
     -
       name: build docker images with dependencies
-      run: |
+      run: | # shellcheck disable=SC2086
         for image in $IMAGES_WITH_DEPENDENCIES;do
           echo "Processing $image"
           bundle exec rake build:$image
         done
 
     -
       name: test docker images with dependencies
-      run: |
+      run: |# shellcheck disable=SC2086
         for image in $IMAGES_WITH_DEPENDENCIES;do
           echo "Processing $image"
           bundle exec rake spec:$image
@@ -191,10 +191,18 @@ jobs:
     runs-on: ubuntu-latest
     needs: [ build_and_publish ]
     steps:
-      - name: check docker public images
-        run: |
+      - # Currently we cannot use `docker manifest` without authentication, it results in "unauthorized: access token has insufficient scopes"
+        # Also, to save network bandwidth and reduce build time we avoid using `docker pull`
+        name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+      -
+        name: check docker public images
+        run: | # shellcheck disable=SC2086
           for image in $BASE_IMAGES $IMAGES_WITH_DEPENDENCIES;do
-            echo "Processing $image"
+            echo "Processing $image: checking manifest for $DOCKERHUB_ORG/$image:$GITHUB_SHA"
             docker manifest inspect $DOCKERHUB_ORG/$image:$GITHUB_SHA
           done
 

.github/workflows/lint_on_pr.yml

@@ -24,22 +24,23 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Lint Code Base (Blocking) # Blow up on gitleaks / github actions errors (ie. things which may / will cause issues)
-        uses: github/super-linter@v4
-        env:
-          VALIDATE_ALL_CODEBASE: false
-          DEFAULT_BRANCH: main
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          DISABLE_ERRORS: false
-          VALIDATE_GITLEAKS: true
-          VALIDATE_GITHUB_ACTIONS: true
+#      - name: Lint Code Base (Blocking) # Blow up on gitleaks / github actions errors (ie. things which may / will cause issues)
+#        uses: super-linter/super-linter/slim@v5
+#        env:
+#          VALIDATE_ALL_CODEBASE: false
+#          DEFAULT_BRANCH: main
+#          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#          DISABLE_ERRORS: true
+#          VALIDATE_GITLEAKS: true
+#          VALIDATE_GITHUB_ACTIONS: true
 
       - name: Lint Code Base (Information only) # Run linter on everything else, but in 'information-only' mode.
-        uses: github/super-linter@v4
+        uses: super-linter/super-linter/slim@v5
         env:
           VALIDATE_ALL_CODEBASE: false
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           DISABLE_ERRORS: true
           VALIDATE_GITLEAKS: false
           VALIDATE_GITHUB_ACTIONS: false
+

alpine/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.18
 
 RUN apk add --no-cache \
         jq~1 \

awscli/Dockerfile

@@ -1,11 +1,11 @@
-FROM orangecloudfoundry/curl-ssl
+FROM elpaasoci/curl-ssl
 
 ENV AWSCLI_VERSION "1.18.140"
 
 RUN apk add --no-cache \
-        groff~1.22.4-r1 \
+        groff~1.22.4-r4 \
         less>=590-r0 \
-        python3~3.10 \
-        py3-pip~22 \
+        python3~3.11 \
+        py3-pip~23 \
     && pip3 install \
         awscli==$AWSCLI_VERSION

bosh-cli-v2-cf-cli/Dockerfile

@@ -1,4 +1,4 @@
-FROM orangecloudfoundry/bosh-cli-v2:latest
+FROM elpaasoci/bosh-cli-v2:latest
 
 # we use libc6 instead of libc6-compat as we do not use alpine base image
 ENV CF_PACKAGES "unzip curl openssl ca-certificates git libc6 bash jq gettext make"

bosh-cli-v2-cf-cli/bosh-cli-v2-cf-cli_spec.rb

@@ -2,13 +2,13 @@
 require 'docker'
 require 'serverspec'
 
-BOSH_CLI_VERSION="6.4.17-f0454a75-2022-02-25T00:42:57Z"
+BOSH_CLI_VERSION="7.2.3-b36ee5199-2023-04-28T22:35:13Z"
 CREDHUB_VERSION='2.9.1'
 CF_CLI_VERSION="8.3.0"
 SPRUCE_BIN = "/usr/local/bin/spruce"
 SPRUCE_VERSION = "1.29.0"
-BOSH_ENV_DEPS = "build-essential zlibc zlib1g-dev openssl libxslt1-dev libxml2-dev \
-    libssl-dev libreadline7 libreadline-dev libyaml-dev libsqlite3-dev sqlite3"
+BOSH_ENV_DEPS = "build-essential zlib1g-dev openssl libxslt1-dev libxml2-dev \
+    libssl-dev libreadline8 libreadline-dev libyaml-dev libsqlite3-dev sqlite3"
 CF_ENV_DEPS = "unzip curl openssl ca-certificates git libc6 bash jq gettext make"
 
