(tooling-trusted-release) branch main updated: Build syft from source in the containers

Mon, 25 Aug 2025 09:17:49 -0700 

This is an automated email from the ASF dual-hosted git repository.

sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-release.git


The following commit(s) were added to refs/heads/main by this push:
     new e120af7  Build syft from source in the containers
e120af7 is described below

commit e120af7deda815b63203d67f2835d9e266825be2
Author: Sean B. Palmer <[email protected]>
AuthorDate: Mon Aug 25 17:17:30 2025 +0100

    Build syft from source in the containers
---
 Dockerfile.alpine | 10 +++++-----
 Dockerfile.ubuntu |  6 +++---
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Dockerfile.alpine b/Dockerfile.alpine
index 2e4e5fd..815dbd3 100644
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@@ -1,4 +1,4 @@
-FROM python:3.13.2-alpine3.21 AS builder
+FROM python:3.13.7-alpine3.22 AS builder
 
 ENV PIP_DEFAULT_TIMEOUT=100 \
     PIP_DISABLE_PIP_VERSION_CHECK=1 \
@@ -26,7 +26,7 @@ RUN make sync
 RUN make generate-version
 
 # final image
-FROM python:3.13.2-alpine3.21
+FROM python:3.13.7-alpine3.22
 
 ENV PYTHONDONTWRITEBYTECODE=1 \
     PYTHONUNBUFFERED=1
@@ -42,6 +42,7 @@ RUN apk update && \
       curl \
       file \
       git \
+      go \
       gpg \
       gpg-agent \
       make \
@@ -78,9 +79,8 @@ RUN [ -f apache-rat-${RAT_VERSION}.jar ] || mv $(find . 
-maxdepth 1 -type f -nam
 RUN mv apache-rat-${RAT_VERSION}.jar /opt/tools
 RUN java -version
 
-# TODO: We should pin the syft version
-# RUN GOPATH=/usr/local go install github.com/anchore/syft/cmd/syft@latest
-RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh 
| sh -s -- -b /usr/local/bin
+RUN GOPATH=/usr/local go install github.com/anchore/syft/cmd/[email protected]
+# RUN curl -sSfL 
https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b 
/usr/local/bin
 
 EXPOSE 4443
 
diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu
index 8b4ffc0..4636da4 100644
--- a/Dockerfile.ubuntu
+++ b/Dockerfile.ubuntu
@@ -47,6 +47,7 @@ RUN apt-get update && \
       bash \
       curl \
       git \
+      golang \
       gpg \
       gpg-agent \
       make \
@@ -90,9 +91,8 @@ RUN [ -f apache-rat-${RAT_VERSION}.jar ] || mv $(find . 
-maxdepth 1 -type f -nam
 RUN mv apache-rat-${RAT_VERSION}.jar /opt/tools
 RUN java -version
 
-# TODO: We should pin the syft version
-# RUN GOPATH=/usr/local go install github.com/anchore/syft/cmd/syft@latest
-RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh 
| sh -s -- -b /usr/local/bin
+RUN GOPATH=/usr/local go install github.com/anchore/syft/cmd/[email protected]
+# RUN curl -sSfL 
https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b 
/usr/local/bin
 
 EXPOSE 4443
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to