fix: requirements.txt to reduce vulnerabilities #911

	# Copyright (c) 2024 Isaac Adams
	# Licensed under the MIT License. See LICENSE file in the project root for full license information.
	name: Build Image

	on:
	workflow_run:
	workflows: [ "Build Base Image" ]
	types:
	- completed

	push:
	paths-ignore:
	- '.github/**'
	- 'seeds/**'
	- 'dump/**'
	- 'k8s/**'
	- '!.github/workflows/build-image.yml'
	- '.gitignore'

	concurrency:
	group: deployment

	env:
	PROJECT_ID: crank-404520
	SERVICE: crank
	REGION: us-west1
	ARTIFACT_REPO: crank-repository
	NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}

	jobs:
	build-image:
	permissions:
	contents: 'read'
	id-token: 'write'
	packages: 'write'

	runs-on: ubuntu-latest

	steps:
	- name: Check if last commit was a merge commit
	id: check
	run: \|
	if [[ "$(git log --merges -1 --pretty=%H)" != "$(git log -1 --pretty=%H)" ]]; then
	echo "This was not a merge commit. Exiting..."
	exit 1
	fi

	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set environment variables from .env-prod
	id: env-vars
	run: \|
	set -a
	source .env-prod
	set +a
	echo "::set-output name=env_vars::$(cat .env-prod \| grep -v '^#' \| xargs)"

	- name: Authenticate with GitHub Container Registry
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and Push Container to GitHub Container Registry
	uses: docker/build-push-action@v5
	with:
	context: .
	push: true
	tags: ghcr.io/${{ github.repository }}/${{ env.SERVICE }}:${{ github.sha }}
	build-args: ${{ steps.env-vars.outputs.env_vars }}

Provide feedback