chore: update OCI image dependencies (#7760)

Signed-off-by: iromli <[email protected]>

docker-jans-all-in-one/Dockerfile

@@ -46,7 +46,7 @@ FROM ${JANS_SAML_IMAGE} AS jans-saml-src
 # app
 # ===
 
-FROM bellsoft/liberica-openjdk-alpine:17.0.8@sha256:e82fb905ca6efffcdb1b0ed58f207b0ce91aeada78c218ae7dbb16bb31635728
+FROM bellsoft/liberica-openjdk-alpine:17.0.9@sha256:915d7a6c5874638a735296a99ac28c4a9cefb9bfda2bef796fc564449d44d6cc
 
 # hadolint ignore=DL3018
 RUN apk update \
@@ -161,7 +161,7 @@ RUN mkdir -p /opt/jans/configurator/db \
 COPY app /app
 
 # CN version as env var (with suffix if any, i.e. SNAPSHOT)
-ENV CN_VERSION=1.1.0
+ENV CN_VERSION=1.1.0-SNAPSHOT
 
 # set directory contains installer code that will be added to Python sys.path
 ENV PYTHONPATH=/app

docker-jans-all-in-one/Makefile

@@ -1,27 +1,25 @@
-IMAGE_VERSION?=$(shell grep -Po 'org.opencontainers.image.version="\K.*?(?=")' Dockerfile)
-IMAGE_NAME?=$(shell grep -Po 'org.opencontainers.image.url="\K.*?(?=")' Dockerfile)
-DEV_VERSION?=$(shell echo ${IMAGE_VERSION} | cut -d '-' -f 1)_dev
+IMAGE_VERSION?=$(shell grep -Po 'org.opencontainers.image.version="\K.*?(?=")' Dockerfile)_dev
+IMAGE_URL=$(shell grep -Po 'org.opencontainers.image.url="\K.*?(?=")' Dockerfile)
+IMAGE?=${IMAGE_URL}:${IMAGE_VERSION}
 
-# pass extra build args, i.e. `make build-dev BUILD_ARGS="--no-cache"`
-BUILD_ARGS?=
-
-# pass extra trivy args, i.e. `make trivy-scan TRIVY_ARGS="-f json"`
-TRIVY_ARGS?=
-
-# pass extra build args, i.e. `make grype-scan GRYPE_ARGS="-o json"`
-GRYPE_ARGS?=
+# pass extra args to the targets, for example:
+#
+# - `make build-dev ARGS="--no-cache"`
+# - `make trivy-scan TRIVY_ARGS="-f json"`
+# - `make grype-scan GRYPE_ARGS="-o json"`
+ARGS?=
 
 .PHONY: test clean all build-dev trivy-scan grype-scan
 .DEFAULT_GOAL := build-dev
 
 build-dev:
-	@echo "[I] Building Docker image ${IMAGE_NAME}:${DEV_VERSION}"
-	@docker build --rm --force-rm ${BUILD_ARGS} -t ${IMAGE_NAME}:${DEV_VERSION} .
+	@echo "[I] Building OCI image ${IMAGE}"
+	@docker build --rm --force-rm ${ARGS} -t ${IMAGE} .
 
 trivy-scan:
-	@echo "[I] Scanning Docker image ${IMAGE_NAME}:${DEV_VERSION} using trivy"
-	@trivy image --security-checks vuln ${TRIVY_ARGS} ${IMAGE_NAME}:${DEV_VERSION}
+	@echo "[I] Scanning OCI image ${IMAGE} using trivy"
+	@trivy image --scanners vuln ${ARGS} ${IMAGE}
 
 grype-scan:
-	@echo "[I] Scanning Docker image ${IMAGE_NAME}:${DEV_VERSION} using grype"
-	@grype -v ${GRYPE_ARGS} ${IMAGE_NAME}:${DEV_VERSION}
+	@echo "[I] Scanning OCI image ${IMAGE} using grype"
+	@grype -v ${ARGS} ${IMAGE}

