Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce Official Bandit Images #1088

Merged
merged 12 commits into from
Jan 23, 2024
Merged

Introduce Official Bandit Images #1088

merged 12 commits into from
Jan 23, 2024

Commits on Jan 6, 2024

  1. Introduce Official Bandit Images 

    Folks are using various bandit images kindly built by others, but
we should really start providing one of our that builds directly
from source (the others use pip install). Should a different
container image be subjected to some sort of attack (maintainer
take over), this could lead to some serious problems for those
using Bandit.

This PR includes an action to build, publish and sign the image
using sigstore cosign. This way (should they wish) users can
verify the source of origin for these images were the offcial
repo. You can see an example of this below, where I tested the
action in my own test fork (bandit-test):

https://search.sigstore.dev/?logIndex=61918446

Signed-off-by: Luke Hinds <luke@stacklok.com>
    @lukehinds
    lukehinds committed Jan 6, 2024
    Configuration menu
    Copy the full SHA
    ef645de View commit details
    Browse the repository at this point in the history

  2. Update tags for other actions 

    Signed-off-by: Luke Hinds <luke@stacklok.com>
    @lukehinds
    lukehinds committed Jan 6, 2024
    Configuration menu
    Copy the full SHA
    8c96d06 View commit details
    Browse the repository at this point in the history

Commits on Jan 7, 2024

  1. Fix TOX 

    Signed-off-by: Luke Hinds <luke@stacklok.com>
    @lukehinds
    lukehinds committed Jan 7, 2024
    Configuration menu
    Copy the full SHA
    2b2beca View commit details
    Browse the repository at this point in the history

Commits on Jan 8, 2024

  1. Single python release and review points 

    Signed-off-by: Luke Hinds <luke@stacklok.com>
    @lukehinds
    lukehinds committed Jan 8, 2024
    Configuration menu
    Copy the full SHA
    9e97dd2 View commit details
    Browse the repository at this point in the history

  2. Single python release and review points 

    Signed-off-by: Luke Hinds <luke@stacklok.com>
    @lukehinds
    lukehinds committed Jan 8, 2024
    Configuration menu
    Copy the full SHA
    475408c View commit details
    Browse the repository at this point in the history

  3. Remove arch from container tag 

    Signed-off-by: Luke Hinds <luke@stacklok.com>
    @lukehinds
    lukehinds committed Jan 8, 2024
    Configuration menu
    Copy the full SHA
    5aab55a View commit details
    Browse the repository at this point in the history

  4. Remove arch from container tag 

    Signed-off-by: Luke Hinds <luke@stacklok.com>
    @lukehinds
    lukehinds committed Jan 8, 2024
    Configuration menu
    Copy the full SHA
    91ae422 View commit details
    Browse the repository at this point in the history

  5. Missed text referencing arch tag 

    Signed-off-by: Luke Hinds <luke@stacklok.com>
    @lukehinds
    lukehinds committed Jan 8, 2024
    Configuration menu
    Copy the full SHA
    8d6dcf6 View commit details
    Browse the repository at this point in the history

Commits on Jan 19, 2024

  1. Add workflow dispatch

    @lukehinds
    lukehinds committed Jan 19, 2024
    Configuration menu
    Copy the full SHA
    69d4c68 View commit details
    Browse the repository at this point in the history

  2. On schedule or dispatch, build from last release

    @lukehinds
    lukehinds committed Jan 19, 2024
    Configuration menu
    Copy the full SHA
    50ce0c9 View commit details
    Browse the repository at this point in the history

Commits on Jan 22, 2024

  1. Pin to digests

    @lukehinds
    lukehinds committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    70ebbc9 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into container-image

    @lukehinds
    lukehinds committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    4ed7858 View commit details
    Browse the repository at this point in the history