fix: Updates all dependencies used in Dockerfile and fix Docker image (#507)

* Docker doesn't provide possibilities for avoiding trash There is no possibility to exclude part of the "pre-installed" files from COPY steps like https://github.com/moby/buildkit/issues/2853 And copy-paste mostly all `site-packages` without it is not worth it
2023-04-21 16:27:02 +03:00 · 2023-04-21 16:27:02 +03:00 · dc177fe29e
commit dc177fe29e
parent 7d501b1bf9
3 changed files with 13 additions and 11 deletions
--- a/.github/.container-structure-test-config.yaml
+++ b/.github/.container-structure-test-config.yaml
@ -43,7 +43,7 @@ commandTests:
  - name: "tflint"
    command: "tflint"
    args: [ "--version" ]
-    expectedOutput: [ "TFLint version ([0-9]+\\.){2}[0-9]+\\n$" ]
+    expectedOutput: [ "TFLint version ([0-9]+\\.){2}[0-9]+\\n" ]

  - name: "tfsec"
    command: "tfsec"
--- a/.github/.dive-ci.yaml
+++ b/.github/.dive-ci.yaml
@ -1,13 +1,13 @@
 rules:
  # If the efficiency is measured below X%, mark as failed.
  # Expressed as a ratio between 0-1.
-  lowestEfficiency: 0.99
+  lowestEfficiency: 0.987

  # If the amount of wasted space is at least X or larger than X, mark as failed.
  # Expressed in B, KB, MB, and GB.
-  highestWastedBytes: 12MB
+  highestWastedBytes: 21MB

  # If the amount of wasted space makes up for X% or more of the image, mark as failed.
  # Note: the base image layer is NOT included in the total image size.
  # Expressed as a ratio between 0-1; fails if the threshold is met or crossed.
-  highestUserWastedPercent: 0.02
+  highestUserWastedPercent: 0.025
--- a/16
+++ b/16
@ -1,13 +1,15 @@
-ARG TAG=3.10.1-alpine3.15@sha256:dce56d40d885d2c8847aa2a278a29d50450c8e3d10f9d7ffeb2f38dcc1eb0ea4
+ARG TAG=3.11.1-alpine3.17
 FROM python:${TAG} as builder

 WORKDIR /bin_dir

 RUN apk add --no-cache \
    # Builder deps
-    curl=~7 && \
-    # Upgrade pip for be able get latest Checkov
-    python3 -m pip install --no-cache-dir --upgrade pip
+    curl=~8 && \
+    # Upgrade packages for be able get latest Checkov
+    python3 -m pip install --no-cache-dir --upgrade \
+        pip \
+        setuptools

 ARG PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION:-latest}
 ARG TERRAFORM_VERSION=${TERRAFORM_VERSION:-latest}
@ -60,7 +62,7 @@ RUN if [ "$INSTALL_ALL" != "false" ]; then \
 RUN . /.env && \
    if [ "$CHECKOV_VERSION" != "false" ]; then \
    ( \
-        apk add --no-cache gcc=~10 libffi-dev=~3 musl-dev=~1; \
+        apk add --no-cache gcc=~12 libffi-dev=~3 musl-dev=~1; \
        [ "$CHECKOV_VERSION" = "latest" ] && pip3 install --no-cache-dir checkov \
        || pip3 install --no-cache-dir checkov==${CHECKOV_VERSION}; \
        apk del gcc libffi-dev musl-dev \
@ -176,7 +178,7 @@ RUN apk add --no-cache \
    bash=~5 \
    # pre-commit-hooks deps: https://github.com/pre-commit/pre-commit-hooks
    musl-dev=~1 \
-    gcc=~10 \
+    gcc=~12 \
    # entrypoint wrapper deps
    su-exec=~0.2

@ -189,7 +191,7 @@ COPY --from=builder \
    /usr/local/bin/checkov* \
        /usr/bin/
 # Copy pre-commit packages
-COPY --from=builder /usr/local/lib/python3.10/site-packages/ /usr/local/lib/python3.10/site-packages/
+COPY --from=builder /usr/local/lib/python3.11/site-packages/ /usr/local/lib/python3.11/site-packages/
 # Copy terrascan policies
 COPY --from=builder /root/ /root/