From 0d9064143cd743b43910c21ae32dca4e0e889e63 Mon Sep 17 00:00:00 2001 From: tdakkota Date: Sun, 20 Oct 2024 04:20:32 +0300 Subject: [PATCH 1/4] ci(Dockerfile): use latest Go to build Docker image --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ae7c57be4..d5fba04a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,6 @@ -FROM golang:1.21 as builder +ARG GO_VERSION=latest + +FROM golang:$GO_VERSION as builder WORKDIR /go/src/app From eb1237855adc7678c2351d757c34ea044d44128c Mon Sep 17 00:00:00 2001 From: tdakkota Date: Sun, 20 Oct 2024 04:22:27 +0300 Subject: [PATCH 2/4] chore(workflows): use `ubuntu-latest` --- .github/workflows/image_build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image_build.yml b/.github/workflows/image_build.yml index 8c312d4b5..68222cbc3 100644 --- a/.github/workflows/image_build.yml +++ b/.github/workflows/image_build.yml @@ -8,7 +8,7 @@ on: jobs: docker: permissions: write-all - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 From ec3f219249bb226a408b895b0cfabcbef4b482bf Mon Sep 17 00:00:00 2001 From: tdakkota Date: Sun, 20 Oct 2024 04:22:56 +0300 Subject: [PATCH 3/4] ci(image_build): harden image builder job permissions --- .github/workflows/image_build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/image_build.yml b/.github/workflows/image_build.yml index 68222cbc3..7e7140a3a 100644 --- a/.github/workflows/image_build.yml +++ b/.github/workflows/image_build.yml @@ -7,7 +7,9 @@ on: jobs: docker: - permissions: write-all + permissions: + contents: read + packages: write runs-on: ubuntu-latest steps: - name: Checkout code From ce47f751708a6ddb785b0a41d1ef68e642fb8b71 Mon Sep 17 00:00:00 2001 From: tdakkota Date: Sun, 20 Oct 2024 04:23:48 +0300 Subject: [PATCH 4/4] ci(image_build): allow to run image builder job via workflow dispatch --- .github/workflows/image_build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/image_build.yml b/.github/workflows/image_build.yml index 7e7140a3a..432aa4cab 100644 --- a/.github/workflows/image_build.yml +++ b/.github/workflows/image_build.yml @@ -4,6 +4,7 @@ on: push: tags: - v* + workflow_dispatch: jobs: docker: