Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

7 add CVE check to ci #8

Merged
merged 25 commits into from
Jun 3, 2024
Merged

7 add CVE check to ci #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
63b080c
chore: Add Trivy vulnerability scanner to build-docker job
Nayrode Jun 3, 2024
60f49a8
test de changer de distrib
Nayrode Jun 3, 2024
a7d71ca
chore: Update Trivy vulnerability scanner configuration
Nayrode Jun 3, 2024
3dca30e
test github summary
Nayrode Jun 3, 2024
4a58ea5
chore: Update Trivy vulnerability scanner configuration
Nayrode Jun 3, 2024
f631622
chore: Update Trivy vulnerability scanner configuration
Nayrode Jun 3, 2024
79708c9
chore: Update Trivy vulnerability scanner configuration
Nayrode Jun 3, 2024
fa12bc4
chore: Update Trivy vulnerability scanner configuration
Nayrode Jun 3, 2024
9919918
chore: Update Trivy vulnerability scanner configuration
Nayrode Jun 3, 2024
81b4c23
chore: Update Trivy vulnerability scanner configuration to use action…
Nayrode Jun 3, 2024
aa91b9c
chore: Update Trivy vulnerability scanner configuration to use action…
Nayrode Jun 3, 2024
2e468e0
chore: Update Dockerfile to fix Gradle assemble command
Nayrode Jun 3, 2024
3f595ef
chore: Update Trivy vulnerability scanner configuration to include OS…
Nayrode Jun 3, 2024
a94e374
test cve avec l'ancienne image
Nayrode Jun 3, 2024
3cf8421
chore: Update Trivy vulnerability scanner configuration to use 'githu…
Nayrode Jun 3, 2024
062c9e9
chore: Update Trivy vulnerability scanner configuration to use 'templ…
Nayrode Jun 3, 2024
187412d
chore: Update Trivy vulnerability scanner configuration to use 'templ…
Nayrode Jun 3, 2024
c44a14d
chore: Update Dockerfile to fix Gradle assemble command and use lates…
Nayrode Jun 3, 2024
84a7006
chore: Update Trivy vulnerability scanner configuration to use latest…
Nayrode Jun 3, 2024
75058f6
chore: Update Trivy vulnerability scanner configuration to use correc…
Nayrode Jun 3, 2024
8465983
chore: Update Trivy vulnerability scanner configuration to use $DOCKE…
Nayrode Jun 3, 2024
3fb3bac
chore: Update Trivy vulnerability scanner configuration to use latest…
Nayrode Jun 3, 2024
306df24
chore: Remove unnecessary 'needs' step from lint-gradle-project job
Nayrode Jun 3, 2024
edc489a
chore: Update Docker Buildx action to version 4
Nayrode Jun 3, 2024
3e04355
chore: Update Docker Buildx action to version 3
Nayrode Jun 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 19 additions & 3 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ jobs:

lint-gradle-project:
runs-on: ubuntu-latest

steps:
- name: Checkout project source
uses: actions/checkout@v4
Expand Down Expand Up @@ -48,7 +47,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub
uses: docker/login-action@v3
Expand All @@ -62,5 +61,22 @@ jobs:
push: true
tags: ${{ vars.DOCKER_IMAGE_NAME }}:latest

cve-check:
runs-on: ubuntu-latest
needs: build-docker

needs: lint-gradle-project
steps:
- run: curl https://raw.githubusercontent.com/aquasecurity/trivy/7735ec432a83d5446d13a593ab3b27dd02649ca1/contrib/markdown.tpl -o markdown.tpl
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: ${{ vars.DOCKER_IMAGE_NAME }}:latest
format: 'template'
template: '@markdown.tpl'
output: trivy.md
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
- run: cat trivy.md >> $GITHUB_STEP_SUMMARY
if: always()
4 changes: 2 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
FROM gradle:latest AS build
WORKDIR /app
COPY . .
RUN ./gradlew assemble
RUN ./gradlew assemble --no-daemon

FROM openjdk:17-jdk-slim AS runtime
FROM openjdk:23-slim-bookworm AS runtime
COPY --from=build /app/build/libs/ctcd-0.0.1-SNAPSHOT.jar /app/ctcd-0.0.1-SNAPSHOT.jar
ENTRYPOINT ["java", "-jar", "/app/ctcd-0.0.1-SNAPSHOT.jar"]