diff --git a/.circleci/config.yml b/.circleci/config.yml index 03db95b01..ab21194b6 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,7 +7,7 @@ orbs: executors: executor_med: # 2cpu, 4G ram docker: - - image: cimg/openjdk:11.0.13 + - image: cimg/openjdk:11.0 auth: username: $DOCKER_USER_RO password: $DOCKER_PASSWORD_RO @@ -19,7 +19,7 @@ executors: executor_large: # 4cpu, 8G ram docker: - - image: cimg/openjdk:11.0.13 + - image: cimg/openjdk:11.0 auth: username: $DOCKER_USER_RO password: $DOCKER_PASSWORD_RO @@ -29,15 +29,6 @@ executors: JAVA_TOOL_OPTIONS: -Xmx4096m GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.parallel=true -Dorg.gradle.workers.max=4 -Xmx4096m - executor_machine: # 2cpu , 8G ram - machine: - image: ubuntu-2004:202008-01 #Ubuntu 20.04, docker 19.03, docker-compose 1.27.4 - docker_layer_caching: true - working_directory: ~/project - environment: - JAVA_TOOL_OPTIONS: -Xmx4096m - GRADLE_OPTS: -Dorg.gradle.daemon=false -Dorg.gradle.parallel=true -Dorg.gradle.workers.max=2 -Xmx4096m - commands: prepare: description: "Prepare" @@ -144,13 +135,10 @@ jobs: executor: executor_med steps: - prepare - - setup_remote_docker + - setup_remote_docker: + version: 20.10.11 - attach_workspace: at: ~/project - - run: - name: hadoLint - command: | - docker run --rm -i hadolint/hadolint < docker/Dockerfile - run: name: build image command: | diff --git a/.github/workflows/shiftleft-analysis.yml b/.github/workflows/shiftleft-analysis.yml deleted file mode 100644 index 19f8e8353..000000000 --- a/.github/workflows/shiftleft-analysis.yml +++ /dev/null @@ -1,47 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow integrates Scan with GitHub's code scanning feature -# Scan is a free open-source security tool for modern DevOps teams from ShiftLeft -# Visit https://slscan.io/en/latest/integrations/code-scan for help -name: SL Scan - -on: - push: - branches: [ master ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '0 19 * * 0' - -jobs: - Scan-Build: - # Scan runs on ubuntu, mac and windows - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - # Instructions - # 1. Setup JDK, Node.js, Python etc depending on your project type - # 2. Compile or build the project before invoking scan - # Example: mvn compile, or npm install or pip install goes here - # 3. Invoke Scan with the github token. Leave the workspace empty to use relative url - - - name: Perform Scan - uses: ShiftLeftSecurity/scan-action@39af9e54bc599c8077e710291d790175c9231f64 - env: - WORKSPACE: "" - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SCAN_AUTO_BUILD: true - with: - output: reports - # Scan auto-detects the languages in your project. To override uncomment the below variable and set the type - # type: credscan,java - # type: python - - - name: Upload report - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: reports diff --git a/docker/Dockerfile b/docker/Dockerfile index 4ee648e3c..6eef6bc2c 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -9,13 +9,13 @@ RUN JAVA_TOOL_OPTIONS="-Djdk.lang.Process.launchMechanism=vfork" "$JAVA_HOME/bin --compress=2 \ --output /javaruntime -FROM ubuntu:20.04 +FROM ubuntu:21.10 ENV JAVA_HOME=/opt/java/openjdk ENV PATH "${JAVA_HOME}/bin:${PATH}" COPY --from=jre-build /javaruntime $JAVA_HOME -RUN apt-get update && apt-get install -y --no-install-recommends curl=7.68\.* netcat=1.2* \ - && apt-get clean \ +RUN apt update && apt install -y --no-install-recommends curl iputils-ping net-tools \ + && apt clean \ && rm -rf /var/lib/apt/lists/* # Add ethsigner user instead of using root (may bring backward incompatibility for previous directory mounts) @@ -47,4 +47,4 @@ LABEL org.label-schema.build-date=$BUILD_DATE \ org.label-schema.vcs-url="https://github.com/ConsenSys/ethsigner" \ org.label-schema.vendor="Consensys" \ org.label-schema.version=$VERSION \ - org.label-schema.schema-version="1.0" \ No newline at end of file + org.label-schema.schema-version="1.0"