Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump curlimages/curl from 8.7.1 to 8.8.0 #77

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump curlimages/curl from 8.7.1 to 8.8.0 #77

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM curlimages/curl:8.7.1 AS builder
FROM curlimages/curl:8.8.0 AS builder

# see https://github.com/openbikesensor/OpenBikeSensorFirmware/releases
ARG FIRMWARE_VERSION=0.19.877
Expand All @@ -10,7 +10,7 @@
unzip obs-v${FIRMWARE_VERSION}-initial-flash.zip && \
rm obs-v${FIRMWARE_VERSION}-initial-flash.zip

COPY --chown=100 ./public-html/ ./

Check warning on line 13 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-and-push-image

[LOW] Chown Flag Exists 

It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only execution permissions are required on the file, not ownership
RUN sed -i "s/FIRMWARE_VERSION/${FIRMWARE_VERSION}/g" /tmp/obs/index.html && \
sed -i "s/FIRMWARE_VERSION/${FIRMWARE_VERSION}/g" /tmp/obs/manifest.json && \
mv /tmp/obs/manifest.json /tmp/obs/manifest-${FIRMWARE_VERSION}.json
Expand All @@ -33,7 +33,7 @@
# see at https://github.com/esphome/esp-web-tools/releases
ARG ESP_WEB_TOOLS_VERSION=10.0.1

RUN export DEBIAN_FRONTEND=noninteractive && \

Check warning on line 36 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-and-push-image

[MEDIUM] Apt Get Install Pin Version Not Defined 

When installing a package, its pin version should be defined

Check warning on line 36 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-and-push-image

[MEDIUM] NPM Install Command Without Pinned Version 

Check if packages installed by npm are pinning a specific version.

Check warning on line 36 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-and-push-image

[INFO] APT-GET Not Avoiding Additional Packages 

Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.
apt-get update -qq && \
apt-get install -y -qq jq && \
npm install -g [email protected]
Expand All @@ -50,12 +50,12 @@
chmod -R a=rX /tmp/esp-web-tool/dist


FROM httpd:2.4-alpine

Check warning on line 53 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-and-push-image

[HIGH] Missing User Instruction 

A user should be specified in the dockerfile, otherwise the image will run as root

Check warning on line 53 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-and-push-image

[LOW] Healthcheck Instruction Missing 

Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working

LABEL version="${FIRMWARE_VERSION}" \
description="OpenBikeSensor Firmware with ESP Web Tools" \
maintainer="[email protected]"

COPY --chown=nobody:nogroup --from=builder /tmp/obs/ /usr/local/apache2/htdocs/

Check warning on line 59 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-and-push-image

[LOW] Chown Flag Exists 

It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only execution permissions are required on the file, not ownership
COPY --chown=nobody:nogroup --from=nodebuilder /tmp/esp-web-tool/dist/web/ /usr/local/apache2/htdocs/esp-web-tools

Check warning on line 60 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-and-push-image

[LOW] Chown Flag Exists 

It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only execution permissions are required on the file, not ownership

Loading