tebarius/Docker-Flask-QR
1
0
Fork 0
mirror of https://github.com/tebarius/Docker-Flask-QR.git synced 2026-02-04 12:28:41 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: tebarius:1.5.1
Branches Tags
tebarius:master
tebarius:1.6.1 tebarius:1.6.0 tebarius:1.5.2 tebarius:1.5.1
..
compare: tebarius:1.6.1
Branches Tags
tebarius:master
tebarius:1.6.1 tebarius:1.6.0 tebarius:1.5.2 tebarius:1.5.1

3 Commits
1.5.1 ... 1.6.1

Author SHA1 Message Date
tebarius
59b5b9154e build image with restricted user and venv 2025-12-26 01:27:52 +01:00
tebarius
3244dfaf77 build image with restricted user and venv 2025-12-26 01:26:03 +01:00
tebarius
abbf38d860 trivy_image_scan.yml 2025-12-13 23:03:57 +01:00
4 changed files with 47 additions and 13 deletions
Expand all files Collapse all files

2
.gitea/workflows/create_and_push_multiarch_container.yml
View File

@@ -6,7 +6,7 @@ on:
image_tag: image_tag:
description: '2. Tag für das Docker-Image (außer latest) (z.B. v1.0.0)' description: '2. Tag für das Docker-Image (außer latest) (z.B. v1.0.0)'
required: true required: true
default: '1.5.0' default: '1.6.0'
env: env:
image_name_gitea: flask-qr image_name_gitea: flask-qr

28
.gitea/workflows/trivy_image_scan.yml Normal file
View File

@@ -0,0 +1,28 @@
name: release-tag
on:
workflow_dispatch: # Manuelles Auslösen des Workflows
inputs:
image_tag:
description: 'Tag für das zu scannende Docker-Image z.B. latest'
required: true
default: 'latest'
env:
image_name_gitea: flask-qr
registry_gitea: gitea.tebarius.duckdns.org
user: tebarius
jobs:
trivy_image_scan:
runs-on: ubuntu-latest
container: aquasec/trivy:latest
steps:
- name: Scan image with trivy
run: |
trivy image \
--exit-code 1 \
--scanners vuln,misconfig,secret \
--severity MEDIUM,HIGH,CRITICAL \
--ignore-unfixed \
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ github.event.inputs.image_tag }}

1
.gitignore vendored
View File

@@ -1 +1,2 @@
/venv/ /venv/
/.venv/

29
Dockerfile
View File

@@ -1,14 +1,13 @@
FROM python:3.13-slim FROM python:3.14-slim
LABEL authors="tebarius"
LABEL description="QR-Code-Generator-Server with Flask-App"
ARG TARGETPLATFORM ARG TARGETPLATFORM
ARG BUILDPLATFORM ARG BUILDPLATFORM
ENV PYTHONDONTWRITEBYTECODE=1
LABEL authors="tebarius" ENV PYTHONUNBUFFERED=1
LABEL version="1.5.0" ENV PATH="/qr-venv/bin:$PATH"
LABEL description="QR-Code-Generator-Server with Flask-App" ENV HTTP_METHOD=POST
WORKDIR /app
COPY ./app /app/
RUN apt-get update && \ RUN apt-get update && \
if [ "$TARGETPLATFORM" = "linux/arm/v7" ] || [ "$TARGETPLATFORM" = "linux/386" ]; then \ if [ "$TARGETPLATFORM" = "linux/arm/v7" ] || [ "$TARGETPLATFORM" = "linux/386" ]; then \
@@ -17,11 +16,17 @@ RUN apt-get update && \
apt-get clean && \ apt-get clean && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
RUN python -m pip install --upgrade pip WORKDIR /app
RUN pip install --no-cache-dir --trusted-host pypi.python.org -r requirements.txt COPY ./app /app/
RUN python -m venv /qr-venv \
&& python -m pip install --upgrade pip \
&& pip install --no-cache-dir -r requirements.txt \
&& useradd -m -u 1000 qr \
&& chown -R qr:qr /app
USER qr
EXPOSE 8002 EXPOSE 8002
ENV HTTP_METHOD=POST
CMD ["sh", "-c", "python ${HTTP_METHOD}-Flask-QR.py"] CMD ["sh", "-c", "python ${HTTP_METHOD}-Flask-QR.py"]