From cebb52f6980dce81b52c0ae119deec861c95d156 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Thu, 5 Sep 2024 17:44:33 +0200
Subject: [PATCH 1/2] Fix the Dockerfile env (hopefully)

* Upgrade both GHCR and Docker hub foile to alpine 3.2
* uses openssl version 3.3 as a alternative to option (default is still "ours"
* docker 3.0 yml hast now ubuntu-22.04 (not EOL) + "latest" omitted
---
 .github/dependabot.yml           | 12 ++++++++++++
 .github/workflows/docker-3.0.yml |  3 +--
 Dockerfile                       | 11 ++++++-----
 Dockerfile.git                   | 12 ++++++------
 4 files changed, 25 insertions(+), 13 deletions(-)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..4cff4d6
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,12 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/docker-3.0.yml b/.github/workflows/docker-3.0.yml
index b09ac62..7b7b558 100644
--- a/.github/workflows/docker-3.0.yml
+++ b/.github/workflows/docker-3.0.yml
@@ -15,7 +15,7 @@ env:
 jobs:
 
   deploy:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Source checkout
@@ -60,4 +60,3 @@ jobs:
           labels: ${{ steps.docker_meta.outputs.labels }}
           tags: |
             ghcr.io/${{ github.repository }}:${{ env.BUILD_VERSION }}
-            ghcr.io/${{ github.repository }}:latest
diff --git a/Dockerfile b/Dockerfile
index 1223f92..88226a1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,16 +1,17 @@
-FROM alpine:3.18
+FROM alpine:3.20
+
+WORKDIR /home/testssl/
 
 RUN apk update && \
     apk upgrade && \
-    apk add --no-cache bash procps drill coreutils libidn curl openssl1.1-compat && \
+    apk add --no-cache bash procps drill coreutils libidn curl openssl && \
     addgroup testssl && \
     adduser -G testssl -g "testssl user"  -s /bin/bash -D testssl && \
     ln -s /home/testssl/testssl.sh /usr/local/bin/ && \
-    mkdir -m 755 -p /home/testssl/etc /home/testssl/bin && \
-    ln -s /usr/bin/openssl1.1 /usr/bin/openssl
+    mkdir -m 755 -p /home/testssl/etc /home/testssl/bin
+
 
 USER testssl
-WORKDIR /home/testssl/
 
 COPY --chown=testssl:testssl etc/. /home/testssl/etc/
 COPY --chown=testssl:testssl bin/. /home/testssl/bin/
diff --git a/Dockerfile.git b/Dockerfile.git
index b42a0d1..e7bdfbd 100644
--- a/Dockerfile.git
+++ b/Dockerfile.git
@@ -1,6 +1,8 @@
 # Build using git repo
 
-FROM alpine:3.18
+FROM alpine:3.20
+
+WORKDIR /home/testssl
 
 ARG BUILD_VERSION
 ARG ARCHIVE_URL=https://github.com/drwetter/testssl.sh/archive/
@@ -8,16 +10,14 @@ ARG URL=https://github.com/drwetter/testssl.sh.git
 
 RUN test -n "${BUILD_VERSION}" \
     && apk update \
-    && apk add --no-cache bash procps drill coreutils libidn curl openssl1.1-compat git \
-	&& git clone --depth 1 --branch ${BUILD_VERSION} $URL /home/testssl \
+    && apk add --no-cache bash procps drill coreutils libidn curl openssl git \
+    && git clone --depth 1 --branch ${BUILD_VERSION} $URL /home/testssl \
     && addgroup testssl \
     && adduser -G testssl -g "testssl user" -s /bin/bash -D testssl \
     && ln -s /home/testssl/testssl.sh /usr/local/bin/ \
-    && mkdir -m 755 -p /home/testssl/etc /home/testssl/bin \
-    && ln -s /usr/bin/openssl1.1 /usr/bin/openssl
+    && mkdir -m 755 -p /home/testssl/etc /home/testssl/bin
 
 USER testssl
-WORKDIR /home/testssl/
 
 ENTRYPOINT ["testssl.sh"]
 

From 73fa5607d863b4c2bc98b64ca94c436f31d93112 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Thu, 5 Sep 2024 17:55:44 +0200
Subject: [PATCH 2/2] restrict CI run to pull

---
 .github/workflows/test.yml | 32 ++++++++++++--------------------
 1 file changed, 12 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b408c09..793dfbd 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,27 +1,19 @@
 name: testssl.sh CI
 
 on:
-  push:
-    paths-ignore:
-      - 'utils/**'
-      - 'doc/**'
-      - 'bin/**'
-      - '**.md'
-      - '**.pem'
-      - '**.pdf'
-      - '**.html'
-      - 'LICENSE'
-      - 'Dockerfile'
     pull_request:
-      - 'utils/**'
-      - 'doc/**'
-      - 'bin/**'
-      - '**.md'
-      - '**.pem'
-      - '**.pdf'
-      - '**.html'
-      - 'LICENSE'
-      - 'Dockerfile'
+      paths-ignore:
+        - 'utils/**'
+        - 'doc/**'
+        - 'bin/**'
+        - '.github/workflows/**.yml'
+        - '**.md'
+        - '**.pem'
+        - '**.pdf'
+        - '**.html'
+        - 'LICENSE'
+        - 'Dockerfile'
+        - 'Dockerfile.git'
 
 permissions:
   contents: read