Compare commits
4 Commits
f21c8cd66d
...
0.3.3
| Author | SHA1 | Date | |
|---|---|---|---|
| d68f660595 | |||
| ac40105449 | |||
| 49679e8c93 | |||
| 39e65f675b |
@@ -16,7 +16,7 @@ env:
|
||||
|
||||
jobs:
|
||||
release-image:
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: build-ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
|
||||
@@ -22,7 +22,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
container: aquasec/trivy:latest
|
||||
steps:
|
||||
- name: Scan image with trivy
|
||||
- name: Scan linux/amd64-image
|
||||
run: |
|
||||
trivy image \
|
||||
--username ${{ env.user }} \
|
||||
@@ -31,4 +31,38 @@ jobs:
|
||||
--scanners vuln,misconfig,secret \
|
||||
--severity HIGH,CRITICAL \
|
||||
--ignore-unfixed \
|
||||
--platform linux/amd64 \
|
||||
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
|
||||
- name: Scan linux/386-image
|
||||
run: |
|
||||
trivy image \
|
||||
--username ${{ env.user }} \
|
||||
--password ${{ secrets.DOCKER_PULL_TOKEN }} \
|
||||
--exit-code 1 \
|
||||
--scanners vuln,misconfig,secret \
|
||||
--severity HIGH,CRITICAL \
|
||||
--ignore-unfixed \
|
||||
--platform linux/386 \
|
||||
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
|
||||
- name: Scan linux/arm64-image
|
||||
run: |
|
||||
trivy image \
|
||||
--username ${{ env.user }} \
|
||||
--password ${{ secrets.DOCKER_PULL_TOKEN }} \
|
||||
--exit-code 1 \
|
||||
--scanners vuln,misconfig,secret \
|
||||
--severity HIGH,CRITICAL \
|
||||
--ignore-unfixed \
|
||||
--platform linux/arm64 \
|
||||
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
|
||||
- name: Scan linux/arm/v7-image
|
||||
run: |
|
||||
trivy image \
|
||||
--username ${{ env.user }} \
|
||||
--password ${{ secrets.DOCKER_PULL_TOKEN }} \
|
||||
--exit-code 1 \
|
||||
--scanners vuln,misconfig,secret \
|
||||
--severity HIGH,CRITICAL \
|
||||
--ignore-unfixed \
|
||||
--platform linux/arm/v7 \
|
||||
${{ env.registry_gitea }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
|
||||
|
||||
@@ -7,10 +7,10 @@ LABEL authors="tebarius"
|
||||
LABEL description="netdata-DocRudi"
|
||||
ENV PYTHONDONTWRITEBYTECODE=1
|
||||
ENV PYTHONUNBUFFERED=1
|
||||
ENV PATH="/rudi-venv/bin:$PATH"
|
||||
ENV SERVER_PORT=19998
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get upgrade -y && \
|
||||
if [ "$TARGETPLATFORM" = "linux/arm/v7" ] || [ "$TARGETPLATFORM" = "linux/386" ]; then \
|
||||
apt-get install -y --no-install-recommends zlib1g-dev libjpeg-dev gcc; \
|
||||
fi && \
|
||||
@@ -21,8 +21,7 @@ WORKDIR /app
|
||||
COPY ./app /app/
|
||||
|
||||
|
||||
RUN python -m venv /rudi-venv \
|
||||
&& python -m pip install --upgrade pip \
|
||||
RUN python -m pip install --upgrade pip \
|
||||
&& pip install --no-cache-dir -r requirements.txt \
|
||||
&& useradd -m -u 1000 rudi \
|
||||
&& chown -R rudi:rudi /app
|
||||
|
||||
Reference in New Issue
Block a user