tebarius/Mysteryhelfer-web
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: tebarius:1.0.0
Branches Tags
tebarius:main
tebarius:1.1.3 tebarius:1.1.2 tebarius:1.1.1 tebarius:1.1.0 tebarius:1.0.1 tebarius:1.0.0 tebarius:0.8.1 tebarius:0.8.0 tebarius:0.7.3 tebarius:0.7.2 tebarius:0.7.1 tebarius:0.7.0 tebarius:0.6.1 tebarius:0.6.0 tebarius:0.5.0 tebarius:0.4.0
...
compare: tebarius:1.1.3
Branches Tags
tebarius:main
tebarius:1.1.3 tebarius:1.1.2 tebarius:1.1.1 tebarius:1.1.0 tebarius:1.0.1 tebarius:1.0.0 tebarius:0.8.1 tebarius:0.8.0 tebarius:0.7.3 tebarius:0.7.2 tebarius:0.7.1 tebarius:0.7.0 tebarius:0.6.1 tebarius:0.6.0 tebarius:0.5.0 tebarius:0.4.0

11 Commits
1.0.0 ... 1.1.3

Author SHA1 Message Date
Martin Kayser
a0378bad9c .gitea/workflows/create_and_push_multiarch_container.yml aktualisiert
All checks were successful
build-image / release-image (push) Successful in 8m25s
Details
build-image / telegram-notify (push) Successful in 2s
Details
2026-03-20 19:26:42 +01:00
tebarius
fcd1ee55a8 revert pandas to 2.3.2 for streamlit
Some checks failed
trivy-scan-image / trivy_image_scan (push) Failing after 1m33s
Details
trivy-scan-image / telegram-notify (push) Successful in 1s
Details
build-image / release-image (push) Successful in 8m44s
Details
2026-03-13 18:24:31 +01:00
tebarius
fc0244cc22 update requirements.txt
Some checks failed
build-image / release-image (push) Failing after 51s
Details
2026-03-13 18:20:07 +01:00
tebarius
f29fb3ae44 build and push when tag is set 2026-03-13 18:11:52 +01:00
tebarius
96dbea735c add telegram_bot
Some checks failed
trivy-scan-image / trivy_image_scan (push) Failing after 1m16s
Details
trivy-scan-image / telegram-notify (push) Successful in 2s
Details
2026-02-22 20:50:41 +01:00
tebarius
8a3e9956e9 scan only for high and critical 2026-02-21 11:11:00 +01:00
tebarius
6126680562 image-scan for all build-platforms
Some checks failed
trivy-scan-image / trivy_image_scan (push) Failing after 1m17s
Details 
agt-get upgrade in Dockerfile
 2026-02-15 14:57:30 +01:00
tebarius
4e8ac6f21a image-scan for all build-platforms 
agt-get upgrade in Dockerfile
 2026-02-15 14:56:46 +01:00
tebarius
88f44174e5 pump dependencies and remove unnecessary venv
Some checks failed
trivy-scan-image / trivy_image_scan (push) Failing after 1m11s
Details
2026-02-04 21:40:01 +01:00
tebarius
e27b9d95ff rework workflows
Some checks failed
trivy-scan-image / trivy_image_scan (push) Failing after 1m31s
Details
2026-01-18 20:10:12 +01:00
tebarius
539af3dad2 rework display-names for workflows 2026-01-17 16:18:42 +01:00
4 changed files with 85 additions and 22 deletions
Expand all files Collapse all files

45
.gitea/workflows/create_and_push_multiarch_container.yml
View File

@@ -1,12 +1,10 @@
name: release-tag name: build-image
run-name: build and push Docker-Image with tag:${{ github.ref_name }}
on: on:
workflow_dispatch: # Manuelles Auslösen des Workflows push:
inputs: tags:
image_tag: - "*"
description: '2. Tag für das Docker-Image (außer latest) (z.B. v1.0.0)'
required: true
default: '1.0.0'
env: env:
image_name: mysteryhelfer image_name: mysteryhelfer
@@ -15,7 +13,7 @@ env:
jobs: jobs:
release-image: release-image:
runs-on: ubuntu-latest runs-on: build-ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
@@ -46,7 +44,34 @@ jobs:
--file ./Dockerfile \ --file ./Dockerfile \
--platform linux/amd64,linux/arm64 \ --platform linux/amd64,linux/arm64 \
--tag ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:latest \ --tag ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:latest \
--tag ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }} \ --tag ${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ github.ref_name }} \
--tag ${{ env.user }}/${{ env.image_name }}:latest \ --tag ${{ env.user }}/${{ env.image_name }}:latest \
--tag ${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }} \ --tag ${{ env.user }}/${{ env.image_name }}:${{ github.ref_name }} \
--push ./ --push ./
telegram-notify:
needs: release-image
if: always()
runs-on: ubuntu-latest
steps:
- name: Telegram Alert
run: |
case "${{ needs.release-image.result }}" in
"success") EMOJI="✅"; MSG="OK" ;;
"failure") EMOJI="❌"; MSG="WARN!" ;;
"cancelled") EMOJI="⏹️"; MSG="Canceled" ;;
*) EMOJI="❓"; MSG="Unknown-State: ${{ needs.release-image.result }}" ;;
esac
curl -s -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-H 'Content-Type: application/json' \
-d "{
\"chat_id\": \"${{ secrets.TELEGRAM_CHAT_ID }}\",
\"parse_mode\": \"HTML\",
\"text\":
\"$EMOJI <b>$MSG - Build ${{ env.image_name }}:${{ github.ref_name }}</b>
<i>$(date +"%Y-%m-%d %T")</i>
Build of Image: <b><i>${{ env.image_name }}:${{ github.ref_name }}</i></b>
${{ gitea.server_url }}/${{ gitea.repository }}
\"
}"

