Enhance CI workflows by adding Docker image builds for security scans across all services (API Docs, API Gateway, Frontend, Service Adapters); update image references for Trivy vulnerability scanning to use security scan images. Ensure consistent setup for Java, Node.js, and Python environments in respective workflows.
Some checks failed
Docker Build and Push / build-and-push (push) Failing after 36s
Docker Build and Push / security-scan (push) Has been skipped
Docker Build and Push / deploy-staging (push) Has been skipped
Docker Build and Push / deploy-production (push) Has been skipped
API Docs (Node.js Express) / test (20) (push) Successful in 1m31s
API Gateway (Java Spring Boot) / test (17) (push) Failing after 4m55s
API Gateway (Java Spring Boot) / test (21) (push) Failing after 4m54s
API Gateway (Java Spring Boot) / build (push) Has been skipped
API Gateway (Java Spring Boot) / security (push) Has been skipped
LabFusion CI/CD Pipeline / api-gateway (push) Failing after 4m53s
API Docs (Node.js Express) / test (18) (push) Successful in 10m16s
API Docs (Node.js Express) / test (16) (push) Successful in 10m17s
LabFusion CI/CD Pipeline / service-adapters (push) Failing after 5m5s
Frontend (React) / test (16) (push) Failing after 6m10s
LabFusion CI/CD Pipeline / frontend (push) Failing after 6m18s
Frontend (React) / test (18) (push) Failing after 6m25s
Service Adapters (Python FastAPI) / test (3.1) (push) Failing after 15s
Frontend (React) / test (20) (push) Failing after 1m54s
Frontend (React) / build (push) Has been skipped
Frontend (React) / security (push) Has been skipped
LabFusion CI/CD Pipeline / api-docs (push) Successful in 9m59s
LabFusion CI/CD Pipeline / integration-tests (push) Has been skipped
LabFusion CI/CD Pipeline / security-scan (push) Has been skipped
Integration Tests / integration-tests (push) Failing after 4m3s
Integration Tests / performance-tests (push) Has been skipped
Service Adapters (Python FastAPI) / test (3.11) (push) Failing after 5m22s
Frontend (React) / lighthouse (push) Has been skipped
Service Adapters (Python FastAPI) / test (3.12) (push) Failing after 5m25s
Service Adapters (Python FastAPI) / test (3.9) (push) Failing after 5m25s
Service Adapters (Python FastAPI) / build (push) Has been skipped
Service Adapters (Python FastAPI) / security (push) Has been skipped
API Docs (Node.js Express) / build (push) Successful in 9m56s
API Docs (Node.js Express) / security (push) Failing after 6m9s
Some checks failed
Docker Build and Push / build-and-push (push) Failing after 36s
Docker Build and Push / security-scan (push) Has been skipped
Docker Build and Push / deploy-staging (push) Has been skipped
Docker Build and Push / deploy-production (push) Has been skipped
API Docs (Node.js Express) / test (20) (push) Successful in 1m31s
API Gateway (Java Spring Boot) / test (17) (push) Failing after 4m55s
API Gateway (Java Spring Boot) / test (21) (push) Failing after 4m54s
API Gateway (Java Spring Boot) / build (push) Has been skipped
API Gateway (Java Spring Boot) / security (push) Has been skipped
LabFusion CI/CD Pipeline / api-gateway (push) Failing after 4m53s
API Docs (Node.js Express) / test (18) (push) Successful in 10m16s
API Docs (Node.js Express) / test (16) (push) Successful in 10m17s
LabFusion CI/CD Pipeline / service-adapters (push) Failing after 5m5s
Frontend (React) / test (16) (push) Failing after 6m10s
LabFusion CI/CD Pipeline / frontend (push) Failing after 6m18s
Frontend (React) / test (18) (push) Failing after 6m25s
Service Adapters (Python FastAPI) / test (3.1) (push) Failing after 15s
Frontend (React) / test (20) (push) Failing after 1m54s
Frontend (React) / build (push) Has been skipped
Frontend (React) / security (push) Has been skipped
LabFusion CI/CD Pipeline / api-docs (push) Successful in 9m59s
LabFusion CI/CD Pipeline / integration-tests (push) Has been skipped
LabFusion CI/CD Pipeline / security-scan (push) Has been skipped
Integration Tests / integration-tests (push) Failing after 4m3s
Integration Tests / performance-tests (push) Has been skipped
Service Adapters (Python FastAPI) / test (3.11) (push) Failing after 5m22s
Frontend (React) / lighthouse (push) Has been skipped
Service Adapters (Python FastAPI) / test (3.12) (push) Failing after 5m25s
Service Adapters (Python FastAPI) / test (3.9) (push) Failing after 5m25s
Service Adapters (Python FastAPI) / build (push) Has been skipped
Service Adapters (Python FastAPI) / security (push) Has been skipped
API Docs (Node.js Express) / build (push) Successful in 9m56s
API Docs (Node.js Express) / security (push) Failing after 6m9s
This commit is contained in:
glenn schrooyen
@@ -171,17 +171,22 @@ jobs:
|
||||
run: docker build -t api-docs:test .