 describe "bosh-cli-v2-cf-cli image" do

bosh-cli-v2/Dockerfile

@@ -1,14 +1,14 @@
-FROM ruby:3.1-slim-buster
+FROM ruby:3.1-slim-bullseye
 
-ENV BOSH_CLI_VERSION 6.4.17
-ENV BOSH_CLI_SUM d0917d3ad0ff544a4c69a7986e710fe48e8cb2207717f77db31905d639e28c18
+ENV BOSH_CLI_VERSION 7.2.3
+ENV BOSH_CLI_SUM f090d6962a56d946f9592105f6a97956f77d4b6f527e184105355d3f46f354ad
 ENV BOSH_CLI_FILENAME bosh-cli-${BOSH_CLI_VERSION}-linux-amd64
 
 ENV DEBIAN_PACKAGES "ca-certificates wget git openssh-client file jq"
 
 # https://bosh.io/docs/cli-env-deps.html
-ENV BOSH_ENV_DEPS "build-essential zlibc zlib1g-dev openssl libxslt1-dev \
-  libxml2-dev libssl-dev libreadline7 libreadline-dev libyaml-dev libsqlite3-dev sqlite3"
+ENV BOSH_ENV_DEPS "build-essential zlib1g-dev openssl libxslt1-dev \
+  libxml2-dev libssl-dev libreadline8 libreadline-dev libyaml-dev libsqlite3-dev sqlite3"
 
 ENV BOSH_AWS_CPI_URL https://bosh.io/d/github.com/cloudfoundry/bosh-aws-cpi-release?v=87
 ENV BOSH_AWS_CPI_CHECKSUM a920cd1bdead3d6167273e763912becca2225ba6
@@ -24,8 +24,8 @@ RUN wget -nv https://s3.amazonaws.com/bosh-cli-artifacts/${BOSH_CLI_FILENAME} \
   && chmod +x ${BOSH_CLI_FILENAME} \
   && mv ${BOSH_CLI_FILENAME} /usr/local/bin/bosh
 
-ENV CREDHUB_CLI_VERSION 2.9.1
-ENV CREDHUB_CLI_SUM df8aa256d4563d741bda71e4e0baff077addce8438dba4f9157504b387b93d9f
+ENV CREDHUB_CLI_VERSION 2.9.15
+ENV CREDHUB_CLI_SUM d61c738f65004afd35ed8dd5d17f57d0f1700629ad29e5335b906746f8958026
 ENV CREDHUB_CLI_FILENAME credhub-linux-${CREDHUB_CLI_VERSION}.tgz
 
 RUN wget -nv https://github.com/cloudfoundry-incubator/credhub-cli/releases/download/${CREDHUB_CLI_VERSION}/${CREDHUB_CLI_FILENAME} \
@@ -34,8 +34,8 @@ RUN wget -nv https://github.com/cloudfoundry-incubator/credhub-cli/releases/down
   && chmod +x credhub \
   && mv credhub /usr/local/bin/credhub
 
-ENV YQ_VERSION 4.22.1
-ENV YQ_SUM 54bbc804b90595c62685e8d4f19330b968cd716f72edc03cbda91adbc808036e
+ENV YQ_VERSION 4.33.3
+ENV YQ_SUM 4ee662847c588c3ef2fec8bfb304e8739e3dbaba87ccb9a608d691c88f5b64dc
 ENV YQ_FILENAME yq_linux_amd64
 
 RUN wget -nv https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/${YQ_FILENAME} \

bosh-cli-v2/bosh-cli-v2_spec.rb

@@ -2,11 +2,11 @@
 require 'docker'
 require 'serverspec'
 
-BOSH_CLI_VERSION="6.4.17-f0454a75-2022-02-25T00:42:57Z"
+BOSH_CLI_VERSION="7.2.3-b36ee5199-2023-04-28T22:35:13Z"
 CREDHUB_VERSION='2.9.1'
 
-BOSH_ENV_DEPS = "build-essential zlibc zlib1g-dev openssl libxslt1-dev libxml2-dev \
-    libssl-dev libreadline7 libreadline-dev libyaml-dev libsqlite3-dev sqlite3"
+BOSH_ENV_DEPS = "build-essential zlib1g-dev openssl libxslt1-dev libxml2-dev \
+    libssl-dev libreadline8 libreadline-dev libyaml-dev libsqlite3-dev sqlite3"
 
 describe "bosh-cli-v2 image" do
   before(:all) {

cf-cli/Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:3.1-alpine3.16
+FROM ruby:3.1-alpine3.18
 
