Commit graph

10 commits

Author SHA1 Message Date
nodiscc
3b5923b7e1
tools/CI: scan repository with trivy security scanner (yarn.lock, composer.lock)
- run scan on each push/pull request update
- can be run locally using make test_trivy_repo
- exit with error code 0/success when vulnerabilities are found,  as not to make the workflow fail, a separate periodic run that exits with code 1 should be added in parallel
- update trivy to v0.43.0
- https://github.com/aquasecurity/trivy/releases/tag/v0.43.0
- also consider TRIVY_EXIT_CODE when running trivy on the latest docker image
- ref. https://github.com/shaarli/Shaarli/issues/1531
2023-06-30 23:56:09 +02:00
nodiscc
0eee6a2ba1
gihub actions: fix value of TRIVY_TARGET_DOCKER_IMAGE
- fixes Error response from daemon: no such image: ghcr.io/***:trivy: No such image: ghcr.io/***:trivy
- introduced in https://github.com/shaarli/Shaarli/pull/1980 but the test target branch/tag was never reverted to 'latest'
2023-05-21 21:08:36 +02:00
nodiscc
22b4044986
tools/github actions: revert temporary changes used for trivy tests on fork/branch 2023-05-02 12:27:49 +02:00
nodiscc
d48e06f438
run trivy vulnerability scanner on the 'latest' docker image
- run trivy from makefile so that it can be run both locally and through github actions
- usage: make test_trivy TRIVY_TARGET_DOCKER_IMAGE=regist.ry/user/image:tag
- tested by downgrading the base image to alpine 3.15.7 and verifying that vulnerabilities are reported (https://github.com/nodiscc/Shaarli/actions/runs/4860040980/jobs/8663400103)
- TEMP/TESTING only push image to ghcr.io, run trivy on trivy branch/docker tag as well as master
- ref. https://github.com/shaarli/Shaarli/issues/1531
2023-05-02 12:24:50 +02:00
ArthurHoaro
ef9d019ccd
Docker build: add ARM64 platform and bump Github action version (#1965) 2023-03-25 09:35:58 -04:00
nodiscc
fd4379992d
github actions: build OCI images that contin both amd64 and armv7
- ref. https://docs.docker.com/engine/reference/commandline/buildx_build/#platform
- ref. https://docs.docker.com/build/ci/github-actions/multi-platform/
- replaces https://github.com/shaarli/Shaarli/pull/1496
- make docker image name configurable through CI variables for easier testing
2023-03-21 18:10:37 +01:00
nodiscc
169755c6a9
docker: latest: replace dev in shaarli_version.php with the latest commit hash
- fixes https://github.com/shaarli/Shaarli/issues/1676
- testing was successful using docker run --entrypoint /bin/cat nodiscc/shaarli:latest shaarli/shaarli_version.php (returns <?php /* c4a5ef5 */ ?>)
2023-03-17 15:04:38 +01:00
Denis Renning
4c76d4eea9
Github actions: update node (#1928)
* update Node dependent actions
* doc: update compatibility table

Co-authored-by: William Desportes <williamdes@wdes.fr>
Co-authored-by: nodiscc <nodiscc@gmail.com>
2023-03-17 01:22:20 +00:00
Hg
cc2ea94d06 ci: push container images to github registry in addition to dockerhub
it's good to have multiple container registries, in case one decides to not
be welcoming anymore to open-source projects
2023-03-16 21:30:43 +01:00
nodiscc
eeaabc05a7
build and push docker images using github actions
- push images to https://hub.docker.com/r/shaarli/shaarli/tags using a personal access token (access tokens are not available for organizations)
- push an image tagged :latest for builds on master
- push an image with the same tag as the git tag for v*.*.* tags, and for the "release" branch
- update documentation (remove references to Travis/Drone CI
- deprecate stable and master Docker tags (ref. https://github.com/shaarli/Shaarli/issues/1453)
- add deprecation notices to CHANGELOG.md
2021-06-15 20:35:36 +02:00