Merge remote-tracking branch 'origin/plural-up-cloud'

pluralsh · Oct 8, 2024 · cefe7e2 · cefe7e2
2 parents cea824c + b7559b5
commit cefe7e2
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 70 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -86,73 +86,73 @@ jobs:
       #     docker buildx stop ${{ steps.builder.outputs.name }}
       #     sleep 10
       #     docker buildx rm ${{ steps.builder.outputs.name }}
-  cloud:
-    name: Build cloud image
-    runs-on: ubuntu-latest
-    permissions:
-      contents: 'read'
-      id-token: 'write'
-      packages: 'write'
-      security-events: write
-      actions: read
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          # list of Docker images to use as base name for tags
-          images: |
-            ghcr.io/pluralsh/plural-cli-cloud
-          # generate Docker tags based on the following events/attributes
-          tags: |
-            type=sha
-            type=ref,event=pr
-            type=ref,event=branch
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Login to GHCR
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Get current date
-        id: date
-        run: echo "date=$(date -u +'%Y-%m-%dT%H:%M:%S%z')" >> $GITHUB_OUTPUT
-      - uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ./dockerfiles/Dockerfile.cloud
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64,linux/arm64
-          # cache-from: type=gha
-          # cache-to: type=gha,mode=max
-          build-args: |
-            APP_VSN=dev
-            APP_COMMIT=${{ github.sha }}
-            APP_DATE=${{ steps.date.outputs.date }}
-      - name: Run Trivy vulnerability scanner on cli cloud image
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: 'image'
-          image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
-          hide-progress: false
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-          scanners: 'vuln'
-          timeout: 10m
-          ignore-unfixed: true
-           #severity: 'CRITICAL,HIGH'
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-results.sarif'
+  # cloud:
+  #   name: Build cloud image
+  #   runs-on: ubuntu-latest
+  #   permissions:
+  #     contents: 'read'
+  #     id-token: 'write'
+  #     packages: 'write'
+  #     security-events: write
+  #     actions: read
+  #   steps:
+  #     - name: Checkout
+  #       uses: actions/checkout@v3
+  #     - name: Docker meta
+  #       id: meta
+  #       uses: docker/metadata-action@v4
+  #       with:
+  #         # list of Docker images to use as base name for tags
+  #         images: |
+  #           ghcr.io/pluralsh/plural-cli-cloud
+  #         # generate Docker tags based on the following events/attributes
+  #         tags: |
+  #           type=sha
+  #           type=ref,event=pr
+  #           type=ref,event=branch
+  #     - name: Set up QEMU
+  #       uses: docker/setup-qemu-action@v3
+  #     - name: Set up Docker Buildx
+  #       uses: docker/setup-buildx-action@v3
+  #     - name: Login to GHCR
+  #       uses: docker/login-action@v2
+  #       with:
+  #         registry: ghcr.io
+  #         username: ${{ github.repository_owner }}
+  #         password: ${{ secrets.GITHUB_TOKEN }}
+  #     - name: Get current date
+  #       id: date
+  #       run: echo "date=$(date -u +'%Y-%m-%dT%H:%M:%S%z')" >> $GITHUB_OUTPUT
+  #     - uses: docker/build-push-action@v6
+  #       with:
+  #         context: .
+  #         file: ./dockerfiles/Dockerfile.cloud
+  #         push: true
+  #         tags: ${{ steps.meta.outputs.tags }}
+  #         labels: ${{ steps.meta.outputs.labels }}
+  #         platforms: linux/amd64,linux/arm64
+  #         # cache-from: type=gha
+  #         # cache-to: type=gha,mode=max
+  #         build-args: |
+  #           APP_VSN=dev
+  #           APP_COMMIT=${{ github.sha }}
+  #           APP_DATE=${{ steps.date.outputs.date }}
+  #     - name: Run Trivy vulnerability scanner on cli cloud image
+  #       uses: aquasecurity/trivy-action@master
+  #       with:
+  #         scan-type: 'image'
+  #         image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
+  #         hide-progress: false
+  #         format: 'sarif'
+  #         output: 'trivy-results.sarif'
+  #         scanners: 'vuln'
+  #         timeout: 10m
+  #         ignore-unfixed: true
+  #          #severity: 'CRITICAL,HIGH'
+  #     - name: Upload Trivy scan results to GitHub Security tab
+  #       uses: github/codeql-action/upload-sarif@v2
+  #       with:
+  #         sarif_file: 'trivy-results.sarif'
   dind:
     name: Build dind image
     runs-on: ubuntu-latest

diff --git a/dockerfiles/Dockerfile.cloud b/dockerfiles/Dockerfile.cloud
@@ -31,13 +31,13 @@ FROM alpine:3.17.2 as tools
 ARG TARGETARCH
 
 # renovate: datasource=github-releases depName=helm/helm
-ENV HELM_VERSION=v3.10.3
+ENV HELM_VERSION=v3.15.1
 
 # renovate: datasource=github-releases depName=hashicorp/terraform
-ENV TERRAFORM_VERSION=v1.2.9
+ENV TERRAFORM_VERSION=v1.9.7
 
 # renovate: datasource=github-tags depName=kubernetes/kubernetes
-ENV KUBECTL_VERSION=v1.25.5
+ENV KUBECTL_VERSION=v1.30.0
 
 RUN apk add --update --no-cache curl ca-certificates unzip wget openssl build-base && \
     curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz | tar xvz && \