 ENV PACKAGES "unzip curl openssl ca-certificates git libc6-compat bash jq gettext make"
 ENV CF_CLI_VERSION "8.6.0"

cf-uaac/Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:3.1-alpine3.16
+FROM ruby:3.1-alpine3.18
 
 
 RUN apk add --no-cache musl-dev gcc make g++

curl-ssl/Dockerfile

@@ -1,8 +1,8 @@
-FROM alpine:3.16
+FROM alpine:3.18
 
 RUN apk add --no-cache \
         openssl \
         ca-certificates \
         jq~1 \
         gettext~0.21 \
-        curl~7
+        curl~8

curl-ssl/curl-ssl_spec.rb

@@ -12,7 +12,7 @@
   end
 
   it 'installs the right version of Alpine' do
-    expect(os_version).to include('Alpine Linux 3.16')
+    expect(os_version).to include('Alpine Linux 3.18')
   end
 
   def os_version

git-ssh/Dockerfile

@@ -2,7 +2,7 @@ FROM ghcr.io/alphagov/paas/alpine:main
 
 RUN apk add --no-cache \
         git~2 \
-        curl~7 \
+        curl~8 \
         openssh-client-default~9 \
         gnupg~2.2 \
         bash~5.1

json-minify/Dockerfile

@@ -1,3 +1,3 @@
-FROM ruby:3.1-alpine3.16
+FROM ruby:3.1-alpine3.18
 
 RUN gem install json-minify -v 0.0.2 --no-document

k8s-tools/Dockerfile

@@ -20,8 +20,8 @@ RUN echo "Computed sha256sum: $(sha256sum ${YTT_FILENAME})" \
     && mv ${YTT_FILENAME} ytt
 
 
-ENV CREDHUB_CLI_VERSION 2.9.1
-ENV CREDHUB_CLI_SUM df8aa256d4563d741bda71e4e0baff077addce8438dba4f9157504b387b93d9f
+ENV CREDHUB_CLI_VERSION 2.9.15
+ENV CREDHUB_CLI_SUM d61c738f65004afd35ed8dd5d17f57d0f1700629ad29e5335b906746f8958026
 ENV CREDHUB_CLI_FILENAME credhub-linux-${CREDHUB_CLI_VERSION}.tgz
 ADD https://github.com/cloudfoundry-incubator/credhub-cli/releases/download/${CREDHUB_CLI_VERSION}/${CREDHUB_CLI_FILENAME} .
 RUN echo "Computed sha256sum: $(sha256sum ${CREDHUB_CLI_FILENAME})" \
@@ -44,15 +44,15 @@ RUN echo "Computed sha256sum: $(sha256sum ${KAPP_FILENAME})" \
     && echo "${KAPP_SUM}  ${KAPP_FILENAME}" | sha256sum -c - \
     && mv kapp-linux-amd64 kapp
 
-ENV KUBECTL_VERSION 1.21.10
-ENV KUBECTL_SUM 24ce60269b1ffe1ca151af8bfd3905c2427ebef620bc9286484121adf29131c0
+ENV KUBECTL_VERSION 1.24.13
+ENV KUBECTL_SUM 52455fe485fa11c650ab07fea2e4856b5ea5a3e6ef8a1b3b6121e6361437fff9
 ENV KUBECTL_FILENAME kubectl
 ADD https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl .
 RUN echo "Computed sha256sum: $(sha256sum ${KUBECTL_FILENAME})" \
     && echo "${KUBECTL_SUM}  ${KUBECTL_FILENAME}" | sha256sum -c -
 
-ENV HELM_VERSION 3.8.1
-ENV HELM_SUM d643f48fe28eeb47ff68a1a7a26fc5142f348d02c8bc38d699674016716f61cd
+ENV HELM_VERSION 3.12.0
+ENV HELM_SUM da36e117d6dbc57c8ec5bab2283222fbd108db86c83389eebe045ad1ef3e2c3b
 ENV HELM_FILENAME helm-v${HELM_VERSION}-linux-amd64.tar.gz
 ADD https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz .
 RUN echo "Computed sha256sum: $(sha256sum ${HELM_FILENAME})" \
@@ -61,26 +61,26 @@ RUN echo "Computed sha256sum: $(sha256sum ${HELM_FILENAME})" \
     && mv linux-amd64/helm helm \
     && rm -rf linux-amd64
 
