diff --git a/.github/workflows/.ci-build.yml b/.github/workflows/.ci-build.yml index cf8bdaca..ba12f5cb 100644 --- a/.github/workflows/.ci-build.yml +++ b/.github/workflows/.ci-build.yml @@ -74,7 +74,7 @@ jobs: timeout-minutes: 600 # default is 360 container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:25e12e2c1b7975c8bdd5d0e90a6e4d65a97dee7698ca865b3a54b601b4bfe1fe + image: ghcr.io/wolfi-dev/sdk:latest@sha256:a40183977dafbcc65e678ecc6014103b636bf22bc2f05cab0432683b458f583b options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined diff --git a/advisories-validate/action.yaml b/advisories-validate/action.yaml index 06b1a805..e4c8a91e 100644 --- a/advisories-validate/action.yaml +++ b/advisories-validate/action.yaml @@ -37,7 +37,7 @@ inputs: runs: using: 'docker' - image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:25e12e2c1b7975c8bdd5d0e90a6e4d65a97dee7698ca865b3a54b601b4bfe1fe + image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:a40183977dafbcc65e678ecc6014103b636bf22bc2f05cab0432683b458f583b entrypoint: wolfictl args: - adv diff --git a/build-and-publish-osv/action.yaml b/build-and-publish-osv/action.yaml index 37bb4ed5..8d0f8775 100644 --- a/build-and-publish-osv/action.yaml +++ b/build-and-publish-osv/action.yaml @@ -66,7 +66,7 @@ runs: shell: bash - name: Build the security database - uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:25e12e2c1b7975c8bdd5d0e90a6e4d65a97dee7698ca865b3a54b601b4bfe1fe + uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:a40183977dafbcc65e678ecc6014103b636bf22bc2f05cab0432683b458f583b with: entrypoint: wolfictl args: advisory osv -o osv ${{ inputs.wolfictl_args }} diff --git a/build-and-publish-secdb/action.yaml b/build-and-publish-secdb/action.yaml index 8fa2bbaf..8b3e88fe 100644 --- a/build-and-publish-secdb/action.yaml +++ b/build-and-publish-secdb/action.yaml @@ -61,7 +61,7 @@ runs: shell: bash - name: Build the security database - uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:25e12e2c1b7975c8bdd5d0e90a6e4d65a97dee7698ca865b3a54b601b4bfe1fe + uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:a40183977dafbcc65e678ecc6014103b636bf22bc2f05cab0432683b458f583b with: entrypoint: wolfictl args: ${{ inputs.wolfictl_args }} diff --git a/build-and-publish-yaml/action.yaml b/build-and-publish-yaml/action.yaml index 9c2d249d..22427875 100644 --- a/build-and-publish-yaml/action.yaml +++ b/build-and-publish-yaml/action.yaml @@ -56,7 +56,7 @@ runs: shell: bash - name: Build the security database - uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:25e12e2c1b7975c8bdd5d0e90a6e4d65a97dee7698ca865b3a54b601b4bfe1fe + uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:a40183977dafbcc65e678ecc6014103b636bf22bc2f05cab0432683b458f583b with: entrypoint: wolfictl args: ${{ inputs.wolfictl_args }} diff --git a/install-wolfictl/action.yaml b/install-wolfictl/action.yaml index 7de00aaa..92d6b6d3 100644 --- a/install-wolfictl/action.yaml +++ b/install-wolfictl/action.yaml @@ -10,6 +10,6 @@ runs: run: | # Copy wolfictl out of the wolfictl image and onto PATH TMP=$(mktemp -d) - docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:25e12e2c1b7975c8bdd5d0e90a6e4d65a97dee7698ca865b3a54b601b4bfe1fe -c "cp /usr/bin/wolfictl /out" + docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:a40183977dafbcc65e678ecc6014103b636bf22bc2f05cab0432683b458f583b -c "cp /usr/bin/wolfictl /out" echo "$TMP" >> $GITHUB_PATH shell: bash diff --git a/wolfictl-check-updates/action.yaml b/wolfictl-check-updates/action.yaml index 8c90fca8..bf69a10a 100644 --- a/wolfictl-check-updates/action.yaml +++ b/wolfictl-check-updates/action.yaml @@ -19,7 +19,7 @@ runs: using: "composite" steps: - name: wolfictl-check-updates - uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:25e12e2c1b7975c8bdd5d0e90a6e4d65a97dee7698ca865b3a54b601b4bfe1fe + uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:a40183977dafbcc65e678ecc6014103b636bf22bc2f05cab0432683b458f583b with: entrypoint: wolfictl args: check update ${{ inputs.changed_files }} diff --git a/wolfictl-lint/action.yaml b/wolfictl-lint/action.yaml index 126fd141..87b84d33 100644 --- a/wolfictl-lint/action.yaml +++ b/wolfictl-lint/action.yaml @@ -26,7 +26,7 @@ runs: - name: Lint if: ${{ inputs.run_wolfictl_lint == 'true' }} id: lint - uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:25e12e2c1b7975c8bdd5d0e90a6e4d65a97dee7698ca865b3a54b601b4bfe1fe + uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:a40183977dafbcc65e678ecc6014103b636bf22bc2f05cab0432683b458f583b with: entrypoint: wolfictl args: --log-level info lint --skip-rule no-makefile-entry-for-package ${{ inputs.args }} @@ -34,7 +34,7 @@ runs: - name: Enforce YAML formatting if: ${{ inputs.run_wolfictl_lint_yam == 'true' }} id: lint-yaml - uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:25e12e2c1b7975c8bdd5d0e90a6e4d65a97dee7698ca865b3a54b601b4bfe1fe + uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:a40183977dafbcc65e678ecc6014103b636bf22bc2f05cab0432683b458f583b with: entrypoint: wolfictl args: lint yam ${{ inputs.args }} diff --git a/wolfictl-update-gh/action.yaml b/wolfictl-update-gh/action.yaml index 961ae6a6..68d559e5 100644 --- a/wolfictl-update-gh/action.yaml +++ b/wolfictl-update-gh/action.yaml @@ -27,7 +27,7 @@ inputs: runs: using: 'docker' - image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:25e12e2c1b7975c8bdd5d0e90a6e4d65a97dee7698ca865b3a54b601b4bfe1fe + image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:a40183977dafbcc65e678ecc6014103b636bf22bc2f05cab0432683b458f583b entrypoint: wolfictl args: - update diff --git a/wolfictl-update-rm/action.yaml b/wolfictl-update-rm/action.yaml index 08f9d1a6..0dcbb501 100644 --- a/wolfictl-update-rm/action.yaml +++ b/wolfictl-update-rm/action.yaml @@ -32,7 +32,7 @@ inputs: runs: using: 'docker' - image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:25e12e2c1b7975c8bdd5d0e90a6e4d65a97dee7698ca865b3a54b601b4bfe1fe + image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:a40183977dafbcc65e678ecc6014103b636bf22bc2f05cab0432683b458f583b entrypoint: wolfictl args: - update