diff --git a/.github/workflows/.ci-build.yml b/.github/workflows/.ci-build.yml index e3b04d0a..7569a5a1 100644 --- a/.github/workflows/.ci-build.yml +++ b/.github/workflows/.ci-build.yml @@ -74,7 +74,7 @@ jobs: timeout-minutes: 600 # default is 360 container: - image: ghcr.io/wolfi-dev/sdk:latest@sha256:45f4f2cef1ba7fb3feef94bb6c28ef1e5f05f33bbe587c80a19b39482233e229 + image: ghcr.io/wolfi-dev/sdk:latest@sha256:d461314c412472d27ffdb1f83b7c7cfbb1ec82155dc5a8914608a17754e7eece options: | --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined diff --git a/advisories-validate/action.yaml b/advisories-validate/action.yaml index 98dff5a9..195374f2 100644 --- a/advisories-validate/action.yaml +++ b/advisories-validate/action.yaml @@ -37,7 +37,7 @@ inputs: runs: using: 'docker' - image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:45f4f2cef1ba7fb3feef94bb6c28ef1e5f05f33bbe587c80a19b39482233e229 + image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:d461314c412472d27ffdb1f83b7c7cfbb1ec82155dc5a8914608a17754e7eece entrypoint: wolfictl args: - adv diff --git a/build-and-publish-osv/action.yaml b/build-and-publish-osv/action.yaml index 54d73c35..bdd76374 100644 --- a/build-and-publish-osv/action.yaml +++ b/build-and-publish-osv/action.yaml @@ -66,7 +66,7 @@ runs: shell: bash - name: Build the security database - uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:45f4f2cef1ba7fb3feef94bb6c28ef1e5f05f33bbe587c80a19b39482233e229 + uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:d461314c412472d27ffdb1f83b7c7cfbb1ec82155dc5a8914608a17754e7eece with: entrypoint: wolfictl args: advisory osv -o osv ${{ inputs.wolfictl_args }} diff --git a/build-and-publish-secdb/action.yaml b/build-and-publish-secdb/action.yaml index b04c6234..b759d04b 100644 --- a/build-and-publish-secdb/action.yaml +++ b/build-and-publish-secdb/action.yaml @@ -61,7 +61,7 @@ runs: shell: bash - name: Build the security database - uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:45f4f2cef1ba7fb3feef94bb6c28ef1e5f05f33bbe587c80a19b39482233e229 + uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:d461314c412472d27ffdb1f83b7c7cfbb1ec82155dc5a8914608a17754e7eece with: entrypoint: wolfictl args: ${{ inputs.wolfictl_args }} diff --git a/build-and-publish-yaml/action.yaml b/build-and-publish-yaml/action.yaml index 61afb64d..6aed6606 100644 --- a/build-and-publish-yaml/action.yaml +++ b/build-and-publish-yaml/action.yaml @@ -56,7 +56,7 @@ runs: shell: bash - name: Build the security database - uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:45f4f2cef1ba7fb3feef94bb6c28ef1e5f05f33bbe587c80a19b39482233e229 + uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:d461314c412472d27ffdb1f83b7c7cfbb1ec82155dc5a8914608a17754e7eece with: entrypoint: wolfictl args: ${{ inputs.wolfictl_args }} diff --git a/install-wolfictl/action.yaml b/install-wolfictl/action.yaml index 55a499c9..da729472 100644 --- a/install-wolfictl/action.yaml +++ b/install-wolfictl/action.yaml @@ -10,6 +10,6 @@ runs: run: | # Copy wolfictl out of the wolfictl image and onto PATH TMP=$(mktemp -d) - docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:45f4f2cef1ba7fb3feef94bb6c28ef1e5f05f33bbe587c80a19b39482233e229 -c "cp /usr/bin/wolfictl /out" + docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:d461314c412472d27ffdb1f83b7c7cfbb1ec82155dc5a8914608a17754e7eece -c "cp /usr/bin/wolfictl /out" echo "$TMP" >> $GITHUB_PATH shell: bash diff --git a/wolfictl-check-updates/action.yaml b/wolfictl-check-updates/action.yaml index 484b2d02..041f2510 100644 --- a/wolfictl-check-updates/action.yaml +++ b/wolfictl-check-updates/action.yaml @@ -19,7 +19,7 @@ runs: using: "composite" steps: - name: wolfictl-check-updates - uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:45f4f2cef1ba7fb3feef94bb6c28ef1e5f05f33bbe587c80a19b39482233e229 + uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:d461314c412472d27ffdb1f83b7c7cfbb1ec82155dc5a8914608a17754e7eece with: entrypoint: wolfictl args: check update ${{ inputs.changed_files }} diff --git a/wolfictl-lint/action.yaml b/wolfictl-lint/action.yaml index bf590940..55176905 100644 --- a/wolfictl-lint/action.yaml +++ b/wolfictl-lint/action.yaml @@ -26,7 +26,7 @@ runs: - name: Lint if: ${{ inputs.run_wolfictl_lint == 'true' }} id: lint - uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:45f4f2cef1ba7fb3feef94bb6c28ef1e5f05f33bbe587c80a19b39482233e229 + uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:d461314c412472d27ffdb1f83b7c7cfbb1ec82155dc5a8914608a17754e7eece with: entrypoint: wolfictl args: --log-level info lint --skip-rule no-makefile-entry-for-package ${{ inputs.args }} @@ -34,7 +34,7 @@ runs: - name: Enforce YAML formatting if: ${{ inputs.run_wolfictl_lint_yam == 'true' }} id: lint-yaml - uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:45f4f2cef1ba7fb3feef94bb6c28ef1e5f05f33bbe587c80a19b39482233e229 + uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:d461314c412472d27ffdb1f83b7c7cfbb1ec82155dc5a8914608a17754e7eece with: entrypoint: wolfictl args: lint yam ${{ inputs.args }} diff --git a/wolfictl-update-gh/action.yaml b/wolfictl-update-gh/action.yaml index 12261e83..59aeb381 100644 --- a/wolfictl-update-gh/action.yaml +++ b/wolfictl-update-gh/action.yaml @@ -27,7 +27,7 @@ inputs: runs: using: 'docker' - image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:45f4f2cef1ba7fb3feef94bb6c28ef1e5f05f33bbe587c80a19b39482233e229 + image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:d461314c412472d27ffdb1f83b7c7cfbb1ec82155dc5a8914608a17754e7eece entrypoint: wolfictl args: - update diff --git a/wolfictl-update-rm/action.yaml b/wolfictl-update-rm/action.yaml index 9a8d1d5d..c1a1a7a1 100644 --- a/wolfictl-update-rm/action.yaml +++ b/wolfictl-update-rm/action.yaml @@ -32,7 +32,7 @@ inputs: runs: using: 'docker' - image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:45f4f2cef1ba7fb3feef94bb6c28ef1e5f05f33bbe587c80a19b39482233e229 + image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:d461314c412472d27ffdb1f83b7c7cfbb1ec82155dc5a8914608a17754e7eece entrypoint: wolfictl args: - update