From 64036b3ffdbbe7f4bdc1f00ace8079a35061646d Mon Sep 17 00:00:00 2001 From: Marcin Date: Thu, 5 Feb 2026 13:32:55 +0100 Subject: [PATCH 1/2] chore: harden Dockerfiles and add devops CODEOWNERS --- .github/CODEOWNERS | 7 ++++++- contrib/images/staking-api-service/Dockerfile | 5 +++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 7e102775..5adfe68c 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1,6 @@ -* @jrwbabylonlab @jeremy-babylonlabs @kirugan \ No newline at end of file +* @jrwbabylonlab @jeremy-babylonlabs @kirugan + +# DevOps team owns CI/CD and container configuration +/.github/ @babylonlabs-io/devops +/.github/CODEOWNERS @babylonlabs-io/devops +**/Dockerfile @babylonlabs-io/devops \ No newline at end of file diff --git a/contrib/images/staking-api-service/Dockerfile b/contrib/images/staking-api-service/Dockerfile index 4524924e..bd19bdfa 100644 --- a/contrib/images/staking-api-service/Dockerfile +++ b/contrib/images/staking-api-service/Dockerfile @@ -2,6 +2,7 @@ FROM golang:1.24.11-alpine AS builder ARG VERSION="HEAD" +# hadolint ignore=DL3018 RUN apk add --no-cache \ make \ git \ @@ -31,10 +32,10 @@ RUN LDFLAGS='-extldflags "-static" -v' \ make build # Final minimal image with binary only -FROM alpine:3.16 AS run +FROM alpine:3.21 AS run RUN addgroup --gid 1138 -S staking-api-service && adduser --uid 1138 -S staking-api-service -G staking-api-service -RUN apk add bash curl jq +RUN apk add --no-cache bash=5.2.37-r0 curl=8.14.1-r2 jq=1.7.1-r0 # Label should match your github repo LABEL org.opencontainers.image.source="https://github.com/babylonlabs-io/staking-api-service:${VERSION}" From 20ba049f6215357cf382066c9c11a3da7f9a436b Mon Sep 17 00:00:00 2001 From: Marcin Date: Fri, 6 Feb 2026 11:06:33 +0100 Subject: [PATCH 2/2] chore: scope CODEOWNERS devops ownership to workflows only --- .github/CODEOWNERS | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 5adfe68c..7099b790 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,6 +1,4 @@ * @jrwbabylonlab @jeremy-babylonlabs @kirugan -# DevOps team owns CI/CD and container configuration -/.github/ @babylonlabs-io/devops -/.github/CODEOWNERS @babylonlabs-io/devops -**/Dockerfile @babylonlabs-io/devops \ No newline at end of file +# DevOps team owns CI/CD workflows +/.github/workflows/ @babylonlabs-io/devops \ No newline at end of file