From 6363c894cd91830d5e9aa1c221d6ed05bbdcc629 Mon Sep 17 00:00:00 2001 From: alexanderM91 Date: Fri, 18 Oct 2024 16:44:20 +0200 Subject: [PATCH] SC-21584: Flow improvements + Security --- .github/compare-images.sh | 73 +++++++++++++ .github/workflows/ci.yml | 74 ++++++++++++- .../workflows/cleanup-old-docker-images.yml | 103 ++++++++++++++++++ ...ty.yml => ecr-scheduled-security-scan.yml} | 6 +- .github/workflows/trivy.yml | 23 ++++ .github/workflows/trufflehog.yml | 39 +++++++ ...tryvi-trufflehog-default-security-scan.yml | 99 +++++++++++++++++ .trivy/.trivyignore.yaml | 0 .trivy/trivy.yaml | 12 ++ README.md | 2 +- alpine/3.17/8.1/Dockerfile | 2 +- alpine/3.17/8.2/Dockerfile | 2 +- alpine/3.17/8.3/Dockerfile | 2 +- alpine/3.18/8.1/Dockerfile | 2 +- alpine/3.18/8.2/Dockerfile | 2 +- alpine/3.18/8.3/Dockerfile | 2 +- alpine/3.19/8.1/Dockerfile | 2 +- alpine/3.19/8.2/Dockerfile | 2 +- alpine/3.19/8.3/Dockerfile | 2 +- alpine/3.20/8.1/Dockerfile | 2 +- alpine/3.20/8.2/Dockerfile | 2 +- alpine/3.20/8.3/Dockerfile | 2 +- debian/bullseye/8.0/Dockerfile | 2 +- debian/bullseye/8.1/Dockerfile | 2 +- debian/bullseye/8.2/Dockerfile | 2 +- debian/bullseye/8.3/Dockerfile | 2 +- 26 files changed, 438 insertions(+), 25 deletions(-) create mode 100755 .github/compare-images.sh create mode 100644 .github/workflows/cleanup-old-docker-images.yml rename .github/workflows/{security.yml => ecr-scheduled-security-scan.yml} (96%) create mode 100644 .github/workflows/trivy.yml create mode 100644 .github/workflows/trufflehog.yml create mode 100644 .github/workflows/tryvi-trufflehog-default-security-scan.yml create mode 100644 .trivy/.trivyignore.yaml create mode 100644 .trivy/trivy.yaml diff --git a/.github/compare-images.sh b/.github/compare-images.sh new file mode 100755 index 00000000..ba70859d --- /dev/null +++ b/.github/compare-images.sh @@ -0,0 +1,73 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "Error: No tag provided. Usage: ./compare-image.sh " + exit 1 +fi + +IMAGE_TAG=$1 + +if [[ "$IMAGE_TAG" == *"debian"* ]]; then + docker run -i --rm "$IMAGE_TAG" sh -s <<'EOF' + echo "=== Debian Version ===" + echo -n "Debian " && cat /etc/debian_version + + echo "" + echo "=== Installed PHP Extensions ===" + docker-php-source extract + for ext in `ls /usr/src/php/ext`; do + echo ' ' `php -r "if (extension_loaded('$ext' !== 'opcache' ? '$ext' : 'Zend OPcache')) { echo '[x] $ext'; } else { echo '[ ] $ext'; }"`; + done + + echo "" + echo "=== Disabled PHP Extensions ===" + for f in /usr/local/etc/php/disabled/*.ini; do + disabled=$(basename $f | sed -e 's/\.ini$//'); + echo " [ ] ${disabled} $(PHP_INI_SCAN_DIR=:/usr/local/etc/php/disabled php -r "echo phpversion('${disabled}');")"; + done + + echo "" + echo "=== PECL Extensions ===" + pear list -c pecl + + echo "" + echo "=== Composer Version ===" + composer -V + + echo "" + echo "=== Installed System Packages ===" + dpkg-query -W --showformat='${Package} ${Version}\n' | sort +EOF +else + docker run -i --rm "$IMAGE_TAG" sh -s <<'EOF' + echo "=== Alpine Version ===" + echo -n "Alpine " && cat /etc/alpine-release + + echo "" + echo "=== Installed PHP Extensions ===" + docker-php-source extract + for ext in `ls /usr/src/php/ext`; do + echo ' ' `php -r "if (extension_loaded('$ext' !