From 216f35f495d40b093eba52d4ded537f41f8727c4 Mon Sep 17 00:00:00 2001 From: bandhan-majumder Date: Tue, 24 Jun 2025 19:05:52 +0530 Subject: [PATCH 1/2] Add alpine go 1.21 image Signed-off-by: bandhan-majumder --- .github/workflows/build-images.yml | 3 ++ ci/images/README.md | 3 +- ci/images/alpine/Dockerfile.golang121 | 42 +++++++++++++++++++++++++++ 3 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 ci/images/alpine/Dockerfile.golang121 diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index 16c3e71e77..3c5f44f09d 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -85,6 +85,9 @@ jobs: distro: debian runner: macos-hosted + - lang: golang121 + distro: alpine + - lang: golang123 distro: alpine diff --git a/ci/images/README.md b/ci/images/README.md index d7089a5b0a..489b1a6c88 100644 --- a/ci/images/README.md +++ b/ci/images/README.md @@ -39,7 +39,8 @@ Below table summarizes all available container image versions. These images incl | Ruby | 2.6.10 | ghcr.io/cyclonedx/cdxgen-debian-ruby26:v11 | Supports automatic Ruby installation for 2.6.x. Example: Pass `-t ruby2.6.1` to install Ruby 2.6.1. | | Ruby | 3.4.4 | ghcr.io/cyclonedx/cdxgen-alpine-ruby344:v11 | Ruby 3.4.4 | | Ruby | 1.8.x | ghcr.io/cyclonedx/debian-ruby18:master | Base image for `bundle install` only. No cdxgen equivalent with Ruby 1.8.x. `--deep` mode and research profile unsupported. | -| Swift | 6.0.x | ghcr.io/cyclonedx/cdxgen-debian-swift:v11 | Swift 6 | +| Swift | 6.0.x | ghcr.io/cyclonedx/cdxgen-debian-swift:v11 | Swift 6 +| golang | 1.21 | ghcr.io/cyclonedx/cdxgen-alpine-golang121:v11 | Golang 1.21 | | | golang | 1.23 | ghcr.io/cyclonedx/cdxgen-debian-golang123:v11, ghcr.io/cyclonedx/cdxgen-alpine-golang123:v11 | Golang 1.23 | | golang | 1.24 | ghcr.io/cyclonedx/cdxgen-debian-golang124:v11, ghcr.io/cyclonedx/cdxgen-debian-golang:v11, ghcr.io/cyclonedx/cdxgen-alpine-golang124:v11, ghcr.io/cyclonedx/cdxgen-alpine-golang:v11 | Golang 1.24 | | Rust | 1 | ghcr.io/cyclonedx/cdxgen-debian-rust, ghcr.io/cyclonedx/cdxgen-debian-rust1:v11 | This is a rolling version that will get the latest released version. Currently, 1.87. | diff --git a/ci/images/alpine/Dockerfile.golang121 b/ci/images/alpine/Dockerfile.golang121 new file mode 100644 index 0000000000..f0b800d625 --- /dev/null +++ b/ci/images/alpine/Dockerfile.golang121 @@ -0,0 +1,42 @@ +# Base-image +FROM golang:1.21-alpine AS base + +ENV PATH=${PATH}:/usr/local/bin + +RUN apk update && apk add --no-cache \ + nodejs \ + npm \ + && npm install -g corepack \ + && node -v \ + && npm -v \ + && rm -rf /var/cache/apk/* + +# cdxgen-image +FROM base AS cdxgen + +LABEL maintainer="CycloneDX" \ + org.opencontainers.image.authors="Team AppThreat " \ + org.opencontainers.image.source="https://github.com/CycloneDX/cdxgen" \ + org.opencontainers.image.url="https://github.com/CycloneDX/cdxgen" \ + org.opencontainers.image.version="rolling" \ + org.opencontainers.image.vendor="CycloneDX" \ + org.opencontainers.image.licenses="Apache-2.0" \ + org.opencontainers.image.title="cdxgen" \ + org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for go apps" \ + org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-alpine-golang121:v11 -r /app --server" + +ENV CDXGEN_IN_CONTAINER=true \ + NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \ + PATH=${PATH}:/usr/local/bin:/opt/cdxgen/node_modules/.bin + +COPY . /opt/cdxgen + +RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --config.strict-dep-builds=true --prod --no-optional --package-import-method copy --frozen-lockfile && corepack pnpm cache delete \ + && npm uninstall -g corepack \ + && apk del npm \ + && mkdir -p ${NODE_COMPILE_CACHE} \ + && node /opt/cdxgen/bin/cdxgen.js --help \ + && rm -rf /root/.cache/node \ + && chmod a-w -R /opt +WORKDIR /app +ENTRYPOINT ["node", "/opt/cdxgen/bin/cdxgen.js"] \ No newline at end of file From 435eff650988780121fddd3bc227ddd50cda2908 Mon Sep 17 00:00:00 2001 From: bandhan-majumder Date: Tue, 24 Jun 2025 19:14:26 +0530 Subject: [PATCH 2/2] readme formatting Signed-off-by: bandhan-majumder --- ci/images/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/images/README.md b/ci/images/README.md index 489b1a6c88..ed7ddc496e 100644 --- a/ci/images/README.md +++ b/ci/images/README.md @@ -40,7 +40,7 @@ Below table summarizes all available container image versions. These images incl | Ruby | 3.4.4 | ghcr.io/cyclonedx/cdxgen-alpine-ruby344:v11 | Ruby 3.4.4 | | Ruby | 1.8.x | ghcr.io/cyclonedx/debian-ruby18:master | Base image for `bundle install` only. No cdxgen equivalent with Ruby 1.8.x. `--deep` mode and research profile unsupported. | | Swift | 6.0.x | ghcr.io/cyclonedx/cdxgen-debian-swift:v11 | Swift 6 -| golang | 1.21 | ghcr.io/cyclonedx/cdxgen-alpine-golang121:v11 | Golang 1.21 | | +| golang | 1.21 | ghcr.io/cyclonedx/cdxgen-alpine-golang121:v11 | Golang 1.21 | golang | 1.23 | ghcr.io/cyclonedx/cdxgen-debian-golang123:v11, ghcr.io/cyclonedx/cdxgen-alpine-golang123:v11 | Golang 1.23 | | golang | 1.24 | ghcr.io/cyclonedx/cdxgen-debian-golang124:v11, ghcr.io/cyclonedx/cdxgen-debian-golang:v11, ghcr.io/cyclonedx/cdxgen-alpine-golang124:v11, ghcr.io/cyclonedx/cdxgen-alpine-golang:v11 | Golang 1.24 | | Rust | 1 | ghcr.io/cyclonedx/cdxgen-debian-rust, ghcr.io/cyclonedx/cdxgen-debian-rust1:v11 | This is a rolling version that will get the latest released version. Currently, 1.87. |