docker-jans-all-in-one/app/requirements.txt

@@ -6,4 +6,4 @@ fqdn==1.5.1
 ruamel.yaml==0.18.5
 supervisor==4.2.5
 pluggy==1.3.0
-git+https://github.com/JanssenProject/jans@2eb603e383e54611783435af82f2492da3050c3b#egg=jans-pycloudlib&subdirectory=jans-pycloudlib
+git+https://github.com/JanssenProject/jans@0df521304ba836b2d38480578b7668c8f2e89a85#egg=jans-pycloudlib&subdirectory=jans-pycloudlib

docker-jans-auth-server/Dockerfile

@@ -1,4 +1,4 @@
-FROM bellsoft/liberica-openjdk-alpine:17.0.8@sha256:e82fb905ca6efffcdb1b0ed58f207b0ce91aeada78c218ae7dbb16bb31635728
+FROM bellsoft/liberica-openjdk-alpine:17.0.9@sha256:915d7a6c5874638a735296a99ac28c4a9cefb9bfda2bef796fc564449d44d6cc
 
 # ===============
 # Alpine packages

docker-jans-auth-server/Makefile

@@ -18,7 +18,7 @@ build-dev:
 
 trivy-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using trivy"
-	@trivy image --security-checks vuln ${ARGS} ${IMAGE}
+	@trivy image --scanners vuln ${ARGS} ${IMAGE}
 
 grype-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using grype"

docker-jans-auth-server/requirements.txt

@@ -1,3 +1,3 @@
 # pinned to py3-grpcio version to avoid failure on native extension build
 grpcio==1.54.2
-git+https://github.com/JanssenProject/jans@2eb603e383e54611783435af82f2492da3050c3b#egg=jans-pycloudlib&subdirectory=jans-pycloudlib
+git+https://github.com/JanssenProject/jans@0df521304ba836b2d38480578b7668c8f2e89a85#egg=jans-pycloudlib&subdirectory=jans-pycloudlib

docker-jans-casa/Dockerfile

@@ -1,4 +1,4 @@
-FROM bellsoft/liberica-openjre-alpine:17.0.8@sha256:156b75d18d01f1a83f9a279e80dad82773c212559b20e40620ccb06b1120ce4f
+FROM bellsoft/liberica-openjre-alpine:17.0.9@sha256:7c9948b1e267037b7cadfe448e732b9cb719bfd38d8c5811f2f2d33cc0c05123
 
 # ===============
 # Alpine packages

docker-jans-casa/requirements.txt

@@ -1,4 +1,4 @@
 webdavclient3>=3.14.5
 # pinned to py3-grpcio version to avoid failure on native extension build
 grpcio==1.54.2
-git+https://github.com/JanssenProject/jans@2eb603e383e54611783435af82f2492da3050c3b#egg=jans-pycloudlib&subdirectory=jans-pycloudlib
+git+https://github.com/JanssenProject/jans@0df521304ba836b2d38480578b7668c8f2e89a85#egg=jans-pycloudlib&subdirectory=jans-pycloudlib

docker-jans-certmanager/Dockerfile

@@ -1,4 +1,4 @@
-FROM bellsoft/liberica-openjre-alpine:17.0.8@sha256:156b75d18d01f1a83f9a279e80dad82773c212559b20e40620ccb06b1120ce4f
+FROM bellsoft/liberica-openjre-alpine:17.0.9@sha256:7c9948b1e267037b7cadfe448e732b9cb719bfd38d8c5811f2f2d33cc0c05123
 
