From 0b54a2638cb8e0b0e961318c93c184506eaa7008 Mon Sep 17 00:00:00 2001
From: Chris Harris <cjh@lbl.gov>
Date: Mon, 9 Dec 2024 14:43:54 +0000
Subject: [PATCH 1/2] Switch to wolfi-base

---
 Dockerfile | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index eb3cf057..a332cfc3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,7 +28,7 @@
 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
 
-FROM artifactory.algol60.net/docker.io/library/alpine:3.17 AS base
+FROM cgr.dev/chainguard/wolfi-base AS base
 
 COPY src/requirements.txt /app/requirements.txt
 
@@ -43,8 +43,6 @@ RUN set -ex \
         openssl-dev \
         libffi-dev \
         gcc \
-        musl-dev \
-        cargo \
         curl \
     && pip3 install --upgrade \
         pip \
@@ -57,9 +55,8 @@ RUN set -ex \
         gcc \
         python3-dev \
         openssl-dev \
-        libffi-dev \
-        musl-dev \
-        cargo
+        libffi-dev
+
 
 # Insert our emulator extentions
 COPY src /app

From 21adf3124751e6b9d68bc1ddc7ce63551cd30b4b Mon Sep 17 00:00:00 2001
From: Chris Harris <cjh@lbl.gov>
Date: Mon, 9 Dec 2024 15:09:33 +0000
Subject: [PATCH 2/2] Replace GitHub Action workflow

---
 .../workflows/build_and_publish_image.yaml    | 45 +++++++++++++++++++
 .../workflows/build_and_release_image.yaml    | 12 -----
 2 files changed, 45 insertions(+), 12 deletions(-)
 create mode 100644 .github/workflows/build_and_publish_image.yaml
 delete mode 100644 .github/workflows/build_and_release_image.yaml

diff --git a/.github/workflows/build_and_publish_image.yaml b/.github/workflows/build_and_publish_image.yaml
new file mode 100644
index 00000000..adc1e8aa
--- /dev/null
+++ b/.github/workflows/build_and_publish_image.yaml
@@ -0,0 +1,45 @@
+name: build and publish images
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - v*
+permissions:
+  packages: write
+  contents: read
+jobs:
+  build-csm-rie:
+    runs-on: ubuntu-latest
+    steps:
+      - name: check out the repo
+        uses: actions/checkout@v4
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/openchami/csm-rie
+
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern=v{{version}}
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=semver,pattern=v{{major}}
+            type=sha
+      - name: setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: login to github container repo
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: build and push csm-rie image
+        uses: docker/build-push-action@v5
+        with:
+          platforms: linux/amd64, linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/build_and_release_image.yaml b/.github/workflows/build_and_release_image.yaml
deleted file mode 100644
index 6e79284f..00000000
--- a/.github/workflows/build_and_release_image.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-name: Build and Publish Service Docker Images
-on:
-  - push # Perform a build of the contents from the branch
-  - pull_request # Perform a build after merging with the target branch
-  - workflow_dispatch
-jobs:
-  build_and_release:
-    uses: Cray-HPE/hms-build-image-workflows/.github/workflows/build_and_release_image.yaml@v2
-    with:
-      image-name: csm-rie
-      enable-pr-comment: true
-    secrets: inherit