diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 29056324..1e274b50 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -16,11 +16,6 @@ on: required: false type: string -permissions: - contents: read - packages: write - id-token: write - jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/go-contract-image.yml b/.github/workflows/go-contract-image.yml index 11935c19..22add8ca 100644 --- a/.github/workflows/go-contract-image.yml +++ b/.github/workflows/go-contract-image.yml @@ -17,6 +17,10 @@ on: jobs: docker_build: name: Docker build + permissions: + contents: write + packages: write + id-token: write uses: ./.github/workflows/docker-build.yml with: image-name: ghcr.io/hyperledger-labs/fabric-builder-k8s/sample-go-contract diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index a7455bf2..1b8507a2 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -15,6 +15,8 @@ on: - 'docs/**' - 'samples/**' +permissions: read-all + jobs: build: @@ -24,6 +26,9 @@ jobs: os: [ubuntu-latest, macOS-13] goarch: [amd64, arm64] + permissions: + contents: write + env: GOARCH: ${{ matrix.goarch }} diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 4d1dadbd..2bd63c09 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -15,8 +15,7 @@ on: - 'docs/**' - 'samples/**' -permissions: - contents: read +permissions: read-all jobs: golangci: diff --git a/.github/workflows/java-contract-image.yml b/.github/workflows/java-contract-image.yml index 5b7af4de..bff02382 100644 --- a/.github/workflows/java-contract-image.yml +++ b/.github/workflows/java-contract-image.yml @@ -17,6 +17,10 @@ on: jobs: docker_build: name: Docker build + permissions: + contents: write + packages: write + id-token: write uses: ./.github/workflows/docker-build.yml with: image-name: ghcr.io/hyperledger-labs/fabric-builder-k8s/sample-java-contract diff --git a/.github/workflows/mkdocs.yml b/.github/workflows/mkdocs.yml index d34a4c19..56dca7ed 100644 --- a/.github/workflows/mkdocs.yml +++ b/.github/workflows/mkdocs.yml @@ -11,10 +11,7 @@ on: - 'docs/**' workflow_dispatch: -permissions: - contents: read - pages: write - id-token: write +permissions: read-all # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. @@ -54,6 +51,10 @@ jobs: # Deployment job deploy: if: github.event_name == 'push' + permissions: + contents: read + pages: write + id-token: write environment: name: github-pages url: ${{ steps.deployment.outputs.page_url }} diff --git a/.github/workflows/node-contract-image.yml b/.github/workflows/node-contract-image.yml index 603e4b45..ba1c5df7 100644 --- a/.github/workflows/node-contract-image.yml +++ b/.github/workflows/node-contract-image.yml @@ -17,6 +17,10 @@ on: jobs: docker_build: name: Docker build + permissions: + contents: write + packages: write + id-token: write uses: ./.github/workflows/docker-build.yml with: image-name: ghcr.io/hyperledger-labs/fabric-builder-k8s/sample-node-contract diff --git a/.github/workflows/peer-image.yml b/.github/workflows/peer-image.yml index 6dfcc57b..d7fbcb09 100644 --- a/.github/workflows/peer-image.yml +++ b/.github/workflows/peer-image.yml @@ -18,6 +18,8 @@ on: - 'docs/**' - 'samples/**' +permissions: read-all + jobs: docker_build: name: Docker build diff --git a/.github/workflows/status-checks-docker.yml b/.github/workflows/status-checks-docker.yml index b46c1d3d..044c18da 100644 --- a/.github/workflows/status-checks-docker.yml +++ b/.github/workflows/status-checks-docker.yml @@ -3,6 +3,8 @@ name: Skip docker status checks on: workflow_call: +permissions: read-all + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/status-checks.yml b/.github/workflows/status-checks.yml index 801671b3..71767270 100644 --- a/.github/workflows/status-checks.yml +++ b/.github/workflows/status-checks.yml @@ -7,6 +7,8 @@ on: - 'docs/**' - 'samples/**' +permissions: read-all + jobs: lint: runs-on: ubuntu-latest diff --git a/Dockerfile b/Dockerfile index 9f7a6391..d1bc42de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,14 @@ -ARG UBUNTU_VER=20.04 +ARG UBUNTU_VER=24.04 ARG HLF_VERSION=2.5 FROM ubuntu:${UBUNTU_VER} AS build ARG GO_VER=1.23.0 ENV GOPATH=/go -RUN apt update && apt install -y \ +ENV DEBIAN_FRONTEND="noninteractive" +RUN apt-get update && apt-get install -y -q --no-install-recommends \ + ca-certificates \ + build-essential \ git \ gcc \ curl \ @@ -17,11 +20,13 @@ ENV PATH="/usr/local/go/bin:$PATH" ADD . $GOPATH/src/github.com/hyperledger-labs/fabric-builder-k8s WORKDIR $GOPATH/src/github.com/hyperledger-labs/fabric-builder-k8s -RUN go install ./cmd/... +RUN go install -a -v ./cmd/... FROM hyperledger/fabric-peer:${HLF_VERSION} AS core -RUN apt update && apt install -y \ +ENV DEBIAN_FRONTEND="noninteractive" +RUN apt-get update && apt-get install -y -q --no-install-recommends \ + ca-certificates \ wget RUN wget https://github.com/mikefarah/yq/releases/download/v4.23.1/yq_linux_$(dpkg --print-architecture) -O /usr/bin/yq && chmod +x /usr/bin/yq