Compare commits

..

4 Commits

6 changed files with 140 additions and 7 deletions

60
.github/workflows/codacy.yml vendored Normal file
View File

@ -0,0 +1,60 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow checks out code, performs a Codacy security scan
# and integrates the results with the
# GitHub Advanced Security code scanning feature. For more information on
# the Codacy security scan action usage and parameters, see
# https://github.com/codacy/codacy-analysis-cli-action.
# For more information on Codacy Analysis CLI in general, see
# https://github.com/codacy/codacy-analysis-cli.
name: Codacy Security Scan
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '44 1 * * 2'
permissions:
contents: read
jobs:
codacy-security-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout code
uses: actions/checkout@v2
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI
uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
with:
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
# You can also omit the token and run the tools that support default configurations
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true
output: results.sarif
format: sarif
# Adjust severity of non-security issues
gh-code-scanning-compat: true
# Force 0 exit code to allow SARIF file generation
# This will handover control about PR rejection to the GitHub side
max-allowed-issues: 2147483647
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif

48
.github/workflows/snyk-container.yml vendored Normal file
View File

@ -0,0 +1,48 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# A sample workflow which checks out the code, builds a container
# image using Docker and scans that image for vulnerabilities using
# Snyk. The results are then uploaded to GitHub Security Code Scanning
#
# For more examples, including how to limit scans to only high-severity
# issues, monitor images for newly disclosed vulnerabilities in Snyk and
# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/
name: Snyk Container
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '19 16 * * 0'
jobs:
snyk:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Build a Docker image
run: docker build -t your/image-to-test .
- name: Run Snyk to check Docker image for vulnerabilities
# Snyk can be used to break the build when it detects vulnerabilities.
# In this case we want to upload the issues to GitHub Code Scanning
continue-on-error: true
uses: snyk/actions/docker@14818c4695ecc4045f33c9cee9e795a788711ca4
env:
# In order to use the Snyk Action you will need to have a Snyk API token.
# More details in https://github.com/snyk/actions#getting-your-snyk-token
# or you can signup for free at https://snyk.io/login
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: your/image-to-test
args: --file=Dockerfile
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: snyk.sarif

View File

@ -4,8 +4,8 @@ LABEL maintainer="sombochea@cubetiqs.com"
# Build with root access # Build with root access
USER root USER root
ENV NODE_VERSION 16.13.1 ENV NODE_VERSION 16.15.0
ENV NODE_SHA256 3b4c47e5554fa466651a767691fc76c09b6a514b49d79bbd0061e549614adedf ENV NODE_SHA256 4db62cabc0647fc18f537ed10b5573f3c23ffb4d4434e40713e7e472f1ed4e55
ENV USER_UID 1001 ENV USER_UID 1001
RUN addgroup -g ${USER_UID} node \ RUN addgroup -g ${USER_UID} node \
@ -80,7 +80,7 @@ RUN addgroup -g ${USER_UID} node \
&& node --version \ && node --version \
&& npm --version && npm --version
ENV YARN_VERSION 1.22.17 ENV YARN_VERSION 1.22.18
RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
&& for key in \ && for key in \

12
Dockerfile.git Normal file
View File

@ -0,0 +1,12 @@
FROM cubetiq/calpine-node:latest
LABEL maintainer="sombochea@cubetiqs.com"
RUN apk update && apk add --no-cache git
COPY entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["entrypoint.sh"]
CMD [ "node" ]

View File

@ -1,4 +1,5 @@
DOCKER_IMAGE=cubetiq/calpine-node DOCKER_IMAGE=cubetiq/calpine-node
DOCKER_IMAGE_GIT=cubetiq/calpine-node-git
DOCKER_IMAGE_NAME=${DOCKER_IMAGE}:16 DOCKER_IMAGE_NAME=${DOCKER_IMAGE}:16
build: build:
@ -10,4 +11,10 @@ build:
docker push ${DOCKER_IMAGE} docker push ${DOCKER_IMAGE}
docker push ${DOCKER_IMAGE_NAME} docker push ${DOCKER_IMAGE_NAME}
@echo 'Starting docker build with git'
docker build -f Dockfile.git . -t ${DOCKER_IMAGE}
@echo 'Starting docker push with git'
docker push ${DOCKER_IMAGE_GIT}
.PHONY:build .PHONY:build

View File

@ -1,22 +1,26 @@
# CUBETIQ Alpine OS Linux with Nodejs 16 # CUBETIQ Alpine OS Linux with Nodejs 16
![Docker Image Size (latest by date)](https://img.shields.io/docker/image-size/cubetiq/calpine-node) ![Docker Image Size (latest by date)](https://img.shields.io/docker/image-size/cubetiq/calpine-node)
![Docker Pulls](https://img.shields.io/docker/pulls/cubetiq/calpine-node) ![Docker Pulls](https://img.shields.io/docker/pulls/cubetiq/calpine-node)
- CUBETIQ Alpine OS Linux (3.13.3) - CUBETIQ Alpine OS Linux
- Nodejs 16 (16.13.1) - Nodejs 16 (16.15.0)
- Yarn 1.22.17 - Yarn 1.22.18
# [Docker Hub](https://hub.docker.com/r/cubetiq/calpine-node) # [Docker Hub](https://hub.docker.com/r/cubetiq/calpine-node)
```shell ```shell
docker push cubetiq/calpine-node:latest docker push cubetiq/calpine-node:latest
``` ```
# Usage # Usage
```shell ```shell
docker run --rm -it cubetiq/calpine-node:latest /bin/sh docker run --rm -it cubetiq/calpine-node:latest /bin/sh
``` ```
# Example # Example
```Dockerfile ```Dockerfile
FROM cubetiq/calpine-node:latest FROM cubetiq/calpine-node:latest
LABEL maintainer="sombochea@cubetiqs.com" LABEL maintainer="sombochea@cubetiqs.com"
@ -31,9 +35,11 @@ CMD [ "node" , "index.js"]
``` ```
# Contributors # Contributors
- Sambo Chea <sombochea@cubetiqs.com> - Sambo Chea <sombochea@cubetiqs.com>
# License # License
```text ```text
MIT License MIT License
@ -55,4 +61,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECT OUT OF OR IN CONNECT
``` ```