 # ===============
 # Alpine packages

docker-jans-certmanager/Makefile

@@ -18,7 +18,7 @@ build-dev:
 
 trivy-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using trivy"
-	@trivy image --security-checks vuln ${ARGS} ${IMAGE}
+	@trivy image --scanners vuln ${ARGS} ${IMAGE}
 
 grype-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using grype"

docker-jans-certmanager/requirements.txt

@@ -1,4 +1,4 @@
 # pinned to py3-grpcio version to avoid failure on native extension build
 grpcio==1.54.2
 click==8.1.7
-git+https://github.com/JanssenProject/jans@2eb603e383e54611783435af82f2492da3050c3b#egg=jans-pycloudlib&subdirectory=jans-pycloudlib
+git+https://github.com/JanssenProject/jans@0df521304ba836b2d38480578b7668c8f2e89a85#egg=jans-pycloudlib&subdirectory=jans-pycloudlib

docker-jans-config-api/Dockerfile

@@ -1,4 +1,4 @@
-FROM bellsoft/liberica-openjre-alpine:17.0.8@sha256:156b75d18d01f1a83f9a279e80dad82773c212559b20e40620ccb06b1120ce4f
+FROM bellsoft/liberica-openjre-alpine:17.0.9@sha256:7c9948b1e267037b7cadfe448e732b9cb719bfd38d8c5811f2f2d33cc0c05123
 
 # ===============
 # Alpine packages
@@ -40,7 +40,7 @@ RUN wget -q https://maven.jans.io/maven/io/jans/jython-installer/${JYTHON_VERSIO
 # Config API
 # ==========
 
-ENV CN_VERSION=1.1.0
+ENV CN_VERSION=1.1.0-SNAPSHOT
 ENV CN_BUILD_DATE='2024-02-02 12:43'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api-server/${CN_VERSION}/jans-config-api-server-${CN_VERSION}.war
 

docker-jans-config-api/Makefile

@@ -18,7 +18,7 @@ build-dev:
 
 trivy-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using trivy"
-	@trivy image --security-checks vuln ${ARGS} ${IMAGE}
+	@trivy image --scanners vuln ${ARGS} ${IMAGE}
 
 grype-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using grype"

docker-jans-config-api/requirements.txt

@@ -1,3 +1,3 @@
 # pinned to py3-grpcio version to avoid failure on native extension build
 grpcio==1.54.2
-git+https://github.com/JanssenProject/jans@2eb603e383e54611783435af82f2492da3050c3b#egg=jans-pycloudlib&subdirectory=jans-pycloudlib
+git+https://github.com/JanssenProject/jans@0df521304ba836b2d38480578b7668c8f2e89a85#egg=jans-pycloudlib&subdirectory=jans-pycloudlib

docker-jans-configurator/Dockerfile

@@ -1,4 +1,4 @@
-FROM bellsoft/liberica-openjre-alpine:17.0.8@sha256:156b75d18d01f1a83f9a279e80dad82773c212559b20e40620ccb06b1120ce4f
+FROM bellsoft/liberica-openjre-alpine:17.0.9@sha256:7c9948b1e267037b7cadfe448e732b9cb719bfd38d8c5811f2f2d33cc0c05123
 
 # ===============
 # Alpine packages

docker-jans-configurator/Makefile

@@ -18,7 +18,7 @@ build-dev:
 
 trivy-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using trivy"
-	@trivy image --security-checks vuln ${ARGS} ${IMAGE}
+	@trivy image --scanners vuln ${ARGS} ${IMAGE}
 
 grype-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using grype"

docker-jans-configurator/requirements.txt

@@ -3,4 +3,4 @@ grpcio==1.54.2
 click==8.1.7
 marshmallow==3.20.1
 fqdn==1.5.1
-git+https://github.com/JanssenProject/jans@2eb603e383e54611783435af82f2492da3050c3b#egg=jans-pycloudlib&subdirectory=jans-pycloudlib
+git+https://github.com/JanssenProject/jans@0df521304ba836b2d38480578b7668c8f2e89a85#egg=jans-pycloudlib&subdirectory=jans-pycloudlib

docker-jans-fido2/Dockerfile

@@ -1,4 +1,4 @@
-FROM bellsoft/liberica-openjre-alpine:17.0.8@sha256:156b75d18d01f1a83f9a279e80dad82773c212559b20e40620ccb06b1120ce4f
+FROM bellsoft/liberica-openjre-alpine:17.0.9@sha256:7c9948b1e267037b7cadfe448e732b9cb719bfd38d8c5811f2f2d33cc0c05123
 
