From c690cdb41c9cc0555b82eef37ed9c4c6acfc375b Mon Sep 17 00:00:00 2001 From: simoncolincap Date: Wed, 5 Jul 2023 09:46:51 +0200 Subject: [PATCH 1/6] DBP-190 Initial commit with Dockerfile and Github actions --- .github/workflows/build-and-push-on-tag.yaml | 26 +++++++++++++++++++ .github/workflows/moodle-to-ghcr-on-push.yaml | 16 ++++++++++++ .github/workflows/trivy-cron.yaml | 16 ++++++++++++ Dockerfile | 2 ++ 4 files changed, 60 insertions(+) create mode 100644 .github/workflows/build-and-push-on-tag.yaml create mode 100644 .github/workflows/moodle-to-ghcr-on-push.yaml create mode 100644 .github/workflows/trivy-cron.yaml create mode 100644 Dockerfile diff --git a/.github/workflows/build-and-push-on-tag.yaml b/.github/workflows/build-and-push-on-tag.yaml new file mode 100644 index 0000000..a97b0c9 --- /dev/null +++ b/.github/workflows/build-and-push-on-tag.yaml @@ -0,0 +1,26 @@ +--- +name: Build and push Docker Image on Tag + +on: + push: + tags: + - '[0-9]+.[0-9]+.[0-9]' +jobs: + pre_build: + runs-on: ubuntu-latest + outputs: + tag: ${{ steps.tag.outputs.tag }} + suffix: ${{ steps.tag.outputs.suffix }} + steps: + - name: Filter Tag name + uses: olegtarasov/get-tag@v2.1 + id: tag + with: + tagRegex: "(?[0-9]+.[0-9]+.[0-9]+)" + build_and_push: + needs: pre_build + uses: hpi-schul-cloud/infra-tools/.github/workflows/build-and-push.yaml@master + with: + registry: ghcr.io + image: dbildungsplattform/etherpad + tag: ${{ needs.pre_build.outputs.tag }} diff --git a/.github/workflows/moodle-to-ghcr-on-push.yaml b/.github/workflows/moodle-to-ghcr-on-push.yaml new file mode 100644 index 0000000..6374027 --- /dev/null +++ b/.github/workflows/moodle-to-ghcr-on-push.yaml @@ -0,0 +1,16 @@ +--- +name: Etherpad Docker Image on Push to GHCR + +on: + push: + branches-ignore: + - master + +jobs: + build_image_on_push: + permissions: + packages: write + security-events: write + uses: hpi-schul-cloud/infra-tools/.github/workflows/imagetoghcr-on-push.yaml@master + with: + image_name: "moodle" diff --git a/.github/workflows/trivy-cron.yaml b/.github/workflows/trivy-cron.yaml new file mode 100644 index 0000000..e288322 --- /dev/null +++ b/.github/workflows/trivy-cron.yaml @@ -0,0 +1,16 @@ +--- +name: Docker Image Trivy Image Vulnerability Scan Cron Job +on: + schedule: + + - cron: '0 2 * * *' +permissions: + # security-events required for all workflows; action, contents only required for workflows in private repositories + security-events: write + actions: read + contents: read +jobs: + trivy_image_scan_cron: + uses: hpi-schul-cloud/infra-tools/.github/workflows/trivy-scan.yaml@master + with: + image-ref: 'ghcr.io/dbildungsplattform/etherpad:latest' diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..f72e7c3 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,2 @@ +FROM etherpad/etherpad:1.8.18 +RUN npm install --no-save --legacy-peer-deps ep_mathjax From f87eb90ad5d4d0d171cc8f2caf3c307747ae60e2 Mon Sep 17 00:00:00 2001 From: simoncolincap Date: Wed, 5 Jul 2023 09:49:13 +0200 Subject: [PATCH 2/6] DBP-190 Added additional number to version number --- .github/workflows/build-and-push-on-tag.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-push-on-tag.yaml b/.github/workflows/build-and-push-on-tag.yaml index a97b0c9..1fb196a 100644 --- a/.github/workflows/build-and-push-on-tag.yaml +++ b/.github/workflows/build-and-push-on-tag.yaml @@ -4,7 +4,7 @@ name: Build and push Docker Image on Tag on: push: tags: - - '[0-9]+.[0-9]+.[0-9]' + - '[0-9]+.[0-9]+.[0-9].