== 'opcache' ? '$ext' : 'Zend OPcache')) { echo '[x] $ext'; } else { echo '[ ] $ext'; }"`; + done + + echo "" + echo "=== Disabled PHP Extensions ===" + for f in /usr/local/etc/php/disabled/*.ini; do + disabled=$(basename $f | sed -e 's/\.ini$//'); + echo " [ ] ${disabled} $(PHP_INI_SCAN_DIR=:/usr/local/etc/php/disabled php -r "echo phpversion('${disabled}');")"; + done + + echo "" + echo "=== PECL Extensions ===" + pear list -c pecl + + echo "" + echo "=== Composer Version ===" + composer -V + + echo "" + echo "=== Installed System Packages ===" + apk info -vv | sort +EOF +fi + diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2240e367..ca47227d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,7 +1,11 @@ -name: CI +name: CI/CD on: push +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: build: runs-on: ubuntu-latest @@ -68,6 +72,7 @@ jobs: - image: "debian/bullseye/8.3/Dockerfile" tags: [ "spryker/php:8.3-debian" ] platforms: [ "linux/amd64", "linux/arm64" ] + steps: - name: Check out repository uses: actions/checkout@v3 @@ -76,10 +81,23 @@ jobs: - name: Get the previous commit hash id: previous_commit - if: ${{ github.ref == 'refs/heads/master' }} run: | - PREV_COMMIT_HASH=$(git rev-parse HEAD^1) - echo "PREV_COMMIT_HASH=$PREV_COMMIT_HASH" >> $GITHUB_ENV + if [ "${{ github.ref }}" == "refs/heads/master" ]; then + PREV_COMMIT_HASH=$(git rev-parse HEAD^1) + else + PREV_COMMIT_HASH=$(git rev-parse origin/master) + IMAGE_TAG="${{ matrix.tags[0] }}" + echo "Pulling image $IMAGE_TAG" + docker pull "$IMAGE_TAG" + + NEW_TAG="${IMAGE_TAG}-${PREV_COMMIT_HASH}" + echo "Re-tagging image to $NEW_TAG" + docker tag "$IMAGE_TAG" "$NEW_TAG" + + echo "Removing the pulled image $IMAGE_TAG" + docker rmi "$IMAGE_TAG" || true + fi + echo "PREV_COMMIT_HASH=$PREV_COMMIT_HASH" >> $GITHUB_ENV - name: Set up QEMU uses: docker/setup-qemu-action@v2 @@ -111,6 +129,52 @@ jobs: uses: docker/build-push-action@v2 with: push: ${{ github.ref == 'refs/heads/master' }} + load: ${{ github.ref != 'refs/heads/master' }} file: ${{ matrix.image }} tags: ${{ join(matrix.tags) }} - platforms: ${{ join(matrix.platforms) }} + platforms: ${{ github.ref == 'refs/heads/master' && join(matrix.platforms) || 'linux/amd64' }} + + - name: Current image report + run: | + CURRENT_TAG=${{ matrix.tags[0] }} + bash .github/compare-images.sh $CURRENT_TAG > current-image-report.txt || true + cat current-image-report.txt + + - name: Previous image report + run: | + PREVIOUS_TAG="${{ matrix.tags[0] }}-${{ env.PREV_COMMIT_HASH }}" + bash .github/compare-images.sh $PREVIOUS_TAG > previous-image-report.txt || true + cat previous-image-report.txt + + - name: Run the diff + run: | + DIFF_OUTPUT=$(diff current-image-report.txt previous-image-report.txt | sed ':a;N;$!ba;s/\n/\\n/g' || true) + echo "$DIFF_OUTPUT" + + echo "DIFF_OUTPUT<> $GITHUB_ENV + echo "$DIFF_OUTPUT" >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + + - name: Send Slack Notification + if: ${{ github.ref == 'refs/heads/master' && env.DIFF_OUTPUT != '' }} + uses: slackapi/slack-github-action@v1.24.0 + with: + payload: | + { + "attachments": [ + { + "pretext": "Release changes for *spryker/php:${{ matrix.tags[0] }}*", + "color": "good", + "fields": [ + { + "title": "Image diff:", + "value": "${{ env.DIFF_OUTPUT }}", + "short": false + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/cleanup-old-docker-images.yml b/.github/workflows/cleanup-old-docker-images.yml