From 7f41b9cd6d314190ef9b77527318c8154f688166 Mon Sep 17 00:00:00 2001 From: Hong Viet Le Date: Tue, 26 Dec 2023 11:22:07 +0100 Subject: [PATCH 01/12] feat(bats): construction de l'image via GitHub Actions --- .github/workflows/bats.yml | 40 ++++++++++++++++++++++++++++++++++++++ README.md | 2 +- bats/Dockerfile | 3 +++ bats/README.md | 5 +++++ 4 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/bats.yml create mode 100644 bats/Dockerfile create mode 100644 bats/README.md diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml new file mode 100644 index 0000000..9ce5213 --- /dev/null +++ b/.github/workflows/bats.yml @@ -0,0 +1,40 @@ +--- +name: Build bats docker image +run-name: ${{ github.actor }} is flying to infinity and beyond 🚀 + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}/bats + IMAGE_TAG: v1.10.0-curl + +jobs: + build-and-push-docker-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.1 + + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push Docker image + uses: docker/build-push-action@v5.1.0 + with: + context: bats + push: false + tags: ${{ env.IMAGE_TAG }} diff --git a/README.md b/README.md index 660bea4..befd18d 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -# Formation-DKADM \ No newline at end of file +# Docker images diff --git a/bats/Dockerfile b/bats/Dockerfile new file mode 100644 index 0000000..406090f --- /dev/null +++ b/bats/Dockerfile @@ -0,0 +1,3 @@ +FROM bats/bats:v1.10.0 + +RUN apk add --no-cache curl diff --git a/bats/README.md b/bats/README.md new file mode 100644 index 0000000..66d2ca4 --- /dev/null +++ b/bats/README.md @@ -0,0 +1,5 @@ +# BATS + +## Pourquoi + +L'image précédemment utilisée `dduportal/bats:0.4.0` n'est plus disponible sur Docker Hub. From 99f928d188187642660ac4f56b3a19c237051f1e Mon Sep 17 00:00:00 2001 From: Hong Viet Le Date: Tue, 26 Dec 2023 11:29:16 +0100 Subject: [PATCH 02/12] feat: worklow on changes --- .github/workflows/bats.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml index 9ce5213..e5a6ec4 100644 --- a/.github/workflows/bats.yml +++ b/.github/workflows/bats.yml @@ -1,12 +1,12 @@ --- name: Build bats docker image -run-name: ${{ github.actor }} is flying to infinity and beyond 🚀 +run-name: ${{ github.actor }} is building bats on: - push: - branches: [ "main" ] pull_request: branches: [ "main" ] + paths: + - 'bats/**' env: REGISTRY: ghcr.io From 5bcb916f09d05652b0d8a6fbd767007cef7b4e4b Mon Sep 17 00:00:00 2001 From: Hong Viet Le Date: Tue, 26 Dec 2023 11:38:10 +0100 Subject: [PATCH 03/12] feat: push docker image --- .github/workflows/bats.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml index e5a6ec4..1d3c7a9 100644 --- a/.github/workflows/bats.yml +++ b/.github/workflows/bats.yml @@ -36,5 +36,5 @@ jobs: uses: docker/build-push-action@v5.1.0 with: context: bats - push: false + push: true tags: ${{ env.IMAGE_TAG }} From 54c9a962f6f02fd7d9d3f2f22dcb0b9905c3d64d Mon Sep 17 00:00:00 2001 From: Hong Viet Le Date: Tue, 26 Dec 2023 11:43:02 +0100 Subject: [PATCH 04/12] fix: image tag --- .github/workflows/bats.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml index 1d3c7a9..48cfc92 100644 --- a/.github/workflows/bats.yml +++ b/.github/workflows/bats.yml @@ -10,8 +10,7 @@ on: env: REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }}/bats - IMAGE_TAG: v1.10.0-curl + IMAGE_TAG: ${{ github.repository }}/bats:v1.10.0-curl jobs: build-and-push-docker-image: From 4d76b32861a7a574ea9f0745d4fa03e1b36266c0 Mon Sep 17 00:00:00 2001 From: Hong Viet Le Date: Tue, 26 Dec 2023 11:47:45 +0100 Subject: [PATCH 05/12] fix: image tag --- .github/workflows/bats.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml index 48cfc92..127cba9 100644 --- a/.github/workflows/bats.yml +++ b/.github/workflows/bats.yml @@ -36,4 +36,4 @@ jobs: with: context: bats push: true - tags: ${{ env.IMAGE_TAG }} + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }} From 75985ccb45a28d8ef9513a8193257095847d0381 Mon Sep 17 00:00:00 2001 From: Hong Viet Le Date: Tue, 26 Dec 2023 12:23:03 +0100 Subject: [PATCH 06/12] feat: docker linter --- .github/workflows/bats.