add apt upgrade to Dockerfile

remove unnecessary venv
rework workflows
2026-02-04 23:20:37 +01:00 · 2026-02-04 22:24:30 +01:00 · 2026-01-18 19:32:57 +01:00 · 2026-01-17 16:20:19 +01:00 · 2025-12-26 01:27:52 +01:00 · 2025-12-26 01:26:03 +01:00
4 changed files with 55 additions and 15 deletions
--- a/.gitea/workflows/create_and_push_multiarch_container.yml
+++ b/.gitea/workflows/create_and_push_multiarch_container.yml
@@ -1,4 +1,5 @@
-name: release-tag
+name: build-image
+run-name: build and push Docker-Image

 on:
  workflow_dispatch: # Manuelles Auslösen des Workflows
@@ -6,7 +7,7 @@ on:
      image_tag:
        description: '2. Tag für das Docker-Image (außer latest) (z.B. v1.0.0)'
        required: true
-        default: '1.5.0'
+        default: '1.6.0'

 env:
  image_name_gitea: flask-qr
@@ -18,7 +19,7 @@ env:

 jobs:
  release-image:
-    runs-on: ubuntu-latest
+    runs-on: build-ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
--- a/.gitea/workflows/trivy_image_scan.yml
+++ b/.gitea/workflows/trivy_image_scan.yml
@@ -0,0 +1,34 @@
+name: trivy-scan-image
+run-name: Trivy - Scan Docker Image
+
+on:
+  workflow_dispatch: # Manuelles Auslösen des Workflows
+    inputs:
+      image_tag:
+        description: 'Tag für das zu scannende Docker-Image z.B. latest'
+        required: true
+        default: 'latest'
+  schedule:
+    - cron: '30 1 * * 5'
+
+env:
+  image_name_gitea: flask-qr
+  image_tag: ${{ github.event.inputs.image_tag || 'latest' }}
+  registry_gitea: gitea.tebarius.duckdns.org
+  user: tebarius
+
+jobs:
+  trivy_image_scan:
+    runs-on: ubuntu-latest
+    container: aquasec/trivy:latest
+    steps:
+      - name: Scan image with trivy
+        run: |
+          trivy image \
+          --username ${{ env.user }} \
+          --password ${{ secrets.DOCKER_PULL_TOKEN }} \
+          --exit-code 1 \
+          --scanners vuln,misconfig,secret \
+          --severity MEDIUM,HIGH,CRITICAL \
+          --ignore-unfixed \
+          ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name_gitea }}:${{ env.image_tag }}
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /venv/
+/.venv/
--- a/28
+++ b/28
@@ -1,27 +1,31 @@
-FROM python:3.13-slim
+FROM python:3.14-slim
+LABEL authors="tebarius"
+LABEL description="QR-Code-Generator-Server with Flask-App"

 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
-
-LABEL authors="tebarius"
-LABEL version="1.5.0"
-LABEL description="QR-Code-Generator-Server with Flask-App"
-
-WORKDIR /app
-COPY ./app /app/
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+ENV HTTP_METHOD=POST

 RUN apt-get update && \
    if [ "$TARGETPLATFORM" = "linux/arm/v7" ] || [ "$TARGETPLATFORM" = "linux/386" ]; then \
        apt-get install -y --no-install-recommends zlib1g-dev libjpeg-dev gcc; \
    fi && \
+    apt-get upgrade -y &&\
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

-RUN python -m pip install --upgrade pip
-RUN pip install --no-cache-dir --trusted-host pypi.python.org -r requirements.txt
+WORKDIR /app
+COPY ./app /app/
+
+RUN python -m pip install --upgrade pip \
+    && pip install --no-cache-dir -r requirements.txt \
+    && useradd -m -u 1000 qr \
+    && chown -R qr:qr /app
+
+USER qr

 EXPOSE 8002

-ENV HTTP_METHOD=POST
-
 CMD ["sh", "-c", "python ${HTTP_METHOD}-Flask-QR.py"]
Author	SHA1	Message	Date
tebarius	5053791991	add apt upgrade to Dockerfile Some checks failed trivy-scan-image / trivy_image_scan (push) Failing after 30s Details	2026-02-04 23:20:37 +01:00
tebarius	794bc5cb97	remove unnecessary venv	2026-02-04 22:24:30 +01:00
tebarius	2a5b133ba7	rework workflows Some checks failed trivy-scan-image / trivy_image_scan (push) Failing after 31s Details	2026-01-18 19:32:57 +01:00
tebarius	05615dc813	rework display-names for workflows	2026-01-17 16:20:19 +01:00
tebarius	59b5b9154e	build image with restricted user and venv	2025-12-26 01:27:52 +01:00
tebarius	3244dfaf77	build image with restricted user and venv	2025-12-26 01:26:03 +01:00
tebarius	abbf38d860	trivy_image_scan.yml	2025-12-13 23:03:57 +01:00