Skip to content

release: image-compliance (push-guard, date tags, hadolint, trivy)#4

Merged
Headgent merged 1 commit into
mainfrom
develop
Jun 13, 2026
Merged

release: image-compliance (push-guard, date tags, hadolint, trivy)#4
Headgent merged 1 commit into
mainfrom
develop

Conversation

@Headgent

@Headgent Headgent commented Jun 13, 2026

Copy link
Copy Markdown
Contributor

Release-PR P2-phpcli (C1–C7). Kein Tag — der main-Push publiziert die Images inkl. der neuen immutable Datums-Tags :<php>-YYYYMMDD. hadolint-Required-Kontext wird NACH diesem Merge per gh api ergänzt (C10).

@Headgent
ci(image-compliance): push-guard, date tags, hadolint + trivy gates, …
850cad7 
…ghcr cleanup (#3)

P2-phpcli (C1-C7) aus PLAN_2026-06-12_jardisops-image-compliance:
- C1 Push-Guard: Build&push-Step nur bei != pull_request (build on PR, publish on merge)
- C2 Datums-Tags: IMAGE_DATE + immutable :<php>-YYYYMMDD neben moving Tags (Rollback)
- C3 hadolint-Job + .hadolint.yaml (3 begründete Base-Image-Ignores: DL3018/DL4006/SC2086)
- C4 trivy-report: non-blocking HIGH/CRITICAL-Scan der gepushten Images ins Job-Summary
- C5 ghcr-Login + packages:write entfernt (toter Code, nichts pusht nach ghcr)
- C6 Pfad-Filter: support/makefile/**, .hadolint.yaml ergänzt
- C7 README: Tag-Schema (moving vs. immutable) + Konsumenten-Empfehlung
@Headgent Headgent merged commit 0e21b48 into main Jun 13, 2026
6 checks passed
@Headgent Headgent deleted the develop branch June 13, 2026 18:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Headgent