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml index 127cba9..be0692c 100644 --- a/.github/workflows/bats.yml +++ b/.github/workflows/bats.yml @@ -37,3 +37,18 @@ jobs: context: bats push: true tags: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }} + + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4.1.1 + - uses: docker/login-action@v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Dockerfile linting + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: bats/Dockerfile + ignore: DL3018 From db2433c9a692b3eec8f1125a3377f31e4fe85bac Mon Sep 17 00:00:00 2001 From: Hong Viet Le Date: Tue, 26 Dec 2023 12:37:51 +0100 Subject: [PATCH 07/12] =?UTF-8?q?feat:=20scan=20de=20vuln=C3=A9rabilit?= =?UTF-8?q?=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/bats.yml | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml index be0692c..90826c7 100644 --- a/.github/workflows/bats.yml +++ b/.github/workflows/bats.yml @@ -13,7 +13,7 @@ env: IMAGE_TAG: ${{ github.repository }}/bats:v1.10.0-curl jobs: - build-and-push-docker-image: + build: runs-on: ubuntu-latest permissions: contents: read @@ -38,6 +38,28 @@ jobs: push: true tags: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }} + scan: + runs-on: ubuntu-latest + permissions: + contents: read + packages: read + needs: build + steps: + - uses: docker/login-action@v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }} + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + check: runs-on: ubuntu-latest steps: From 50bee9550f456577a26d704a436ac71bfb4e545a Mon Sep 17 00:00:00 2001 From: Hong Viet Le Date: Tue, 26 Dec 2023 12:45:59 +0100 Subject: [PATCH 08/12] fix: container registry authentification --- .github/workflows/bats.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml index 90826c7..369d3d3 100644 --- a/.github/workflows/bats.yml +++ b/.github/workflows/bats.yml @@ -45,11 +45,6 @@ jobs: packages: read needs: build steps: - - uses: docker/login-action@v3.0.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: @@ -59,6 +54,9 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + env: + TRIVY_USERNAME: ${{ github.actor }} + TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} check: runs-on: ubuntu-latest From 6cd509d0d8724c97e509d58ee0c503210bec4336 Mon Sep 17 00:00:00 2001 From: Hong Viet Le Date: Tue, 26 Dec 2023 12:49:56 +0100 Subject: [PATCH 09/12] fix: security issues --- bats/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bats/Dockerfile b/bats/Dockerfile index 406090f..58880cc 100644 --- a/bats/Dockerfile +++ b/bats/Dockerfile @@ -1,3 +1,4 @@ FROM bats/bats:v1.10.0 -RUN apk add --no-cache curl +RUN apk update && apk upgrade --no-cache && \ + apk add --no-cache curl From 2268953419e735e4704aa69f866d0a1e43eb536c Mon Sep 17 00:00:00 2001 From: Joseph Page Date: Tue, 9 Jan 2024 07:39:05 +0100 Subject: [PATCH 10/12] Update bats/README.md Co-authored-by: hvle --- bats/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bats/README.md b/bats/README.md index 66d2ca4..bd2e755 100644 --- a/bats/README.md +++ b/bats/README.md @@ -3,3 +3,8 @@ ## Pourquoi L'image précédemment utilisée `dduportal/bats:0.4.0` n'est plus disponible sur Docker Hub. + +## Références + +Cette image est utilisée dans les formations suivantes : +- 🦊 [GITLA](https://www.octo.academy/catalogue/formation/gitla-gitlab-ci-et-cd-gestion-des-sources-et-integration-continue-avec-gitlab/), repo : https://gitlab.com/octo-technology/octo-ops/gitlab-formation From 4bd41ec719c549aa7f4eb58cd931f31262458445 Mon Sep 17 00:00:00 2001 From: hvle Date: Mon, 15 Jan 2024 12:47:40 +0100 Subject: [PATCH 11/12] feat(pipeline): trigger workflow on main branch --- .github/workflows/bats.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml index 369d3d3..a019df3 100644 --- a/.github/workflows/bats.yml +++ b/.github/workflows/bats.yml @@ -3,6 +3,10 @@ name: Build bats docker image run-name: ${{ github.actor }} is building bats on: + push: + branches: [ "main" ] + paths: + - 'bats/**' pull_request: branches: [ "main" ] paths: From 48a99e75897d6f8b1ebfa2330a47c44952920a35 Mon Sep 17 00:00:00 2001 From: Hong Viet LE Date: Mon, 15 Jan 2024 12:52:43 +0100 Subject: [PATCH 12/12] docs: MIT licence --- LICENSE | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d016034 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2024 OCTO Technology + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE.