Merge pull request #5 from advanced-security/update-container

GeekMasher · web-flow · commit c1263a85b9ac · 2025-06-18T12:28:30.000+01:00
feat: Update Docker image and Cargo updates
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -7,7 +7,7 @@ authors = ["GeekMasher"]
 license = "MIT"
 
 edition = "2024"
-rust-version = "1.85"
+rust-version = "1.87"
 
 publish = false
 
@@ -16,9 +16,9 @@ publish = false
 [dependencies]
 log = "0.4"
 env_logger = "0.11"
-tokio = { version = "1", features = ["full"] }
-anyhow = "1"
-thiserror = "2"
+tokio = { version = "1.45", features = ["full"] }
+anyhow = "1.0"
+thiserror = "2.0"
 dotenvy = "0.15"
 glob = "0.3"
 # Actions
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/library/rust:1.85-slim as builder
+FROM docker.io/library/rust:1.87-slim AS builder
 
 ENV TARGET=x86_64-unknown-linux-gnu
 
@@ -9,22 +9,25 @@ COPY . .
 # Install dependencies
 RUN apt-get update && \
     apt-get install -y --no-install-recommends pkg-config build-essential libssl-dev && \
-    cargo build --release && \
-    mv target/release/codeql-extractor-action target/
+    cargo build --release --target $TARGET && \
+    mv target/${TARGET}/release/codeql-extractor-action target/
 
-FROM docker.io/library/debian:12-slim
+# We have to use Debian testing as the stable version has an old
+# version of `glibc` that doesn't work with new-ist versions of CodeQL.
+FROM docker.io/library/debian:testing-slim
 WORKDIR /app
 
 COPY --from=builder /app/target/codeql-extractor-action /usr/local/bin/codeql-extractor-action
 
-# Install gh CLI
+# Install GitHub CLI
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends curl git ca-certificates && \
+    apt-get install -y curl git ca-certificates && \
     curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg && \
     chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg && \
     echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null && \
     apt-get update && \
     apt-get install -y --no-install-recommends gh && \
+    apt-get remove -y curl && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
diff --git a/src/main.rs b/src/main.rs
@@ -195,14 +195,12 @@ async fn main() -> Result<()> {
                 });
 
                 log::debug!("Writing SARIF file to {sarif_path:?}");
-                if let Err(e) = std::fs::write(&sarif_path, serde_json::to_string(&sarif)?)
-                {
+                if let Err(e) = std::fs::write(&sarif_path, serde_json::to_string(&sarif)?) {
                     log::error!("Failed to write SARIF file: {e}");
                 } else {
                     log::info!("SARIF file written successfully: {sarif_path:?}");
                 }
             }
-
         }
 
         // Reload the database to get analysis info

Original file line number	Diff line number	Diff line change
`@@ -195,14 +195,12 @@ async fn main() -> Result<()> {`
`195`	`195`	`});`
`196`	`196`
`197`	`197`	`log::debug!("Writing SARIF file to {sarif_path:?}");`
`198`		`- if let Err(e) = std::fs::write(&sarif_path, serde_json::to_string(&sarif)?)`
`199`		`- {`
	`198`	`+ if let Err(e) = std::fs::write(&sarif_path, serde_json::to_string(&sarif)?) {`
`200`	`199`	`log::error!("Failed to write SARIF file: {e}");`
`201`	`200`	`} else {`
`202`	`201`	`log::info!("SARIF file written successfully: {sarif_path:?}");`
`203`	`202`	`}`
`204`	`203`	`}`
`205`		`-`
`206`	`204`	`}`
`207`	`205`
`208`	`206`	`// Reload the database to get analysis info`