diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a145bd6..6f13d98 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,13 +32,6 @@ jobs: steps: - name: checkout project uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - - name: get base image - id: base - run: | - set -x - DIGEST="$(awk -F '@' '/latest@/ {print $2}' Dockerfile)" - echo "Base image: ${BASE_IMAGE}:latest@${DIGEST}" - echo "image=${BASE_IMAGE}:latest@${DIGEST}" >> "$GITHUB_OUTPUT" - name: setup python uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 with: @@ -54,11 +47,11 @@ jobs: uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 - name: verify base image signature run: | - cosign verify \ + cosign dockerfile verify \ --certificate-identity \ 'https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main' \ --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \ - "${{ steps.base.outputs.image }}" | jq . + Dockerfile | jq . - name: docker buildx id: buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 diff --git a/Dockerfile b/Dockerfile index c9d89b0..29e82df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,10 +11,7 @@ WORKDIR /home/nonroot RUN ["/usr/bin/python3", "-m" , "venv", ".venv"] COPY requirements.txt requirements.txt RUN [".venv/bin/pip", "install", "--no-cache-dir", "--disable-pip-version-check", "--require-hashes", "-r", "requirements.txt"] - # Run random walk simulation -# -FROM venv AS rwalker COPY rwalker.py rwalker.py RUN [".venv/bin/python3", "rwalker.py"] @@ -27,6 +24,6 @@ FROM cgr.dev/chainguard/python:latest@sha256:2065a6e52402ba9616ad51d9fbc0c6587d5 WORKDIR /home/nonroot COPY . . COPY --from=venv /home/nonroot/.venv .venv -COPY --from=rwalker /home/nonroot/data /data +COPY --from=venv /home/nonroot/data /data EXPOSE 8080 ENTRYPOINT [".venv/bin/gunicorn", "--bind", ":8080", "--workers", "2", "rwalk:app"]