Skip to content

fix(ci): remove trivy, bump java deps, drop armv7 #324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
matifali merged 6 commits into from
Apr 10, 2026
Merged

fix(ci): remove trivy, bump java deps, drop armv7 #324

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c7e4d89
fix(ci): bump trivy from v0.37.1 to v0.69.3
matifali Apr 10, 2026
4777d2c
fix(ci): remove trivy scanning
matifali Apr 10, 2026
6e37a9d
fix(java): bump maven to 3.9.14, gradle to 8.14.2, use archive URL
matifali Apr 10, 2026
08dafe3
Revert "fix(java): bump maven to 3.9.14, gradle to 8.14.2, use archiv…
matifali Apr 10, 2026
f115c82
fix(java): bump maven to 3.9.14, gradle to 8.14.2, use archive URL (#…
matifali Apr 10, 2026
5611796
chore: drop linux/arm/v7 platform support (#326)
matifali Apr 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 0 additions & 23 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,6 @@ jobs:
- name: Checkout
uses: actions/checkout@v6

- name: Install Trivy using install script
run: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.37.1

- name: Set up Depot CLI
uses: depot/setup-action@v1
with:
Expand All @@ -79,25 +75,6 @@ jobs:
${{ github.workspace }}/scripts/build_images.sh \
--tag=ubuntu

- name: Scan ubuntu images
run: |
${{ github.workspace }}/scripts/scan_images.sh \
--tag=ubuntu \
--output-file=trivy-results-ubuntu.sarif

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: trivy-results-ubuntu.sarif
category: trivy-ubuntu

- name: Upload Trivy scan results as an artifact
uses: actions/upload-artifact@v6
with:
name: trivy-ubuntu
path: trivy-results-ubuntu.sarif
retention-days: 7

- name: Authenticate to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
Expand Down
10 changes: 5 additions & 5 deletions images/java/ubuntu.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,15 @@ ENV JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
ENV PATH=$PATH:$JAVA_HOME/bin

# Install Maven
ARG MAVEN_VERSION=3.9.12
ARG MAVEN_SHA512=0a1be79f02466533fc1a80abbef8796e4f737c46c6574ede5658b110899942a94db634477dfd3745501c80aef9aac0d4f841d38574373f7e2d24cce89d694f70
ARG MAVEN_VERSION=3.9.14
ARG MAVEN_SHA512=d50af8ab5e6005b46a07f0ce9d3719e67cfdf898da988a84871304cd59fb1af0fef2f99dea709e6e66f21f732f905979b5c2dce6b6860406f60a70e84d9cf0b8

ENV MAVEN_HOME=/usr/share/maven
ENV MAVEN_CONFIG="/home/coder/.m2"

RUN mkdir -p $MAVEN_HOME $MAVEN_HOME/ref \
&& echo "Downloading maven" \
&& curl -fsSL -o /tmp/apache-maven.tar.gz https://dlcdn.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
&& curl -fsSL -o /tmp/apache-maven.tar.gz https://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
&& echo "Checking downloaded file hash" \
&& echo "${MAVEN_SHA512} /tmp/apache-maven.tar.gz" | sha512sum -c - \
&& echo "Unzipping maven" \
Expand All @@ -28,8 +28,8 @@ RUN mkdir -p $MAVEN_HOME $MAVEN_HOME/ref \
&& ln -s $MAVEN_HOME/bin/mvn /usr/bin/mvn

# Install Gradle
ENV GRADLE_VERSION=6.7
ARG GRADLE_SHA512=d495bc65379d2a854d2cca843bd2eeb94f381e5a7dcae89e6ceb6ef4c5835524932313e7f30d7a875d5330add37a5fe23447dc3b55b4d95dffffa870c0b24493
ENV GRADLE_VERSION=8.14.2
ARG GRADLE_SHA512=5df80d555e5338c5e67fa3ad11ea8ec534416d3e1414675bdd33a8a8f342ca2cef1ffd882b2f283f56041f6d426adcc5d7d4384e6fbe3eb8edac2c967e9b0ffd

ENV GRADLE_HOME=/usr/bin/gradle

Expand Down
14 changes: 2 additions & 12 deletions images/node/ubuntu.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,8 @@ FROM codercom/enterprise-base:ubuntu
# Run everything as root
USER root

ARG TARGETARCH
ARG TARGETVARIANT

# Install Node.js with platform-specific version
# armv7: Node.js 22.x (last version with armv7 support)
# others: Latest LTS
# Ref: https://github.com/nodesource/distributions/issues/1881
RUN NODE_VERSION="lts"; \
if [ "${TARGETARCH}${TARGETVARIANT}" = "armv7" ]; then \
NODE_VERSION="22"; \
fi && \
curl -sL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash - && \
# Install Node.js (LTS)
RUN curl -sL https://deb.nodesource.com/setup_lts.x | bash - && \
DEBIAN_FRONTEND="noninteractive" apt-get update -y && \
apt-get install -y nodejs

Expand Down
2 changes: 1 addition & 1 deletion scripts/build_images.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ for image in "${IMAGES[@]}"; do
continue
fi

run_trace $DRY_RUN depot build --project "gb3p8xrshk" --load --platform linux/arm64,linux/amd64,linux/arm/v7 --save --metadata-file="build_${image}.json" \
run_trace $DRY_RUN depot build --project "gb3p8xrshk" --load --platform linux/amd64,linux/arm64 --save --metadata-file="build_${image}.json" \
"${docker_flags[@]}" \
"$image_dir" \
--file="$image_path" \
Expand Down
Loading