ci: convert Dockerfile to Wolfi (#667)

2025-12-23 08:47:33 +00:00 · 2025-04-14 12:09:48 -07:00 · 2025-04-14 12:09:48 -07:00 · a32d8bde36
commit a32d8bde36
parent aeef8f6ebf
1 changed files with 11 additions and 23 deletions
--- a/34
+++ b/34
@ -1,30 +1,18 @@
-FROM python:3.13-slim-bullseye AS build
-
-LABEL org.opencontainers.image.source=https://github.com/woodruffw/zizmor
-
-# Zizmor version to install (set as an argument to pair with zizmor releases)
-ARG ZIZMOR_VERSION
-
-ENV PYTHONUNBUFFERED=1 \
-    PIP_NO_CACHE_DIR=1 \
-    PIP_DISABLE_PIP_VERSION_CHECK=1
-
-RUN set -eux && \
-    apt-get update && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
-
-RUN pip install zizmor==${ZIZMOR_VERSION} && \
-    which zizmor
-
 # ------------------------------------------------------------------------------
 # Runtime image
 # ------------------------------------------------------------------------------

-FROM debian:bullseye-slim
+FROM cgr.dev/chainguard/wolfi-base:latest

-# Copy necessary files from build stage
-COPY --from=build /usr/local/bin/zizmor /app/zizmor
+# Wolfi zizmor version to install
+# https://edu.chainguard.dev/open-source/wolfi/apk-version-selection/
+# (set as an argument to pair with zizmor releases)
+ARG ZIZMOR_VERSION
+
+RUN set -eux && \
+    apk update && \
+    apk add zizmor=~${ZIZMOR_VERSION} && \
+    zizmor --version

 # Set the entrypoint to zizmor
-ENTRYPOINT ["/app/zizmor"]
+ENTRYPOINT ["/usr/bin/zizmor"]