Skip to content

[patch] Refresh base image security state#16

Merged
libops-agent merged 1 commit into
mainfrom
base-image-security-refresh
Jul 14, 2026
Merged

[patch] Refresh base image security state#16
libops-agent merged 1 commit into
mainfrom
base-image-security-refresh

Conversation

@libops-agent

Copy link
Copy Markdown
Contributor

Removes the reusable JWT key pair from the shared base image and requires deployments to inject unique keys. Published base rebuilds now bypass BuildKit layer caches so Alpine security fixes are resolved when a rebuild is requested.

Validation:

  • go test -count=1 ./...
  • actionlint
  • docker buildx bake --print contract for base no-cache
  • git diff --check

The branch workflow is the publication/smoke canary. Merge only after it is green and the branch base image passes the downstream PPB Trivy scan.

@libops-agent
libops-agent force-pushed the base-image-security-refresh branch from 86e74b4 to ccfe7bd Compare July 14, 2026 16:23
@libops-agent
libops-agent force-pushed the base-image-security-refresh branch from ccfe7bd to 6b9faef Compare July 14, 2026 18:48
@libops-agent
libops-agent marked this pull request as ready for review July 14, 2026 19:08
@libops-agent
libops-agent merged commit 6b9faef into main Jul 14, 2026
168 checks passed
@libops-agent
libops-agent deleted the base-image-security-refresh branch July 14, 2026 19:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant