Add codeql to gh-mrva container
This commit is contained in:
Michael Hohn
committed by
=Michael Hohn
=Michael Hohn
parent
2d92ad51c3
commit
7ae6e9a1cb
@@ -1,3 +1,4 @@
|
|||||||
|
# ######################
|
||||||
# Use an official Golang image as the base image
|
# Use an official Golang image as the base image
|
||||||
FROM golang:1.22 AS builder
|
FROM golang:1.22 AS builder
|
||||||
|
|
||||||
@@ -14,8 +15,41 @@ RUN go mod download
|
|||||||
# Build the Go binary
|
# Build the Go binary
|
||||||
RUN go build .
|
RUN go build .
|
||||||
|
|
||||||
# Use a minimal base image for the final container
|
# ######################
|
||||||
FROM debian:bookworm
|
# Provide codeql and java
|
||||||
|
#
|
||||||
|
FROM ubuntu:24.10 as runner
|
||||||
|
ENV DEBIAN_FRONTEND=noninteractive
|
||||||
|
|
||||||
|
# Build argument for CodeQL version, defaulting to the latest release
|
||||||
|
ARG CODEQL_VERSION=latest
|
||||||
|
|
||||||
|
# Install packages
|
||||||
|
RUN apt-get update && apt-get install --no-install-recommends --assume-yes \
|
||||||
|
unzip \
|
||||||
|
curl \
|
||||||
|
ca-certificates \
|
||||||
|
default-jdk
|
||||||
|
|
||||||
|
# If the version is 'latest', get the latest release version from GitHub, unzip
|
||||||
|
# the bundle into /opt, and delete the archive
|
||||||
|
RUN if [ "$CODEQL_VERSION" = "latest" ]; then \
|
||||||
|
CODEQL_VERSION=$(curl -s https://api.github.com/repos/github/codeql-cli-binaries/releases/latest | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/'); \
|
||||||
|
fi && \
|
||||||
|
echo "Using CodeQL version $CODEQL_VERSION" && \
|
||||||
|
curl -L "https://github.com/github/codeql-cli-binaries/releases/download/$CODEQL_VERSION/codeql-linux64.zip" -o /tmp/codeql.zip && \
|
||||||
|
unzip /tmp/codeql.zip -d /opt && \
|
||||||
|
rm /tmp/codeql.zip && \
|
||||||
|
chmod -R +x /opt/codeql
|
||||||
|
|
||||||
|
# Set environment variables for CodeQL
|
||||||
|
ENV CODEQL_CLI_PATH=/opt/codeql/codeql
|
||||||
|
|
||||||
|
# Set environment variable for CodeQL for `codeql database analyze` support on ARM
|
||||||
|
# This env var has no functional effect on CodeQL when running on x86_64 linux
|
||||||
|
ENV CODEQL_JAVA_HOME=/usr
|
||||||
|
|
||||||
|
# ######################
|
||||||
|
|
||||||
# Set the working directory inside the final image
|
# Set the working directory inside the final image
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
@@ -23,5 +57,8 @@ WORKDIR /app
|
|||||||
# Copy the binary from the builder stage
|
# Copy the binary from the builder stage
|
||||||
COPY --from=builder /work-gh/mrva/gh-mrva/gh-mrva /usr/local/bin/gh-mrva
|
COPY --from=builder /work-gh/mrva/gh-mrva/gh-mrva /usr/local/bin/gh-mrva
|
||||||
|
|
||||||
|
# Put CodeQL on the PATH
|
||||||
|
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/codeql
|
||||||
|
|
||||||
# Run forever
|
# Run forever
|
||||||
CMD ["tail", "-f", "/dev/null"]
|
CMD ["tail", "-f", "/dev/null"]
|
||||||
|
|||||||
@@ -6,6 +6,11 @@
|
|||||||
make ghm
|
make ghm
|
||||||
# Run
|
# Run
|
||||||
docker run -ti client-ghmrva-container:0.1.24 /bin/bash
|
docker run -ti client-ghmrva-container:0.1.24 /bin/bash
|
||||||
|
|
||||||
|
# In the container
|
||||||
|
gh-mrva -h
|
||||||
|
codeql -h
|
||||||
|
|
||||||
# Push
|
# Push
|
||||||
make ghm-push
|
make ghm-push
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
|||||||
Reference in New Issue
Block a user