circumvent apt-key output

SQLHorizons · Aug 29, 2021 · 87625ff · 87625ff
1 parent 7737d0e
commit 87625ff
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 1 deletion.
diff --git a/.github/containerscan/allowedlist.yaml b/.github/containerscan/allowedlist.yaml
@@ -0,0 +1,17 @@
+general:
+  vulnerabilities:
+    - CVE-2021-3711
+    - CVE-2021-3121
+    - CVE-2016-3697
+    - CVE-2019-16884
+    - CVE-2019-19921
+    - CVE-2020-29652
+    - CVE-2020-9283
+
+  bestPracticeViolations:
+    - DKL-DI-0005
+    - CIS-DI-0001
+    - DKL-DI-0003
+    - CIS-DI-0005
+    - CIS-DI-0006
+    - CIS-DI-0008
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -23,3 +23,8 @@ jobs:
           --build-arg     ANALYZER_VERSION=1.20.0 \
           --build-arg     AZP_AGENT_VERSION=2.191.1 \
           --no-cache .
+
+    - name: Scan the Docker image
+      uses: Azure/container-scan@v0
+      with:
+        image-name: ado.pwsh.agent:7.1.4
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -4,5 +4,6 @@
         "pkief.material-icon-theme",
         "ms-vscode.powershell",
         "davidanson.vscode-markdownlint",
+        "mhutchie.git-graph"
     ]
 }
diff --git a/Dockerfile b/Dockerfile
@@ -6,13 +6,16 @@ ARG AZP_AGENT_VERSION=2.191.1
 
 FROM ${PWSH_CORE_REPO}:${FROM_TAG} AS INSTALLER_ENV
 
+##  build arguments.
+ARG DEBIAN_FRONTEND=noninteractive
+ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1
+
 ENV AZP_POOL=Default \
   AZP_WORK=_work \
   AZP_AGENT_VERSION=${AZP_AGENT_VERSION}
 
 # To make it easier for build and release pipelines to run apt-get,
 # configure apt to not require confirmation (assume the -y argument by default)
-ENV DEBIAN_FRONTEND=noninteractive
 RUN echo "APT::Get::Assume-Yes \"true\";" > /etc/apt/apt.conf.d/90assumeyes
 
 SHELL ["pwsh", "-command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
@@ -35,6 +38,7 @@ RUN apt-get update && \
   add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
   apt-get update && \
   apt-get install docker-ce docker-ce-cli containerd.io && \
+  apt-get clean && rm -rf /var/lib/apt/lists/* && \
   Install-Module Pester -Repository PSGallery -RequiredVersion ${PESTER_VERSION} -Scope AllUsers -Force && \
   Install-Module PSScriptAnalyzer -Repository PSGallery -RequiredVersion ${ANALYZER_VERSION} -Scope AllUsers -Force