From 5d2ff2672ca7f9c901d85c70aab3ce79ff060c57 Mon Sep 17 00:00:00 2001
From: Gonzalo Diaz <devel@gon.cl>
Date: Sat, 2 Aug 2025 21:18:39 -0400
Subject: [PATCH 1/2] [CONFIG] Docker: snyk disabled.

---
 .github/workflows/docker-image.yml | 94 ++++++++++++++++--------------
 1 file changed, 49 insertions(+), 45 deletions(-)

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index 8119eb8..00dc8de 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -121,53 +121,57 @@ jobs:
           run --rm ${{ env.IMAGE_NAME }}-test
           make test
 
-  security:
-    name: "Snyk Container"
-    runs-on: ubuntu-24.04
-    needs: build
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-      - name: Download artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ env.ARTIFACT_NAME }}_prod
-          path: /tmp/
 
-      - name: Load image
-        run: |
-          docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
-          docker image ls -a
+  # yamllint disable rule:line-length
+  # security:
+  #   name: "Snyk Container"
+  #   runs-on: ubuntu-24.04
+  #   needs: build
+  #   permissions:
+  #     actions: read
+  #     contents: read
+  #     security-events: write
+  #   steps:
+  #     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+  #     - name: Download artifact
+  #       uses: actions/download-artifact@v4
+  #       with:
+  #         name: ${{ env.ARTIFACT_NAME }}_prod
+  #         path: /tmp/
+
+  #     - name: Load image
+  #       run: |
+  #         docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
+  #         docker image ls -a
+
+  #     - name: Run Snyk to check Docker image for vulnerabilities
+  #       # Snyk can be used to break the build when it detects vulnerabilities.
+  #       # In this case we want to upload the issues to GitHub Code Scanning
+  #       continue-on-error: true
+  #       uses: snyk/actions/docker@master
+  #       env:
+  #         # yamllint disable rule:line-length
+  #         # In order to use the Snyk Action you will need to have a Snyk API token.
+  #         # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
+  #         # or you can sign up for free at https://snyk.io/login
+  #         # yamllint enable rule:line-length
+  #         SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+  #       with:
+  #         image: ${{ env.IMAGE_NAME }}:${{ github.sha }}
+  #         args: --file=Dockerfile
+  #     # yamllint disable rule:line-length
+  #     # https://github.com/github/codeql-action/issues/2187#issuecomment-2043220400
+  #     - name: Replace security-severity undefined for license-related findings
+  #       run: |
+  #         sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
+  #         sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
+  #     # yamllint enable rule:line-length
+  #     - name: Upload result to GitHub Code Scanning
+  #       uses: github/codeql-action/upload-sarif@v3
+  #       with:
+  #         sarif_file: 'snyk.sarif'
+  # yamllint enable rule:line-length
 
-      - name: Run Snyk to check Docker image for vulnerabilities
-        # Snyk can be used to break the build when it detects vulnerabilities.
-        # In this case we want to upload the issues to GitHub Code Scanning
-        continue-on-error: true
-        uses: snyk/actions/docker@master
-        env:
-          # yamllint disable rule:line-length
-          # In order to use the Snyk Action you will need to have a Snyk API token.
-          # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
-          # or you can sign up for free at https://snyk.io/login
-          # yamllint enable rule:line-length
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          image: ${{ env.IMAGE_NAME }}:${{ github.sha }}
-          args: --file=Dockerfile
-      # yamllint disable rule:line-length
-      # https://github.com/github/codeql-action/issues/2187#issuecomment-2043220400
-      - name: Replace security-severity undefined for license-related findings
-        run: |
-          sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
-          sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
-      # yamllint enable rule:line-length
-      - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'snyk.sarif'
   scan:
     name: "Trivy"
     runs-on: ubuntu-24.04

From ece9feec4b19e9746ab7033bc79d4d7092e15c20 Mon Sep 17 00:00:00 2001
From: Gonzalo Diaz <devel@gon.cl>
Date: Sat, 2 Aug 2025 22:03:23 -0400
Subject: [PATCH 2/2] [BUGfIX] Docker Issue: LLVM clang-format 21 unavailable.
 https://github.com/llvm/llvm-project/issues/151221

Using 20 branch: https://github.com/llvm/llvm-project/issues/151221#issuecomment-3137269853
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 97d0cb2..6c0d863 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -70,7 +70,7 @@ RUN apt-get update && \
   rm -rf /var/lib/apt/lists/*
 ADD https://apt.llvm.org/llvm-snapshot.gpg.key llvm-snapshot.gpg.key
 RUN apt-key add llvm-snapshot.gpg.key && \
-  apt-add-repository "deb https://apt.llvm.org/jammy/ llvm-toolchain-jammy main" && \
+  apt-add-repository -y "deb https://apt.llvm.org/noble/ llvm-toolchain-noble-20 main" && \
   apt-get -y update && \
   apt-get -y install --no-install-recommends --no-install-suggests clang-format && \
   rm -rf /var/lib/apt/lists/*