From 2435317a2daab223d5f118f71eacd4023c528cfa Mon Sep 17 00:00:00 2001 From: hvle Date: Mon, 15 Jan 2024 12:56:23 +0100 Subject: [PATCH] feat(bats): construction de l'image via GitHub Actions (#1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(bats): construction de l'image via GitHub Actions * feat: worklow on changes * feat: push docker image * fix: image tag * fix: image tag * feat: docker linter * feat: scan de vulnérabilité * fix: container registry authentification * fix: security issues * Update bats/README.md Co-authored-by: hvle * feat(pipeline): trigger workflow on main branch * docs: MIT licence --------- Co-authored-by: Hong Viet Le Co-authored-by: Joseph Page --- .github/workflows/bats.yml | 78 ++++++++++++++++++++++++++++++++++++++ LICENSE | 21 ++++++++++ README.md | 2 +- bats/Dockerfile | 4 ++ bats/README.md | 10 +++++ 5 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/bats.yml create mode 100644 LICENSE create mode 100644 bats/Dockerfile create mode 100644 bats/README.md diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml new file mode 100644 index 0000000..a019df3 --- /dev/null +++ b/.github/workflows/bats.yml @@ -0,0 +1,78 @@ +--- +name: Build bats docker image +run-name: ${{ github.actor }} is building bats + +on: + push: + branches: [ "main" ] + paths: + - 'bats/**' + pull_request: + branches: [ "main" ] + paths: + - 'bats/**' + +env: + REGISTRY: ghcr.io + IMAGE_TAG: ${{ github.repository }}/bats:v1.10.0-curl + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.1 + + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push Docker image + uses: docker/build-push-action@v5.1.0 + with: + context: bats + push: true + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }} + + scan: + runs-on: ubuntu-latest + permissions: + contents: read + packages: read + needs: build + steps: + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }} + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + env: + TRIVY_USERNAME: ${{ github.actor }} + TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4.1.1 + - uses: docker/login-action@v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Dockerfile linting + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: bats/Dockerfile + ignore: DL3018 diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d016034 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2024 OCTO Technology + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 660bea4..befd18d 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -# Formation-DKADM \ No newline at end of file +# Docker images diff --git a/bats/Dockerfile b/bats/Dockerfile new file mode 100644 index 0000000..58880cc --- /dev/null +++ b/bats/Dockerfile @@ -0,0 +1,4 @@ +FROM bats/bats:v1.10.0 + +RUN apk update && apk upgrade --no-cache && \ + apk add --no-cache curl diff --git a/bats/README.md b/bats/README.md new file mode 100644 index 0000000..bd2e755 --- /dev/null +++ b/bats/README.md @@ -0,0 +1,10 @@ +# BATS + +## Pourquoi + +L'image précédemment utilisée `dduportal/bats:0.4.0` n'est plus disponible sur Docker Hub. + +## Références + +Cette image est utilisée dans les formations suivantes : +- 🦊 [GITLA](https://www.octo.academy/catalogue/formation/gitla-gitlab-ci-et-cd-gestion-des-sources-et-integration-continue-avec-gitlab/), repo : https://gitlab.com/octo-technology/octo-ops/gitlab-formation