|
||||
|
||||
security:
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: [self-hosted]
|
||||
needs: build
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Build Docker image for security scan
|
||||
run: |
|
||||
cd services/api-docs
|
||||
docker build -t api-docs:security-scan .
|
||||
|
||||
- name: Run Trivy vulnerability scanner
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: api-docs:test
|
||||
image-ref: api-docs:security-scan
|
||||
format: 'sarif'
|
||||
output: 'trivy-results.sarif'
|
||||
|
||||
|
||||
@@ -123,10 +123,22 @@ jobs:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up JDK 17
|
||||
uses: actions/setup-java@v4
|
||||
with:
|
||||
java-version: '17'
|
||||
distribution: 'temurin'
|
||||
cache: maven
|
||||
|
||||
- name: Build Docker image for security scan
|
||||
run: |
|
||||
cd services/api-gateway
|
||||
docker build -t api-gateway:security-scan .
|
||||
|
||||
- name: Run Trivy vulnerability scanner
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: api-gateway:test
|
||||
image-ref: api-gateway:security-scan
|
||||
format: 'sarif'
|
||||
output: 'trivy-results.sarif'
|
||||
|
||||
|
||||
@@ -99,14 +99,32 @@ jobs:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Extract metadata for security scan
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
images: |
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-gateway
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/service-adapters
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-docs
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/frontend
|
||||
tags: |
|
||||
type=ref,event=branch
|
||||
type=ref,event=pr
|
||||
type=semver,pattern={{version}}
|
||||
type=semver,pattern={{major}}.{{minor}}
|
||||
type=semver,pattern={{major}}
|
||||
type=sha,prefix={{branch}}-
|
||||
type=raw,value=latest,enable={{is_default_branch}}
|
||||
|
||||
- name: Run Trivy vulnerability scanner
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: |
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-gateway:${{ github.sha }}
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/service-adapters:${{ github.sha }}
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-docs:${{ github.sha }}
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/frontend:${{ github.sha }}
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-gateway:${{ steps.meta.outputs.version }}
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/service-adapters:${{ steps.meta.outputs.version }}
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/api-docs:${{ steps.meta.outputs.version }}
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/frontend:${{ steps.meta.outputs.version }}
|
||||
format: 'sarif'
|
||||
output: 'trivy-results.sarif'
|
||||
|
||||
|
||||
@@ -153,17 +153,27 @@ jobs:
|
||||
temporaryPublicStorage: true
|
||||
|
||||
security:
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: [self-hosted]
|
||||
needs: build
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Node.js 18
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: '18'
|
||||
|
||||
- name: Build Docker image for security scan
|
||||
run: |
|
||||
cd frontend
|
||||
docker build -t frontend:security-scan .
|
||||
|
||||
- name: Run Trivy vulnerability scanner
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: frontend:test
|
||||
image-ref: frontend:security-scan
|
||||
format: 'sarif'
|
||||
output: 'trivy-results.sarif'
|
||||
|
||||
|
||||
@@ -130,17 +130,27 @@ jobs:
|
||||
run: docker build -t service-adapters:test .
|
||||
|
||||
security:
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: [self-hosted]
|
||||
needs: build
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Python 3.11
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.11'
|
||||
|
||||
- name: Build Docker image for security scan
|
||||
run: |
|
||||
cd services/service-adapters
|
||||
docker build -t service-adapters:security-scan .
|
||||
|
||||
- name: Run Trivy vulnerability scanner
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: service-adapters:test
|
||||
image-ref: service-adapters:security-scan
|
||||
format: 'sarif'
|
||||
output: 'trivy-results.sarif'
|
||||
|
||||
|
||||
Reference in New Issue
Block a user