Conversation
|
I'm getting to work. See my steps and track my cost here.
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| steps: | ||
| - name: Install Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Login to DockerHub | ||
| uses: docker/login-action@v3 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| submodules: true | ||
|
|
||
| - name: Build and push | ||
| uses: docker/build-push-action@v6 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| name: "Update Gentoo Musl Docker image - stage 1" | ||
| steps: | ||
| - name: Login to DockerHub | ||
| uses: docker/login-action@v3 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| submodules: true | ||
|
|
||
| - name: Build and push | ||
| uses: docker/build-push-action@v6 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| needs: build-gentoo-musl-stage1 | ||
| steps: | ||
| - name: Login to DockerHub | ||
| uses: docker/login-action@v3 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| submodules: true | ||
|
|
||
| - name: Build and push | ||
| uses: docker/build-push-action@v6 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
![mentatbot[bot]](https://avatars.githubusercontent.com/in/837875?s=60&v=4){kind=small}
There was a problem hiding this comment.
I've reviewed the PR adding Docker support to HyperCPU and found several issues that should be addressed:
Major Issues
-
Cron Schedule Issue
schedule: - cron: "* * */7 * *"
This cron pattern will run every minute of every hour on every 7th day of the month. You probably want something like
"0 0 */7 * *"(midnight every 7th day) instead. -
Dockerfile Best Practices
- Multiple
RUNcommands should be combined with&&to reduce image layers - Example in Alpine Dockerfile:
# Instead of: RUN apk update RUN apk add clang gcc git cmake make gtest-dev gtest-src re2 re2-dev fmt fmt-dev nodejs grep # Better as: RUN apk update && \ apk add clang gcc git cmake make gtest-dev gtest-src re2 re2-dev fmt fmt-dev nodejs grep
- Multiple
-
Unknown Command in Gentoo Dockerfiles
RUN getutoThis command appears in both Gentoo Dockerfiles and doesn't seem to be a standard Gentoo command. Is this a typo?
-
Shell Command Issues
RUN source /etc/profileThis won't persist across container builds. Each
RUNinstruction is executed in a separate shell.
Minor Issues
-
Unnecessary File
docker/gentoo-glibc/Dockerfile.saveshould be removed from the repository
-
Security Alerts
- GitHub security scanning has flagged unpinned action versions
- Consider using specific commit hashes instead of version tags for GitHub Actions like:
# Instead of: uses: docker/build-push-action@v6 # Use specific commit hash: uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56
-
Image Optimization
- Consider using specific version tags for base images where stable environments are needed
- Adding image labels for metadata (maintainer, version, etc.)
Would you like me to suggest specific fixes for any of these issues?
* Add dockerfiles * Add workflow * Fix workflow * Fix workflow * Fix workflow * Fix workflow * Fix workflow * Fix workflow * Update dockerfiles * Update workflow * Split Gentoo into three stages * Add NodeJS everywhere * Fix tag names * Update workflows * Enable cron * Update docker-autobuild.yml * Update Dockerfile * Update Dockerfile * Update Dockerfile * Update Dockerfile * Update Dockerfile * Update Dockerfile * Update Dockerfile * Update Dockerfile
1 participant
No description provided.