-ENV KUTTL_VERSION 0.11.1
-ENV KUTTL_PLUGIN_SUM 0fb13f8fbb6109803a06847a8ad3fae4fedc8cd159e2b0fd6c1a1d8737191e5f
+ENV KUTTL_VERSION 0.15.0
+ENV KUTTL_PLUGIN_SUM f6edcf22e238fc71b5aa389ade37a9efce596017c90f6994141c45215ba0f862
 ENV KUTTL_PLUGIN_FILENAME kubectl-kuttl_${KUTTL_VERSION}_linux_x86_64
 ADD https://github.com/kudobuilder/kuttl/releases/download/v${KUTTL_VERSION}/${KUTTL_PLUGIN_FILENAME} .
 RUN echo "Computed ${KUTTL_PLUGIN_FILENAME} sha256sum: $(sha256sum ${KUTTL_PLUGIN_FILENAME})" \
     && echo "${KUTTL_PLUGIN_SUM}  ${KUTTL_PLUGIN_FILENAME}" | sha256sum -c - \
     && mv ${KUTTL_PLUGIN_FILENAME} kubectl-kuttl \
     && ln -s kubectl-kuttl kuttl
 
-ENV YQ_VERSION 4.22.1
-ENV YQ_SUM 54bbc804b90595c62685e8d4f19330b968cd716f72edc03cbda91adbc808036e
+ENV YQ_VERSION 4.33.3
+ENV YQ_SUM 4ee662847c588c3ef2fec8bfb304e8739e3dbaba87ccb9a608d691c88f5b64dc
 ENV YQ_FILENAME yq_linux_amd64
 ADD https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/${YQ_FILENAME} .
 RUN echo "Computed ${YQ_FILENAME} sha256sum: $(sha256sum ${YQ_FILENAME})" \
     && echo "${YQ_SUM}  ${YQ_FILENAME}" | sha256sum -c - \
     && chmod +x ${YQ_FILENAME} \
     && mv ${YQ_FILENAME} /usr/local/bin/yq
 
-ENV BOSH_CLI_VERSION 6.4.17
-ENV BOSH_CLI_SUM d0917d3ad0ff544a4c69a7986e710fe48e8cb2207717f77db31905d639e28c18
+ENV BOSH_CLI_VERSION 7.2.3
+ENV BOSH_CLI_SUM f090d6962a56d946f9592105f6a97956f77d4b6f527e184105355d3f46f354ad
 ENV BOSH_CLI_FILENAME bosh-cli-${BOSH_CLI_VERSION}-linux-amd64
 ADD https://s3.amazonaws.com/bosh-cli-artifacts/${BOSH_CLI_FILENAME} .
 RUN echo "Computed ${BOSH_CLI_FILENAME} sha256sum: $(sha256sum ${BOSH_CLI_FILENAME})" \

k8s-tools/k8s-tools_spec.rb

@@ -2,14 +2,14 @@
 require 'docker'
 require 'serverspec'
 
-BOSH_CLI_VERSION="6.4.17-f0454a75-2022-02-25T00:42:57Z"
+BOSH_CLI_VERSION="7.2.3-b36ee5199-2023-04-28T22:35:13Z"
 YTT_VERSION="0.40.1"
 CREDHUB_VERSION='2.9.1'
 KUSTOMIZE_VERSION="4.5.1"
 KAPP_VERSION="0.46.0"
 KUBECTL_VERSION="1.21.10"
-HELM_VERSION="3.8.1"
-KUTTL_VERSION="0.11.1"
+HELM_VERSION="3.12.0"
+KUTTL_VERSION="0.15.0"
 
 DEPS = "unzip curl openssl ca-certificates git libc6 bash jq gettext"
 

node/Dockerfile

@@ -1 +1 @@
-FROM node:lts-alpine3.16
+FROM node:lts-alpine3.18

psql/psql_spec.rb

@@ -3,7 +3,7 @@
 require 'serverspec'
 
 PSQL_PACKAGE = 'postgresql-client'
-ALPINE_VERSION = "3.16"
+ALPINE_VERSION = "3.18"
 
 describe "psql image" do
   before(:all) {

ruby-base/Dockerfile

@@ -1 +1 @@
-FROM ruby:3.1-alpine3.16
+FROM ruby:3.1-alpine3.18

spruce/Dockerfile

@@ -1,10 +1,9 @@
-FROM ghcr.io/alphagov/paas/alpine:main
+FROM alpine:3.18
 
 ENV SPRUCE_VERSION 1.29.0
 
 RUN apk add --no-cache \
         wget~1 \
     && wget https://github.com/geofffranks/spruce/releases/download/v${SPRUCE_VERSION}/spruce-linux-amd64 \
     && chmod +x spruce-linux-amd64 \
-    && mv spruce-linux-amd64 /usr/local/bin/spruce \
-    && apk del wget ca-certificates
+    && mv spruce-linux-amd64 /usr/local/bin/spruce  \

spruce/spruce_spec.rb

@@ -4,7 +4,7 @@
 
 SPRUCE_BIN = "/usr/local/bin/spruce"
 SPRUCE_VERSION = "1.29.0"
-ALPINE_VERSION = "3.16"
+ALPINE_VERSION = "3.18"
 
 describe "spruce image" do
   before(:all) {