#!/usr/bin/env bash
set -euo pipefail
bundle exec bundler-audit check --update
npm audit --audit-level=high
pip-audit --strict
#!/usr/bin/env bash
set -euo pipefail
cosign sign --key env://COSIGN_PRIVATE_KEY ghcr.io/example/codesnips:${GITHUB_SHA}
cosign verify --key env://COSIGN_PUBLIC_KEY ghcr.io/example/codesnips:${GITHUB_SHA}
FROM ruby:3.3.1-slim AS base
RUN apt-get update \
&& apt-get install -y --no-install-recommends build-essential libpq-dev \
&& rm -rf /var/lib/apt/lists/*