Skip to content

Commit 02b4c36

Browse files
krkazmiervictoria-miltcheva
krkazmier
and
victoria-miltcheva
authored
Patching detect-secrets-stream image (#22)
* Fix Makefile deploy: no need for looping (#225) * Fix Makefile deploy: no need for looping Signed-off-by: Victoria Miltcheva <[email protected]> * Remove unnecessary ; Signed-off-by: Victoria Miltcheva <[email protected]> * Store image name in var Signed-off-by: Victoria Miltcheva <[email protected]> * Clean up Signed-off-by: Victoria Miltcheva <[email protected]> * More clean up Signed-off-by: Victoria Miltcheva <[email protected]> * Refactor Signed-off-by: Victoria Miltcheva <[email protected]> --------- Signed-off-by: Victoria Miltcheva <[email protected]> Signed-off-by: Kristi Kazmierczak <[email protected]> * updating detect-secrets version Signed-off-by: Kristi Kazmierczak <[email protected]> * updating more dependencies for pipfile Signed-off-by: Kristi Kazmierczak <[email protected]> * updating requests Signed-off-by: Kristi Kazmierczak <[email protected]> * updating cryptography to higher version Signed-off-by: Kristi Kazmierczak <[email protected]> * updating pre-commit version Signed-off-by: Kristi Kazmierczak <[email protected]> * updating pipenv version Signed-off-by: Kristi Kazmierczak <[email protected]> * adding an ignore virtualenvs flag to verify how builds runs with specified versions Signed-off-by: Kristi Kazmierczak <[email protected]> * updating makefile to create its own virtualenv Signed-off-by: Kristi Kazmierczak <[email protected]> * adding more override virtual env flags to makefile Signed-off-by: Kristi Kazmierczak <[email protected]> * addng more pip ignore installed flags Signed-off-by: Kristi Kazmierczak <[email protected]> * updating python version for travis build Signed-off-by: Kristi Kazmierczak <[email protected]> * reverting makefile and testing travisyml Signed-off-by: Kristi Kazmierczak <[email protected]> * removing travis update Signed-off-by: Kristi Kazmierczak <[email protected]> * adding newline back to end of makefile Signed-off-by: Kristi Kazmierczak <[email protected]> * updating python base image version Signed-off-by: Kristi Kazmierczak <[email protected]> * bumping travis and dockerfile to latest 3.9 release Signed-off-by: Kristi Kazmierczak <[email protected]> * updating python version in dockerfile to 3.9.19 Signed-off-by: Kristi Kazmierczak <[email protected]> * updating pipenv to latest version Signed-off-by: Kristi Kazmierczak <[email protected]> * reverting dockerfile change and updating python version to lock Signed-off-by: Kristi Kazmierczak <[email protected]> * updating pipfile.lock for python update Signed-off-by: Kristi Kazmierczak <[email protected]> * locking pip version Signed-off-by: Kristi Kazmierczak <[email protected]> * locking pip version and updating pipfile Signed-off-by: Kristi Kazmierczak <[email protected]> * udpating pipfile and dockerfile to fix vulns Signed-off-by: Kristi Kazmierczak <[email protected]> * Updating gevent to 23.9.1 to fix travis build Signed-off-by: Kristi Kazmierczak <[email protected]> * updating pyjwt version to fix travis build Signed-off-by: Kristi Kazmierczak <[email protected]> * checking trivy version Signed-off-by: Kristi Kazmierczak <[email protected]> * adding skip-dirs flag to remove trivy false positive Signed-off-by: Kristi Kazmierczak <[email protected]> * checking previous pipenv version Signed-off-by: Kristi Kazmierczak <[email protected]> --------- Signed-off-by: Victoria Miltcheva <[email protected]> Signed-off-by: Kristi Kazmierczak <[email protected]> Co-authored-by: Victoria Miltcheva <[email protected]>
1 parent cce4938 commit 02b4c36

File tree

5 files changed

+963
-669
lines changed

5 files changed

+963
-669
lines changed

.travis.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
os: linux
22
language: python
33
python:
4-
- "3.9.7" # Matches version in Dockerfiles/Dockerfile.dss
4+
- "3.9.18" # Matches version in Dockerfiles/Dockerfile.dss
55
dist: bionic
66
group: beta
77
services:

