diff --git a/.gitea/workflows/api-docs.yml b/.gitea/workflows/api-docs.yml index 802eedd..4cb156b 100644 --- a/.gitea/workflows/api-docs.yml +++ b/.gitea/workflows/api-docs.yml @@ -132,7 +132,7 @@ jobs: uses: actions/cache@v4 with: path: ~/.npm - key: ${{ runner.os }}-node-18-${{ hashFiles('services/api-docs/package-lock.json') }} + key: ${{ runner.os }}-node-18-${{ hashFiles('services/api-docs/package.json') }} restore-keys: | ${{ runner.os }}-node-18- ${{ runner.os }}-node- @@ -168,30 +168,4 @@ jobs: run: npm run build - name: Build Docker image (test only) - run: docker build -t api-docs:test . - - security: - runs-on: [self-hosted] - needs: build - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Build Docker image for security scan - run: | - cd services/api-docs - docker build -t api-docs:security-scan . - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.28.0 - with: - image-ref: api-docs:security-scan - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results - uses: github/codeql-action/upload-sarif@v2 - if: always() - with: - sarif_file: 'trivy-results.sarif' + run: docker build -t api-docs:test . \ No newline at end of file diff --git a/.gitea/workflows/api-gateway.yml b/.gitea/workflows/api-gateway.yml index e9ce788..5460787 100644 --- a/.gitea/workflows/api-gateway.yml +++ b/.gitea/workflows/api-gateway.yml @@ -118,32 +118,4 @@ jobs: security: runs-on: [self-hosted] needs: build - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'temurin' - cache: maven - - - name: Build Docker image for security scan - run: | - cd services/api-gateway - docker build -t api-gateway:security-scan . - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: api-gateway:security-scan - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results - uses: github/codeql-action/upload-sarif@v2 - if: always() - with: - sarif_file: 'trivy-results.sarif' + \ No newline at end of file diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index b19f9a2..d72660e 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -221,26 +221,3 @@ jobs: - name: Stop services if: always() run: docker-compose -f docker-compose.dev.yml down - - # Security and Quality Gates - security-scan: - runs-on: [self-hosted] - needs: [api-gateway, service-adapters, api-docs, frontend] - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - scan-type: 'fs' - scan-ref: '.' - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results - uses: github/codeql-action/upload-sarif@v2 - if: always() - with: - sarif_file: 'trivy-results.sarif' diff --git a/.gitea/workflows/docker-build.yml b/.gitea/workflows/docker-build.yml index ce8df45..886ad12 100644 --- a/.gitea/workflows/docker-build.yml +++ b/.gitea/workflows/docker-build.yml @@ -90,80 +90,3 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha,scope=frontend cache-to: type=gha,mode=max,scope=frontend - - security-scan: - runs-on: ubuntu-latest - needs: build-and-push - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Extract metadata for security scan - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-gateway - ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/service-adapters - ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-docs - ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/frontend - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha,prefix={{branch}}- - type=raw,value=latest,enable={{is_default_branch}} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: | - ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-gateway:${{ steps.meta.outputs.version }} - ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/service-adapters:${{ steps.meta.outputs.version }} - ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-docs:${{ steps.meta.outputs.version }} - ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/frontend:${{ steps.meta.outputs.version }} - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results - uses: github/codeql-action/upload-sarif@v2 - if: always() - with: - sarif_file: 'trivy-results.sarif' - - deploy-staging: - runs-on: ubuntu-latest - needs: [build-and-push, security-scan] - if: github.ref == 'refs/heads/develop' - - steps: - - name: Deploy to staging - run: | - echo "Deploying to staging environment..." - # Add your staging deployment commands here - # This could include: - # - Updating Kubernetes manifests - # - Running helm charts - # - Updating Docker Compose files - # - Running database migrations - - deploy-production: - runs-on: ubuntu-latest - needs: [build-and-push, security-scan] - if: startsWith(github.ref, 'refs/tags/v') - - steps: - - name: Deploy to production - run: | - echo "Deploying to production environment..." - # Add your production deployment commands here - # This could include: - # - Updating Kubernetes manifests - # - Running helm charts - # - Updating Docker Compose files - # - Running database migrations - # - Health checks - # - Rollback procedures diff --git a/.gitea/workflows/frontend.yml b/.gitea/workflows/frontend.yml index 6328c24..de7a5b7 100644 --- a/.gitea/workflows/frontend.yml +++ b/.gitea/workflows/frontend.yml @@ -151,34 +151,3 @@ jobs: configPath: './frontend/.lighthouserc.json' uploadArtifacts: true temporaryPublicStorage: true - - security: - runs-on: [self-hosted] - needs: build - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Node.js 18 - uses: actions/setup-node@v4 - with: - node-version: '18' - - - name: Build Docker image for security scan - run: | - cd frontend - docker build -t frontend:security-scan . - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: frontend:security-scan - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results - uses: github/codeql-action/upload-sarif@v2 - if: always() - with: - sarif_file: 'trivy-results.sarif' diff --git a/.gitea/workflows/service-adapters.yml b/.gitea/workflows/service-adapters.yml index 4042858..fc8eb0a 100644 --- a/.gitea/workflows/service-adapters.yml +++ b/.gitea/workflows/service-adapters.yml @@ -127,35 +127,4 @@ jobs: pip install -r requirements.txt - name: Build Docker image (test only) - run: docker build -t service-adapters:test . - - security: - runs-on: [self-hosted] - needs: build - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Python 3.11 - uses: actions/setup-python@v4 - with: - python-version: '3.11' - - - name: Build Docker image for security scan - run: | - cd services/service-adapters - docker build -t service-adapters:security-scan . - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: service-adapters:security-scan - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results - uses: github/codeql-action/upload-sarif@v2 - if: always() - with: - sarif_file: 'trivy-results.sarif' + run: docker build -t service-adapters:test . \ No newline at end of file