new file mode 100644 index 00000000..3e55c214 --- /dev/null +++ b/.github/workflows/cleanup-old-docker-images.yml @@ -0,0 +1,103 @@ +name: Cleanup Old Docker Images > 6 months by the scheduler + +on: + push: + branches: + - master + +jobs: + cleanup: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repository + uses: actions/checkout@v2 + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: List Docker Hub images and delete ones matching the pattern + run: | + REPO="spryker/php" + curl -s "https://hub.docker.com/v2/repositories/${REPO}/tags?page_size=1000" > tags.json + TODAY=$(date +%s) + THRESHOLD=$((180 * 24 * 60 * 60)) # 180 days in seconds + + # Regex pattern to match tags that end with a hash (40-character hexadecimal) + HASH_PATTERN=".*-[a-f0-9]{40}$" + IMAGES_DELETED=false + DELETED_IMAGES="" + + for TAG in $(jq -r '.results[] | @base64' < tags.json); do + _jq() { + echo ${TAG} | base64 --decode | jq -r ${1} + } + + TAG_NAME=$(_jq '.name') + LAST_UPDATED=$(_jq '.last_updated') + LAST_UPDATED_DATE=$(date -d "${LAST_UPDATED}" +%s) + + AGE=$((TODAY - LAST_UPDATED_DATE)) + + if [[ ${AGE} -ge ${THRESHOLD} ]] && [[ ${TAG_NAME} =~ ${HASH_PATTERN} ]]; then + echo "Deleting image tag ${TAG_NAME} (last updated: ${LAST_UPDATED})" + IMAGES_DELETED=true + DELETED_IMAGES="${DELETED_IMAGES}\n${TAG_NAME}" + + # Uncomment the following lines to enable image deletion + curl -X DELETE \ + -u "${{ secrets.DOCKER_USERNAME }}:${{ secrets.DOCKER_PASSWORD }}" \ + "https://hub.docker.com/v2/repositories/${REPO}/tags/${TAG_NAME}/" + fi + done + + if [[ ${IMAGES_DELETED} == false ]]; then + echo "No images found for deletion" > deleted_images.txt + else + echo -e "Deleted images: ${DELETED_IMAGES}" > deleted_images.txt + fi + + - name: Read Deleted Images + id: read_deleted_images + run: | + DELETED_IMAGES=$(cat deleted_images.txt) + echo "Deleted images: ${DELETED_IMAGES}" + echo "::set-output name=deleted_images::${DELETED_IMAGES}" + shell: bash + + - name: Send Slack Notification + uses: slackapi/slack-github-action@v1.24.0 + if: ${{ github.ref == 'refs/heads/master' }} + with: + payload: | + { + "attachments": [ + { + "pretext": "Outdated docker images cleanup (180 days) for *${{ github.repository }} repository*", + "color": "good", + "fields": [ + { + "title": "Images:", + "value": "${{ steps.read_deleted_images.outputs.deleted_images }}", + "short": false + }, + { + "title": "Branch:", + "value": "${{ github.ref }}", + "short": true + }, + { + "title": "Commit:", + "value": "${{ github.sha }}", + "short": true + } + ] + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/security.yml b/.github/workflows/ecr-scheduled-security-scan.yml similarity index 96% rename from .github/workflows/security.yml rename to .github/workflows/ecr-scheduled-security-scan.yml index a4d55192..6ca01f82 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/ecr-scheduled-security-scan.yml @@ -1,10 +1,10 @@ -name: Vulnerability detection +name: ECR vulnerability detection on: schedule: - cron: '0 9 * * *' push: - branches-ignore: + branches: - master jobs: @@ -119,7 +119,7 @@ jobs: "text": "Scanned image tag *${{ matrix.tags }}*.", "attachments": [ { - "pretext": "Vulnerability scan outputs for ${{ steps.set-date.outputs.current_datetime }}", + "pretext": "ECR vulnerability scan outputs for ${{ steps.set-date.outputs.current_datetime }}", "color": "${{ steps.set-color.outputs.color }}", "fields": [ { diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml new file mode 100644 index 00000000..1ee799f2 --- /dev/null +++ b/.github/workflows/trivy.yml @@ -0,0 +1,23 @@ +name: Trivy secrets scan + +on: + push: + branches-ignore: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + trivy-secrets-scan: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Scan for secrets in repository + uses: aquasecurity/trivy-action@0.28.0 + with: + scan-type: 'fs' + trivy-config: .trivy/trivy.yaml diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml new file mode 100644 index 00000000..c4be3c77 --- /dev/null +++ b/.github/workflows/trufflehog.yml @@ -0,0 +1,39 @@ +name: Trufflehog secrets scan + +on: + push: + branches-ignore: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + trufflehog-vulnerability-detection: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Display File Structure + run: | + echo "Displaying file structure..." + find . -type f + + - name: Secret Scanning + id: trufflehog_scan + uses: trufflesecurity/trufflehog@v3.82.8 + with: + path: ./ + base: "${{ github.event.repository.default_branch }}" + head: HEAD + extra_args: --debug + + - name: Check Trufflehog Result and Fail if Secrets Found + run: | + if [ "${{ steps.trufflehog_scan.outcome }}" == "failure" ]; then + echo "Secrets were found by Trufflehog!" + exit 1 # This will fail the workflow + fi diff --git a/.github/workflows/tryvi-trufflehog-default-security-scan.yml b/.github/workflows/tryvi-trufflehog-default-security-scan.yml new file mode 100644 index 00000000..7552ccee --- /dev/null +++ b/.github/workflows/tryvi-trufflehog-default-security-scan.yml @@ -0,0 +1,99 @@ +name: Build and Scan Docker Images with Trivy && Trufflehog + +on: + push: + branches-ignore: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + build-and-scan-images-for-vulnerabilities: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + ## Alpine + ### Alpine 3.17 + - context: "alpine/3.17/8.1" + dockerfile: "Dockerfile" + tags: "8.1-alpine3.17" + platforms: "linux/amd64" + - context: "alpine/3.17/8.2" + dockerfile: "Dockerfile" + tags: "8.2-alpine3.17" + platforms: "linux/amd64" + - context: "alpine/3.17/8.3" + dockerfile: "Dockerfile" + tags: "8.3-alpine3.17" + platforms: "linux/amd64" + + ### Alpine 3.18 + - context: "alpine/3.18/8.1" + dockerfile: "Dockerfile" + tags: "8.1-alpine3.18" + platforms: "linux/amd64" + - context: "alpine/3.18/8.2" + dockerfile: "Dockerfile" + tags: "8.2-alpine3.18" + platforms: "linux/amd64" + - context: "alpine/3.18/8.3" + dockerfile: "Dockerfile" + tags: "8.3-alpine3.18" + platforms: "linux/amd64" + + ### Alpine 3.19 + - context: "alpine/3.19/8.1" + dockerfile: "Dockerfile" + tags: "8.1-alpine3.19" + platforms: "linux/amd64" + - context: "alpine/3.19/8.2" + dockerfile: "Dockerfile" + tags: "8.2-alpine3.19" + platforms: "linux/amd64" + - context: "alpine/3.19/8.3" + dockerfile: "Dockerfile" + tags: "8.3-alpine3.19" + platforms: "linux/amd64" + + ### Alpine 3.20 + - context: "alpine/3.20/8.1" + dockerfile: "Dockerfile" + tags: "8.1-alpine3.20" + platforms: "linux/amd64" + - context: "alpine/3.20/8.2" + dockerfile: "Dockerfile" + tags: "8.2-alpine3.20" + platforms: "linux/amd64" + - context: "alpine/3.20/8.3" + dockerfile: "Dockerfile" + tags: "8.3-alpine3.20" + platforms: "linux/amd64" + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Build Docker image + run: | + docker build --platform ${{ matrix.platforms }} -t spryker/php:${{ matrix.tags }} -f ${{ matrix.context }}/${{ matrix.dockerfile }} . + + - name: Scan Docker image with Trufflehog + continue-on-error: false + run: | + docker run --rm trufflesecurity/trufflehog:latest docker --image spryker/php:${{ matrix.tags }} --only-verified + + - name: Scan Docker image with Trivy + uses: aquasecurity/trivy-action@0.28.0 + with: + image-ref: "spryker/php:${{ matrix.tags }}" + exit-code: '1' + severity: 'LOW,MEDIUM,HIGH,CRITICAL' + ignore-unfixed: true + + - name: Show scan result + run: | + echo "Trivy scan completed for spryker/php:${{ matrix.tags }}" diff --git a/.trivy/.trivyignore.yaml b/.trivy/.trivyignore.yaml new file mode 100644 index 00000000..e69de29b diff --git a/.trivy/trivy.yaml b/.trivy/trivy.yaml new file mode 100644 index 00000000..22afc777 --- /dev/null +++ b/.trivy/trivy.yaml @@ -0,0 +1,12 @@ +scan: + scanners: + - secret +severity: + - UNKNOWN + - LOW + - MEDIUM + - HIGH + - CRITICAL +exit-code: 1 +#ignorefile: .trivy/.trivyignore.yaml +debug: true \ No newline at end of file diff --git a/README.md b/README.md index d746fc9e..ea79a8f6 100644 --- a/README.md +++ b/README.md @@ -179,7 +179,7 @@ Disabled extensions ==================== [ ] amqp 2.1.2 [ ] blackfire 1.87.1~linux-musl-x64-non_zts82 - [ ] newrelic 10.22.0.12 + [ ] newrelic 11.2.0.15 [ ] pcov 1.0.11 [ ] tideways 5.5.14 [ ] xhprof 2.3.10 diff --git a/alpine/3.17/8.1/Dockerfile b/alpine/3.17/8.1/Dockerfile index 3806040c..232c7a67 100644 --- a/alpine/3.17/8.1/Dockerfile +++ b/alpine/3.17/8.1/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=81 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.5.14 ARG TIDEWAYS_PHP_VERSION=8.1 diff --git a/alpine/3.17/8.2/Dockerfile b/alpine/3.17/8.2/Dockerfile index 28f648da..ec93f8b3 100644 --- a/alpine/3.17/8.2/Dockerfile +++ b/alpine/3.17/8.2/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=82 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.5.14 ARG TIDEWAYS_PHP_VERSION=8.2 diff --git a/alpine/3.17/8.3/Dockerfile b/alpine/3.17/8.3/Dockerfile index 39d49e88..8e4e0102 100644 --- a/alpine/3.17/8.3/Dockerfile +++ b/alpine/3.17/8.3/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=83 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.6.4 ARG TIDEWAYS_PHP_VERSION=8.3 diff --git a/alpine/3.18/8.1/Dockerfile b/alpine/3.18/8.1/Dockerfile index 89052c75..d0569d36 100644 --- a/alpine/3.18/8.1/Dockerfile +++ b/alpine/3.18/8.1/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=81 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.5.14 ARG TIDEWAYS_PHP_VERSION=8.1 diff --git a/alpine/3.18/8.2/Dockerfile b/alpine/3.18/8.2/Dockerfile index e3e6e261..2cffcd9a 100644 --- a/alpine/3.18/8.2/Dockerfile +++ b/alpine/3.18/8.2/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=82 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.5.14 ARG TIDEWAYS_PHP_VERSION=8.2 diff --git a/alpine/3.18/8.3/Dockerfile b/alpine/3.18/8.3/Dockerfile index 649acded..568277a8 100644 --- a/alpine/3.18/8.3/Dockerfile +++ b/alpine/3.18/8.3/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=83 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.6.4 ARG