49
.gitea/workflows/trivy_image_scan.yml
View File

@@ -1,4 +1,5 @@
name: release-tag name: trivy-scan-image
run-name: Trivy - Scan Docker Image
on: on:
workflow_dispatch: # Manuelles Auslösen des Workflows workflow_dispatch: # Manuelles Auslösen des Workflows
@@ -7,9 +8,12 @@ on:
description: 'Tag für das zu scannende Docker-Image z.B. latest' description: 'Tag für das zu scannende Docker-Image z.B. latest'
required: true required: true
default: 'latest' default: 'latest'
schedule:
- cron: '45 1 * * 5'
env: env:
image_name: mysteryhelfer image_name: mysteryhelfer
image_tag: ${{ github.event.inputs.image_tag || 'latest' }}
registry_gitea: gitea.tebarius.duckdns.org registry_gitea: gitea.tebarius.duckdns.org
user: tebarius user: tebarius
@@ -18,11 +22,48 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: aquasec/trivy:latest container: aquasec/trivy:latest
steps: steps:
- name: Scan image with trivy - name: Scan linux/amd64-image
run: | run: |
trivy image \ trivy image \
--exit-code 1 \ --exit-code 1 \
--scanners vuln,misconfig,secret \ --scanners vuln,misconfig,secret \
--severity MEDIUM,HIGH,CRITICAL \ --severity HIGH,CRITICAL \
--ignore-unfixed \ --ignore-unfixed \
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ github.event.inputs.image_tag }} --platform linux/amd64 \
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
- name: Scan linux/arm64-image
run: |
trivy image \
--exit-code 1 \
--scanners vuln,misconfig,secret \
--severity HIGH,CRITICAL \
--ignore-unfixed \
--platform linux/arm64 \
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
telegram-notify:
needs: trivy_image_scan
if: always()
runs-on: ubuntu-latest
steps:
- name: Telegram Alert
run: |
case "${{ needs.trivy_image_scan.result }}" in
"success") EMOJI="✅"; MSG="OK" ;;
"failure") EMOJI="❌"; MSG="WARN!" ;;
"cancelled") EMOJI="⏹️"; MSG="Canceled" ;;
*) EMOJI="❓"; MSG="Unknown-State: ${{ needs.trivy_image_scan.result }}" ;;
esac
curl -s -X POST "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
-H 'Content-Type: application/json' \
-d "{
\"chat_id\": \"${{ secrets.TELEGRAM_CHAT_ID }}\",
\"parse_mode\": \"HTML\",
\"text\":
\"$EMOJI <b>$MSG - Scan ${{ env.image_name }}:${{ env.image_tag }}</b>
<i>$(date +"%Y-%m-%d %T")</i>
Trivy-Image-Scan of: <b><i>${{ env.image_name }}:${{ env.image_tag }}</i></b>
${{ gitea.server_url }}/${{ gitea.repository }}
\"
}"

13
Dockerfile
View File

@@ -1,16 +1,14 @@
# Copyright (c) 2025 Martin Kayser (tebarius) # Copyright (c) 2025 Martin Kayser (tebarius)
# Licensed under the MIT License. See LICENSE file in the project root. # Licensed under the MIT License. See LICENSE file in the project root.
ARG PYTHON_VERSION="3.14" FROM python:3.14-slim
FROM python:${PYTHON_VERSION}-slim
LABEL authors="tebarius" LABEL authors="tebarius"
LABEL description="tebarius Mysteryhelfer web" LABEL description="tebarius Mysteryhelfer web"
ARG PYTHON_VERSION
ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1 ENV PYTHONUNBUFFERED=1
ENV PATH="/myst-venv/bin:$PATH"
RUN apt-get update \ RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y --no-install-recommends curl \ && apt-get install -y --no-install-recommends curl \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
@@ -18,17 +16,16 @@ RUN apt-get update \
WORKDIR /app WORKDIR /app
COPY requirements.txt . COPY requirements.txt .
RUN python -m venv /myst-venv \ RUN python -m pip install --upgrade pip \
&& python -m pip install --upgrade pip \
&& pip install --no-cache-dir -r requirements.txt && pip install --no-cache-dir -r requirements.txt
COPY ./app /app COPY ./app /app
# ein bisschen Patchen um auch beim Bookmarken oder Versenden der Webadresse per Messenger den richtigen Titel und das # ein bisschen Patchen um auch beim Bookmarken oder Versenden der Webadresse per Messenger den richtigen Titel und das
# richtige Favicon zu verwenden/sehen # richtige Favicon zu verwenden/sehen
COPY ./app/images/favicon.ico /myst-venv/lib/python${PYTHON_VERSION}/site-packages/streamlit/static/favicon.ico COPY ./app/images/favicon.ico /usr/local/lib/python3.14/site-packages/streamlit/static/favicon.ico
RUN sed -i -e 's|favicon\.png|favicon.ico|' \ RUN sed -i -e 's|favicon\.png|favicon.ico|' \
-e 's|<title>.*</title>|<title>tebarius Mysteryhelfer (web)</title>|' \ -e 's|<title>.*</title>|<title>tebarius Mysteryhelfer (web)</title>|' \
/myst-venv/lib/python${PYTHON_VERSION}/site-packages/streamlit/static/index.html \ /usr/local/lib/python3.14/site-packages/streamlit/static/index.html \
&& useradd -m -u 1000 myst \ && useradd -m -u 1000 myst \
&& chown -R myst:myst /app && chown -R myst:myst /app
USER myst USER myst

BIN
requirements.txt
View File

Binary file not shown.