 # ===============
 # Alpine packages

docker-jans-fido2/Makefile

@@ -18,7 +18,7 @@ build-dev:
 
 trivy-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using trivy"
-	@trivy image --security-checks vuln ${ARGS} ${IMAGE}
+	@trivy image --scanners vuln ${ARGS} ${IMAGE}
 
 grype-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using grype"

docker-jans-fido2/requirements.txt

@@ -1,3 +1,3 @@
 # pinned to py3-grpcio version to avoid failure on native extension build
 grpcio==1.54.2
-git+https://github.com/JanssenProject/jans@2eb603e383e54611783435af82f2492da3050c3b#egg=jans-pycloudlib&subdirectory=jans-pycloudlib
+git+https://github.com/JanssenProject/jans@0df521304ba836b2d38480578b7668c8f2e89a85#egg=jans-pycloudlib&subdirectory=jans-pycloudlib

docker-jans-keycloak-link/Dockerfile

@@ -1,4 +1,4 @@
-FROM bellsoft/liberica-openjre-alpine:17.0.8@sha256:156b75d18d01f1a83f9a279e80dad82773c212559b20e40620ccb06b1120ce4f
+FROM bellsoft/liberica-openjre-alpine:17.0.9@sha256:7c9948b1e267037b7cadfe448e732b9cb719bfd38d8c5811f2f2d33cc0c05123
 
 # ===============
 # Alpine packages

docker-jans-keycloak-link/Makefile

@@ -18,7 +18,7 @@ build-dev:
 
 trivy-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using trivy"
-	@trivy image --security-checks vuln ${ARGS} ${IMAGE}
+	@trivy image --scanners vuln ${ARGS} ${IMAGE}
 
 grype-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using grype"

docker-jans-keycloak-link/requirements.txt

@@ -1,3 +1,3 @@
 # pinned to py3-grpcio version to avoid failure on native extension build
 grpcio==1.54.2
-git+https://github.com/JanssenProject/jans@2eb603e383e54611783435af82f2492da3050c3b#egg=jans-pycloudlib&subdirectory=jans-pycloudlib
+git+https://github.com/JanssenProject/jans@0df521304ba836b2d38480578b7668c8f2e89a85#egg=jans-pycloudlib&subdirectory=jans-pycloudlib

docker-jans-link/Dockerfile

@@ -1,4 +1,4 @@
-FROM bellsoft/liberica-openjre-alpine:17.0.8@sha256:156b75d18d01f1a83f9a279e80dad82773c212559b20e40620ccb06b1120ce4f
+FROM bellsoft/liberica-openjre-alpine:17.0.9@sha256:7c9948b1e267037b7cadfe448e732b9cb719bfd38d8c5811f2f2d33cc0c05123
 
 # ===============
 # Alpine packages

docker-jans-link/Makefile

@@ -18,7 +18,7 @@ build-dev:
 
 trivy-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using trivy"
-	@trivy image --security-checks vuln ${ARGS} ${IMAGE}
+	@trivy image --scanners vuln ${ARGS} ${IMAGE}
 
 grype-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using grype"

docker-jans-link/requirements.txt

@@ -1,3 +1,3 @@
 # pinned to py3-grpcio version to avoid failure on native extension build
 grpcio==1.54.2
-git+https://github.com/JanssenProject/jans@2eb603e383e54611783435af82f2492da3050c3b#egg=jans-pycloudlib&subdirectory=jans-pycloudlib
+git+https://github.com/JanssenProject/jans@0df521304ba836b2d38480578b7668c8f2e89a85#egg=jans-pycloudlib&subdirectory=jans-pycloudlib

docker-jans-persistence-loader/Dockerfile

@@ -1,4 +1,4 @@
-FROM bellsoft/liberica-openjre-alpine:17.0.8@sha256:156b75d18d01f1a83f9a279e80dad82773c212559b20e40620ccb06b1120ce4f
+FROM bellsoft/liberica-openjre-alpine:17.0.9@sha256:7c9948b1e267037b7cadfe448e732b9cb719bfd38d8c5811f2f2d33cc0c05123
 
