💚 Update ci

go-sigma · Feb 15, 2024 · 266d8c3 · 266d8c3
1 parent 35c402e
commit 266d8c3
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 26 deletions.
diff --git a/.github/workflows/image-build.yml b/.github/workflows/image-build.yml
@@ -67,6 +67,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           provenance: false
           sbom: false
+          outputs: oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true
   image-build-debian:
     name: image-build-debian
     runs-on: ubuntu-22.04
@@ -121,6 +122,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           provenance: false
           sbom: false
+          outputs: oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true
   image-build-builder:
     name: image-build-builder
     runs-on: ubuntu-22.04
@@ -173,3 +175,4 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           provenance: false
           sbom: false
+          outputs: oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true
diff --git a/Makefile b/Makefile
@@ -78,10 +78,10 @@ endif
 
 ## Docker:
 docker-build: ## Use the dockerfile to build the sigma image
-	docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=false,oci-mediatypes=true .
+	docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/Dockerfile --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME):latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true .
 
 docker-build-builder: ## Use the dockerfile to build the sigma-builder image
-	docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/Dockerfile.builder --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=false,oci-mediatypes=true .
+	docker buildx build --build-arg USE_MIRROR=$(USE_MIRROR) -f build/Dockerfile.builder --platform $(DOCKER_PLATFORMS) --progress plain --output type=docker,name=$(DOCKER_REGISTRY)/$(BINARY_NAME)-builder:latest,push=false,oci-mediatypes=true,compression=zstd,compression-level=12,force-compression=true .
 
 ## Misc:
 migration-create: ## Create a new migration file

diff --git a/build/Dockerfile b/build/Dockerfile
@@ -34,7 +34,6 @@ FROM alpine:${ALPINE_VERSION} as trivy
 
 ARG USE_MIRROR=false
 ARG TRIVY_VERSION=0.49.0
-ARG ORAS_VERSION=1.0.0
 ARG TARGETOS TARGETARCH
 
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
@@ -51,16 +50,9 @@ RUN set -eux && \
   tar -xzf trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \
   mv trivy /usr/local/bin/trivy && \
   rm trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \
-  wget -q -O oras_"${ORAS_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz https://github.com/oras-project/oras/releases/download/v"${ORAS_VERSION}"/oras_"${ORAS_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \
-  tar -xzf oras_"${ORAS_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \
-  mv oras /usr/local/bin/oras && \
-  rm oras_"${ORAS_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \
-  oras pull ghcr.io/aquasecurity/trivy-db:2 && \
   mkdir -p /opt/trivy/ && \
-  mv ./db.tar.gz /opt/trivy/db.tar.gz && \
-  cd /opt/trivy && \
-  tar -xzf db.tar.gz && \
-  rm db.tar.gz
+  trivy --cache-dir /opt/trivy/ image --download-java-db-only --no-progress && \
+  trivy --cache-dir /opt/trivy/ image --download-db-only --no-progress
 
 FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} as builder
 
@@ -99,8 +91,7 @@ RUN set -eux && \
 
 COPY --from=syft /usr/local/bin/syft /usr/local/bin/syft
 COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy
-COPY --from=trivy /opt/trivy/trivy.db /opt/trivy/db/trivy.db
-COPY --from=trivy /opt/trivy/metadata.json /opt/trivy/db/metadata.json
+COPY --from=trivy /opt/trivy/ /opt/trivy/
 COPY ./conf/config.yaml /etc/sigma/config.yaml
 COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma /usr/local/bin/sigma
 

diff --git a/build/Dockerfile.debian b/build/Dockerfile.debian
@@ -35,7 +35,6 @@ FROM alpine:${ALPINE_VERSION} as trivy
 
 ARG USE_MIRROR=false
 ARG TRIVY_VERSION=0.49.0
-ARG ORAS_VERSION=1.0.0
 ARG TARGETOS TARGETARCH
 
 RUN set -eux && \
@@ -50,16 +49,9 @@ RUN set -eux && \
   tar -xzf trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \
   mv trivy /usr/local/bin/trivy && \
   rm trivy_"${TRIVY_VERSION}"_"${TRIVYOS}"-"${TRIVYARCH}".tar.gz && \
-  wget -q -O oras_"${ORAS_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz https://github.com/oras-project/oras/releases/download/v"${ORAS_VERSION}"/oras_"${ORAS_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \
-  tar -xzf oras_"${ORAS_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \
-  mv oras /usr/local/bin/oras && \
-  rm oras_"${ORAS_VERSION}"_"${TARGETOS}"_"${TARGETARCH}".tar.gz && \
-  oras pull ghcr.io/aquasecurity/trivy-db:2 && \
   mkdir -p /opt/trivy/ && \
-  mv ./db.tar.gz /opt/trivy/db.tar.gz && \
-  cd /opt/trivy && \
-  tar -xzf db.tar.gz && \
-  rm db.tar.gz
+  trivy --cache-dir /opt/trivy/ image --download-java-db-only --no-progress && \
+  trivy --cache-dir /opt/trivy/ image --download-db-only --no-progress
 
 FROM --platform=$BUILDPLATFORM golang:${GOLANG_VERSION} as builder
 
@@ -123,8 +115,7 @@ RUN set -eux && \
 
 COPY --from=syft /usr/local/bin/syft /usr/local/bin/syft
 COPY --from=trivy /usr/local/bin/trivy /usr/local/bin/trivy
-COPY --from=trivy /opt/trivy/trivy.db /opt/trivy/db/trivy.db
-COPY --from=trivy /opt/trivy/metadata.json /opt/trivy/db/metadata.json
+COPY --from=trivy /opt/trivy/ /opt/trivy/
 COPY ./conf/config.yaml /etc/sigma/config.yaml
 COPY --from=builder /go/src/github.com/go-sigma/sigma/bin/sigma /usr/local/bin/sigma