Skip to content

Merge branch 'SPSH-696' of https://github.com/dBildungsplattform/dbil… #4405

Merge branch 'SPSH-696' of https://github.com/dBildungsplattform/dbil…

Merge branch 'SPSH-696' of https://github.com/dBildungsplattform/dbil… #4405

Triggered via push July 16, 2024 10:56
Status Success
Total duration 43m 17s
Artifacts 2
branch_meta  /  branch_meta
0s
branch_meta / branch_meta
create_branch_identifier_for_deletion  /  convert_branch_name
create_branch_identifier_for_deletion / convert_branch_name
CodeQL  /  Analyze CodeQL
1m 52s
CodeQL / Analyze CodeQL
Linting  /  Nest Lint
1m 3s
Linting / Nest Lint
Tests and Sonarcloud  /  Tests and Sonarcloud
9m 35s
Tests and Sonarcloud / Tests and Sonarcloud
scan_helm  /  Kics Helm Chart Scan
30s
scan_helm / Kics Helm Chart Scan
Scheduled trivy scan of latest image  /  Trivy Scan
Scheduled trivy scan of latest image / Trivy Scan
create_branch_identifier  /  convert_branch_name
0s
create_branch_identifier / convert_branch_name
delete_namespace  /  create_keycloak_db_name
delete_namespace / create_keycloak_db_name
delete_namespace  /  create_spsh_app_db_name
delete_namespace / create_spsh_app_db_name
delete_namespace  /  create_ticket_nr_variable
delete_namespace / create_ticket_nr_variable
Publish image and scan with trivy  /  Publish image
1m 18s
Publish image and scan with trivy / Publish image
select_helm_version_generation_and_image_tag_generation
0s
select_helm_version_generation_and_image_tag_generation
delete_namespace  /  delete_namespace
delete_namespace / delete_namespace
Publish image and scan with trivy  /  pre_scan
0s
Publish image and scan with trivy / pre_scan
release_helm  /  release
15s
release_helm / release
delete_successful
0s
delete_successful
Publish image and scan with trivy  /  ...  /  Trivy Scan
29s
Publish image and scan with trivy / Trivy scan for uploaded image / Trivy Scan
deploy  /  ...  /  branch_meta
0s
deploy / create_ingress_prefix / branch_meta
deploy  /  ...  /  search_for_helm_tagname
2s
deploy / find_dbildungs_iam_server_helm_chart_tag / search_for_helm_tagname
deploy  /  ...  /  search_for_helm_tagname
5s
deploy / find_schulportal_client_helm_chart_tag / search_for_helm_tagname
deploy  /  ...  /  search_for_helm_tagname
16s
deploy / find_dbildungs_iam_keycloak_helm_chart_tag / search_for_helm_tagname
deploy  /  ...  /  search_for_helm_tagname
18s
deploy / find_dbildungs_iam_ldap_helm_chart_tag / search_for_helm_tagname
deploy  /  create_dbildungs_iam_keycloak_db_name
0s
deploy / create_dbildungs_iam_keycloak_db_name
deploy  /  create_dbildungs_iam_server_db_name
0s
deploy / create_dbildungs_iam_server_db_name
deploy  /  determine_playwright_branch
3s
deploy / determine_playwright_branch
deploy  /  ...  /  convert_branch_name
0s
deploy / create_lowercase_ingress_prefix / convert_branch_name
deploy  /  ...  /  run_playwright_end2end_tests
24m 6s
deploy / run_playwright_tests / run_playwright_end2end_tests
Fit to window
Zoom out
Zoom in

Annotations

1 error and 19 warnings
deploy / run_playwright_tests / run_playwright_end2end_tests
Process completed with exit code 1.
[MEDIUM] Container Running As Root: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L22
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/backend-deployment.yaml#L23
Check if containers are running with low UID, which might cause conflicts with the host's user table.
[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L34
Check if containers are running with low UID, which might cause conflicts with the host's user table.
[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/backend-deployment.yaml#L78
Check if containers are running with low UID, which might cause conflicts with the host's user table.
[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/backend-deployment.yaml#L23
Check if containers are running with low UID, which might cause conflicts with the host's user table.
[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/backend-deployment.yaml#L23
Check if containers are running with low UID, which might cause conflicts with the host's user table.
[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L38
Check if containers are running with low UID, which might cause conflicts with the host's user table.
[MEDIUM] NET_RAW Capabilities Not Being Dropped: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L22
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
[MEDIUM] Seccomp Profile Is Not Configured: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L38
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
[MEDIUM] Service Account Token Automount Not Disabled: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L20
Service Account Tokens are automatically mounted even if not necessary
release_helm / release
The following actions uses Node.js version which is deprecated and will be forced to run on node20: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
deploy / find_dbildungs_iam_server_helm_chart_tag / search_for_helm_tagname
The following actions uses Node.js version which is deprecated and will be forced to run on node20: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
deploy / find_schulportal_client_helm_chart_tag / search_for_helm_tagname
The following actions uses Node.js version which is deprecated and will be forced to run on node20: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
deploy / find_dbildungs_iam_keycloak_helm_chart_tag / search_for_helm_tagname
The following actions uses Node.js version which is deprecated and will be forced to run on node20: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
deploy / find_dbildungs_iam_ldap_helm_chart_tag / search_for_helm_tagname
The following actions uses Node.js version which is deprecated and will be forced to run on node20: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
deploy / run_playwright_tests / run_playwright_end2end_tests
The following actions uses Node.js version which is deprecated and will be forced to run on node20: actions/checkout@v3, actions/setup-node@v3, actions/upload-artifact@v3. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
Deprecation notice: v1, v2, and v3 of the artifact actions
The following artifacts were uploaded using a version of actions/upload-artifact that is scheduled for deprecation: "playwright-report". Please update your workflow to use v4 of the artifact actions. Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/

Artifacts

Produced during runtime
Name Size
playwright-report Expired
679 KB
test-artifacts Expired
1.06 MB