TIDEWAYS_PHP_VERSION=8.3 diff --git a/alpine/3.19/8.1/Dockerfile b/alpine/3.19/8.1/Dockerfile index 141fc9cb..95fe084b 100644 --- a/alpine/3.19/8.1/Dockerfile +++ b/alpine/3.19/8.1/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=81 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.5.14 ARG TIDEWAYS_PHP_VERSION=8.1 diff --git a/alpine/3.19/8.2/Dockerfile b/alpine/3.19/8.2/Dockerfile index 076bb312..89b1f570 100644 --- a/alpine/3.19/8.2/Dockerfile +++ b/alpine/3.19/8.2/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=82 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.5.14 ARG TIDEWAYS_PHP_VERSION=8.2 diff --git a/alpine/3.19/8.3/Dockerfile b/alpine/3.19/8.3/Dockerfile index 29f490f2..d2a5cbd5 100644 --- a/alpine/3.19/8.3/Dockerfile +++ b/alpine/3.19/8.3/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=83 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.6.4 ARG TIDEWAYS_PHP_VERSION=8.3 diff --git a/alpine/3.20/8.1/Dockerfile b/alpine/3.20/8.1/Dockerfile index 323c7fc2..ca1ef760 100644 --- a/alpine/3.20/8.1/Dockerfile +++ b/alpine/3.20/8.1/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=81 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.5.14 ARG TIDEWAYS_PHP_VERSION=8.1 diff --git a/alpine/3.20/8.2/Dockerfile b/alpine/3.20/8.2/Dockerfile index b3a3db03..c949d75a 100644 --- a/alpine/3.20/8.2/Dockerfile +++ b/alpine/3.20/8.2/Dockerfile @@ -6,7 +6,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=82 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.5.14 ARG TIDEWAYS_PHP_VERSION=8.2 diff --git a/alpine/3.20/8.3/Dockerfile b/alpine/3.20/8.3/Dockerfile index 6adeda72..9e837b5c 100644 --- a/alpine/3.20/8.3/Dockerfile +++ b/alpine/3.20/8.3/Dockerfile @@ -6,7 +6,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=83 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.6.4 ARG TIDEWAYS_PHP_VERSION=8.3 diff --git a/debian/bullseye/8.0/Dockerfile b/debian/bullseye/8.0/Dockerfile index cde06f5f..69107230 100644 --- a/debian/bullseye/8.0/Dockerfile +++ b/debian/bullseye/8.0/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=80 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.5.8 ARG TIDEWAYS_PHP_VERSION=8.0 ARG GOLANG_VERSION=1.20.3 diff --git a/debian/bullseye/8.1/Dockerfile b/debian/bullseye/8.1/Dockerfile index 9b0dfd2b..7023eccc 100644 --- a/debian/bullseye/8.1/Dockerfile +++ b/debian/bullseye/8.1/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=81 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.5.8 ARG TIDEWAYS_PHP_VERSION=8.1 ARG GOLANG_VERSION=1.20.3 diff --git a/debian/bullseye/8.2/Dockerfile b/debian/bullseye/8.2/Dockerfile index 05b060fc..5dd008d6 100644 --- a/debian/bullseye/8.2/Dockerfile +++ b/debian/bullseye/8.2/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=82 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.5.14 ARG TIDEWAYS_PHP_VERSION=8.2 ARG GOLANG_VERSION=1.20.3 diff --git a/debian/bullseye/8.3/Dockerfile b/debian/bullseye/8.3/Dockerfile index f546eae8..c939630d 100644 --- a/debian/bullseye/8.3/Dockerfile +++ b/debian/bullseye/8.3/Dockerfile @@ -7,7 +7,7 @@ ARG TARGETPLATFORM ARG COMPOSER_VERSION=2.8.1 ARG BLACKFIRE_VERSION=1.87.1 ARG BLACKFIRE_PHP_VERSION=83 -ARG NEWRELIC_VERSION=10.22.0.12 +ARG NEWRELIC_VERSION=11.2.0.15 ARG TIDEWAYS_VERSION=5.6.4 ARG TIDEWAYS_PHP_VERSION=8.3 ARG GOLANG_VERSION=1.20.3