From 4928ad6ab00a58b78e1a3c57f4d70aa6d9042e98 Mon Sep 17 00:00:00 2001
From: dirgim <kpavic@redhat.com>
Date: Wed, 4 Dec 2024 10:55:27 +0100
Subject: [PATCH] test: try fixing certificate issues

Signed-off-by: dirgim <kpavic@redhat.com>

rh-pre-commit.version: 2.2.0
rh-pre-commit.check-secrets: ENABLED
---
 Dockerfile | 27 ++++++++-------------------
 1 file changed, 8 insertions(+), 19 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0004ae3..1fa3169 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,3 @@
-# Build step for check-payload tool
-FROM registry.access.redhat.com/ubi9/go-toolset:1.21.13-2.1729776560 as check-payload-build
-
-WORKDIR /opt/app-root/src
-
-ARG CHECK_PAYLOAD_VERSION=0.3.2
-
-RUN curl -k -s -L -o check-payload.tar.gz "https://github.com/openshift/check-payload/archive/refs/tags/${CHECK_PAYLOAD_VERSION}.tar.gz" && \
-    tar -xzf check-payload.tar.gz && rm check-payload.tar.gz && cd check-payload-${CHECK_PAYLOAD_VERSION} && \
-    CGO_ENABLED=0 go build -ldflags="-X main.Commit=${CHECK_PAYLOAD_VERSION}" -o /opt/app-root/src/check-payload-binary && chmod +x /opt/app-root/src/check-payload-binary
-
 # Container image that runs your code
 FROM docker.io/snyk/snyk:linux@sha256:2ec253d460c17af1790e74ee5d0a5be322686e454ee9c64a3e9a4656814f81c4 as snyk
 FROM quay.io/enterprise-contract/ec-cli:snapshot@sha256:dc7d404596385e7d3c624ec0492524a1d57efe2b0c10cf0ec2158d49c0290a83 AS ec-cli
@@ -26,7 +15,9 @@ ARG UMOCI_VERSION=v0.4.7
 
 ENV POLICY_PATH="/project"
 
-RUN curl -k -s -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm --output epel-release-latest-9.noarch.rpm && \
+ADD https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm epel-release-latest-9.noarch.rpm
+
+RUN microdnf -y upgrade ca-certificates curl && \
     rpm -Uvh epel-release-latest-9.noarch.rpm && \
     microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install \
     findutils \
@@ -44,17 +35,17 @@ RUN curl -k -s -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.no
     csmock-plugin-shellcheck-core \
     clamav-update && \
     pip3 install --no-cache-dir yq && \
-    curl -k -s -L https://github.com/CycloneDX/sbom-utility/releases/download/v"${sbom_utility_version}"/sbom-utility-v"${sbom_utility_version}"-linux-amd64.tar.gz --output sbom-utility.tar.gz && \
+    curl -s -L https://github.com/CycloneDX/sbom-utility/releases/download/v"${sbom_utility_version}"/sbom-utility-v"${sbom_utility_version}"-linux-amd64.tar.gz --output sbom-utility.tar.gz && \
     mkdir sbom-utility && tar -xf sbom-utility.tar.gz -C sbom-utility && rm sbom-utility.tar.gz && \
     cd /usr/bin && \
     microdnf -y install libicu && \
     microdnf clean all
 
-RUN ARCH=$(uname -m) && curl -k -s -L https://github.com/open-policy-agent/conftest/releases/download/v"${conftest_version}"/conftest_"${conftest_version}"_Linux_"$ARCH".tar.gz | tar -xz --no-same-owner -C /usr/bin/ && \
+RUN ARCH=$(uname -m) && curl -s -L https://github.com/open-policy-agent/conftest/releases/download/v"${conftest_version}"/conftest_"${conftest_version}"_Linux_"$ARCH".tar.gz | tar -xz --no-same-owner -C /usr/bin/ && \
     curl https://mirror.openshift.com/pub/openshift-v4/"$ARCH"/clients/ocp/stable/openshift-client-linux.tar.gz --output oc.tar.gz && tar -xzvf oc.tar.gz -C /usr/bin && rm oc.tar.gz && \
-    curl -k -s -LO "https://github.com/bats-core/bats-core/archive/refs/tags/v$BATS_VERSION.tar.gz" && \
-    curl -k -s -L https://github.com/operator-framework/operator-registry/releases/download/"${OPM_VERSION}"/linux-amd64-opm > /usr/bin/opm && chmod +x /usr/bin/opm && \
-    curl -k -s -L https://github.com/opencontainers/umoci/releases/download/"${UMOCI_VERSION}"/umoci.amd64 > /usr/bin/umoci && chmod +x /usr/bin/umoci && \
+    curl -s -LO "https://github.com/bats-core/bats-core/archive/refs/tags/v$BATS_VERSION.tar.gz" && \
+    curl -s -L https://github.com/operator-framework/operator-registry/releases/download/"${OPM_VERSION}"/linux-amd64-opm > /usr/bin/opm && chmod +x /usr/bin/opm && \
+    curl -s -L https://github.com/opencontainers/umoci/releases/download/"${UMOCI_VERSION}"/umoci.amd64 > /usr/bin/umoci && chmod +x /usr/bin/umoci && \
     tar -xf "v$BATS_VERSION.tar.gz" && \
     cd "bats-core-$BATS_VERSION" && \
     ./install.sh /usr && \
@@ -69,8 +60,6 @@ COPY --from=ec-cli /usr/local/bin/ec /usr/local/bin/ec
 
 COPY --from=cosign-bin /ko-app/cosign /usr/local/bin/cosign
 
-COPY --from=check-payload-build /opt/app-root/src/check-payload-binary /usr/bin/check-payload
-
 COPY policies $POLICY_PATH
 COPY test/conftest.sh $POLICY_PATH