[0-9]+' jobs: pre_build: runs-on: ubuntu-latest @@ -16,7 +16,7 @@ jobs: uses: olegtarasov/get-tag@v2.1 id: tag with: - tagRegex: "(?[0-9]+.[0-9]+.[0-9]+)" + tagRegex: "(?[0-9]+.[0-9]+.[0-9]+.[0-9]+)" build_and_push: needs: pre_build uses: hpi-schul-cloud/infra-tools/.github/workflows/build-and-push.yaml@master From 615152dd459bd22a8625890a02d1ffa242c3e7a2 Mon Sep 17 00:00:00 2001 From: simoncolincap Date: Wed, 5 Jul 2023 09:53:20 +0200 Subject: [PATCH 3/6] DBP-190 Added permissions to etherpad to ghcr workflow --- ...oodle-to-ghcr-on-push.yaml => etherpad-to-ghcr-on-push.yaml} | 2 ++ 1 file changed, 2 insertions(+) rename .github/workflows/{moodle-to-ghcr-on-push.yaml => etherpad-to-ghcr-on-push.yaml} (88%) diff --git a/.github/workflows/moodle-to-ghcr-on-push.yaml b/.github/workflows/etherpad-to-ghcr-on-push.yaml similarity index 88% rename from .github/workflows/moodle-to-ghcr-on-push.yaml rename to .github/workflows/etherpad-to-ghcr-on-push.yaml index 6374027..999bd0a 100644 --- a/.github/workflows/moodle-to-ghcr-on-push.yaml +++ b/.github/workflows/etherpad-to-ghcr-on-push.yaml @@ -9,6 +9,8 @@ on: jobs: build_image_on_push: permissions: + actions: read + contents: read packages: write security-events: write uses: hpi-schul-cloud/infra-tools/.github/workflows/imagetoghcr-on-push.yaml@master From a504519723ba2f38b4b9b344c819dd03805b0c4b Mon Sep 17 00:00:00 2001 From: simoncolincap Date: Wed, 5 Jul 2023 10:48:33 +0200 Subject: [PATCH 4/6] DBP-190 Removed leftover Moodle --- .github/workflows/etherpad-to-ghcr-on-push.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/etherpad-to-ghcr-on-push.yaml b/.github/workflows/etherpad-to-ghcr-on-push.yaml index 999bd0a..accfe81 100644 --- a/.github/workflows/etherpad-to-ghcr-on-push.yaml +++ b/.github/workflows/etherpad-to-ghcr-on-push.yaml @@ -15,4 +15,4 @@ jobs: security-events: write uses: hpi-schul-cloud/infra-tools/.github/workflows/imagetoghcr-on-push.yaml@master with: - image_name: "moodle" + image_name: "etherpad" From d55b9c384667eedcbccc2828969d16e73be8fd2d Mon Sep 17 00:00:00 2001 From: simoncolincap Date: Fri, 7 Jul 2023 08:43:12 +0200 Subject: [PATCH 5/6] DBP-190 forgot + --- .github/workflows/build-and-push-on-tag.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-push-on-tag.yaml b/.github/workflows/build-and-push-on-tag.yaml index 1fb196a..5404bdf 100644 --- a/.github/workflows/build-and-push-on-tag.yaml +++ b/.github/workflows/build-and-push-on-tag.yaml @@ -4,7 +4,7 @@ name: Build and push Docker Image on Tag on: push: tags: - - '[0-9]+.[0-9]+.[0-9].[0-9]+' + - '[0-9]+.[0-9]+.[0-9]+.[0-9]+' jobs: pre_build: runs-on: ubuntu-latest From 9e9e138320172f597203d7e850d6793fa2a81d5d Mon Sep 17 00:00:00 2001 From: simoncolincap Date: Fri, 7 Jul 2023 08:47:13 +0200 Subject: [PATCH 6/6] DBP-190 Added suffix --- .github/workflows/build-and-push-on-tag.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-push-on-tag.yaml b/.github/workflows/build-and-push-on-tag.yaml index 5404bdf..d9a7500 100644 --- a/.github/workflows/build-and-push-on-tag.yaml +++ b/.github/workflows/build-and-push-on-tag.yaml @@ -16,7 +16,7 @@ jobs: uses: olegtarasov/get-tag@v2.1 id: tag with: - tagRegex: "(?[0-9]+.[0-9]+.[0-9]+.[0-9]+)" + tagRegex: "(?[0-9]+.[0-9]+.[0-9]+)(?.[0-9]+)" build_and_push: needs: pre_build uses: hpi-schul-cloud/infra-tools/.github/workflows/build-and-push.yaml@master @@ -24,3 +24,4 @@ jobs: registry: ghcr.io image: dbildungsplattform/etherpad tag: ${{ needs.pre_build.outputs.tag }} + suffix: ${{ needs.pre_build.outputs.suffix }}