 # ===============
 # Alpine packages

docker-jans-persistence-loader/Makefile

@@ -18,7 +18,7 @@ build-dev:
 
 trivy-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using trivy"
-	@trivy image --security-checks vuln ${ARGS} ${IMAGE}
+	@trivy image --scanners vuln ${ARGS} ${IMAGE}
 
 grype-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using grype"

docker-jans-persistence-loader/requirements.txt

@@ -1,3 +1,3 @@
 # pinned to py3-grpcio version to avoid failure on native extension build
 grpcio==1.54.2
-git+https://github.com/JanssenProject/jans@2eb603e383e54611783435af82f2492da3050c3b#egg=jans-pycloudlib&subdirectory=jans-pycloudlib
+git+https://github.com/JanssenProject/jans@0df521304ba836b2d38480578b7668c8f2e89a85#egg=jans-pycloudlib&subdirectory=jans-pycloudlib

docker-jans-saml/Dockerfile

@@ -1,6 +1,6 @@
 FROM quay.io/keycloak/keycloak:23.0.3@sha256:4f72a5b0c076755e806457d96404dd28dc1394013933d7170c154c26db9b6a16 as kc-src
 
-FROM bellsoft/liberica-openjre-alpine:17.0.8@sha256:156b75d18d01f1a83f9a279e80dad82773c212559b20e40620ccb06b1120ce4f
+FROM bellsoft/liberica-openjre-alpine:17.0.9@sha256:7c9948b1e267037b7cadfe448e732b9cb719bfd38d8c5811f2f2d33cc0c05123
 
 # ===============
 # Alpine packages

docker-jans-saml/Makefile

@@ -18,7 +18,7 @@ build-dev:
 
 trivy-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using trivy"
-	@trivy image --security-checks vuln ${ARGS} ${IMAGE}
+	@trivy image --scanners vuln ${ARGS} ${IMAGE}
 
 grype-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using grype"

docker-jans-saml/requirements.txt

@@ -1,3 +1,3 @@
 # pinned to py3-grpcio version to avoid failure on native extension build
 grpcio==1.54.2
-git+https://github.com/JanssenProject/jans@2eb603e383e54611783435af82f2492da3050c3b#egg=jans-pycloudlib&subdirectory=jans-pycloudlib
+git+https://github.com/JanssenProject/jans@0df521304ba836b2d38480578b7668c8f2e89a85#egg=jans-pycloudlib&subdirectory=jans-pycloudlib

docker-jans-scim/Dockerfile

@@ -1,4 +1,4 @@
-FROM bellsoft/liberica-openjdk-alpine:17.0.8@sha256:e82fb905ca6efffcdb1b0ed58f207b0ce91aeada78c218ae7dbb16bb31635728
+FROM bellsoft/liberica-openjdk-alpine:17.0.9@sha256:915d7a6c5874638a735296a99ac28c4a9cefb9bfda2bef796fc564449d44d6cc
 
 # ===============
 # Alpine packages

docker-jans-scim/Makefile

@@ -18,7 +18,7 @@ build-dev:
 
 trivy-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using trivy"
-	@trivy image --security-checks vuln ${ARGS} ${IMAGE}
+	@trivy image --scanners vuln ${ARGS} ${IMAGE}
 
 grype-scan:
 	@echo "[I] Scanning OCI image ${IMAGE} using grype"

docker-jans-scim/requirements.txt

@@ -1,4 +1,4 @@
 # pinned to py3-grpcio version to avoid failure on native extension build
 grpcio==1.54.2
 ruamel.yaml==0.18.5
-git+https://github.com/JanssenProject/jans@2eb603e383e54611783435af82f2492da3050c3b#egg=jans-pycloudlib&subdirectory=jans-pycloudlib
+git+https://github.com/JanssenProject/jans@0df521304ba836b2d38480578b7668c8f2e89a85#egg=jans-pycloudlib&subdirectory=jans-pycloudlib