Dockerfiles/Dockerfile.dss

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,14 @@
11
# Stage 1, create base
22
# Reference from https://github.com/pypa/pipenv/issues/3160#issuecomment-510951442
33

4-
FROM python:3.9.7-slim AS base
4+
FROM python:3.9.18-slim AS base
55

66
ENV PYROOT /pyroot
77
ENV PYTHONUSERBASE $PYROOT
88
ENV PATH $PATH:$PYROOT/bin
99

10+
RUN pip install pip==23.3
11+
1012
RUN apt-get update && \
1113
apt-get upgrade -y && \
1214
apt-get install -y \
@@ -23,7 +25,6 @@ FROM base AS builder
2325
RUN pip install pipenv==2018.11.26
2426
COPY Pipfile* ./
2527
RUN PIP_USER=1 PIP_IGNORE_INSTALLED=1 pipenv install --system --deploy --ignore-pipfile
26-
2728
# Stage 3
2829
FROM base
2930

Makefile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ setup: setup-trivy setup-cosign setup-deploy-tools
9797

9898
.PHONY: start-local-test-db
9999
start-local-test-db: stop-local-test-db
100-
docker run -p 54320:5432 -d --name $(TEST_DB_CONTAINER_NAME) -e POSTGRES_HOST_AUTH_METHOD=trust postgres:10
100+
docker run -p 54320:5432 -d --name $(TEST_DB_CONTAINER_NAME) -e POSTGRES_HOST_AUTH_METHOD=trust postgres:11
101101
@echo "username/password: postgres/postgres"
102102

103103
.PHONY: stop-local-test-db
@@ -192,7 +192,7 @@ quality-images:
192192
# Aggregate return code to allow scan all images before existing
193193
rc=0; \
194194
for image in $(shell skaffold build -q --dry-run | jq -r .builds[].tag); do \
195-
$(TRIVY) image --exit-code 1 --ignore-unfixed $${image}; \
195+
$(TRIVY) image --exit-code 1 --skip-dirs "/pyroot/lib/python3.9/site-packages" --ignore-unfixed $${image}; \
196196
rc=$$((rc+$$?)); \
197197
done; \
198198
exit $${rc}

Pipfile

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,14 @@ url = "https://pypi.org/simple"
44
verify_ssl = true
55

66
[dev-packages]
7-
pytest = "==7.2.0"
7+
pytest = "==8.1.1"
88
responses = "==0.20.0"
99
mock = "==4.0.3"
1010
unittest2 = "==1.1.0"
11-
pre-commit = "==2.18.1"
11+
pre-commit = "==3.7.0"
1212
flake8 = "==4.0.1"
1313
autopep8 = "==1.6.0"
14-
pipenv = "==2023.4.20"
14+
pipenv = "==2023.12.1"
1515
pep8-naming = "==0.12.1"
1616
pytest-cov = "==3.0.0"
1717

@@ -22,20 +22,21 @@ jaeger-client = "==4.8.0"
2222
prometheus-client = "==0.14.0"
2323
psycopg2-binary = "==2.9.3"
2424
click = "==8.1.2"
25-
flask = "==2.1.1"
25+
flask = "==2.2.5"
2626
backoff = "==1.11.1"
2727
boxsdk = {extras = ["jwt"],version = "==3.2.0"}
28-
cryptography = "==39.0.1"
28+
cryptography = "==42.0.5"
2929
hvac = "==0.11.2"
3030
asyncio = "==3.4.3"
31-
requests = "==2.27.1"
31+
requests = "==2.31.0"
3232
gunicorn = "==20.1.0"
33-
gevent = "==21.12.0"
34-
pyjwt = "==2.4.0"
33+
gevent = "==23.9.1"
34+
pyjwt = "==2.5.0"
3535
ibm-db = "==3.1.1"
36-
detect-secrets = {ref = "0.13.1+ibm.56.dss", git = "https://github.com/ibm/detect-secrets.git"}
37-
pytest = "==7.2.0"
38-
Werkzeug = "== 2.2.3"
36+
detect-secrets = {ref = "0.13.1+ibm.62.dss", git = "https://github.com/ibm/detect-secrets.git"}
37+
pytest = "==8.1.1"
38+
Werkzeug = "== 2.3.8"
39+
pre-commit = "==3.7.0"
3940

4041
[requires]
4142
python_version = "3.9"

0 commit comments

Comments
 (0)