mirror of
https://github.com/Luzifer/twitch-bot.git
synced 2024-12-30 00:21:16 +00:00
Add trivy scan, fix trivy errors for Dockerfile
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
34fa7bed17
commit
5d0f1acbf2
3 changed files with 23 additions and 4 deletions
4
.github/workflows/test-and-build.yml
vendored
4
.github/workflows/test-and-build.yml
vendored
|
@ -42,6 +42,7 @@ jobs:
|
|||
nodejs-lts-fermium \
|
||||
npm \
|
||||
tar \
|
||||
trivy \
|
||||
unzip \
|
||||
which \
|
||||
zip
|
||||
|
@ -63,6 +64,9 @@ jobs:
|
|||
NO_TESTS: 'true'
|
||||
PACKAGES: '.'
|
||||
|
||||
- name: Execute Trivy scan
|
||||
run: make trivy
|
||||
|
||||
- name: Extract changelog
|
||||
run: 'awk "/^#/ && ++c==2{exit}; /^#/f" "History.md" | tail -n +2 >release_changelog.md'
|
||||
|
||||
|
|
10
Dockerfile
10
Dockerfile
|
@ -4,8 +4,7 @@ COPY . /go/src/github.com/Luzifer/twitch-bot
|
|||
WORKDIR /go/src/github.com/Luzifer/twitch-bot
|
||||
|
||||
ENV CGO_ENABLED=0 \
|
||||
GOPATH=/go \
|
||||
NODE_ENV=production
|
||||
GOPATH=/go
|
||||
|
||||
RUN set -ex \
|
||||
&& pacman -Syy --noconfirm \
|
||||
|
@ -28,7 +27,7 @@ FROM alpine:latest
|
|||
LABEL maintainer "Knut Ahlers <knut@ahlers.me>"
|
||||
|
||||
ENV CONFIG=/data/config.yaml \
|
||||
STORAGE_FILE=/data/store.json.gz
|
||||
STORAGE_CONN_STRING=/data/store.db
|
||||
|
||||
RUN set -ex \
|
||||
&& apk --no-cache add \
|
||||
|
@ -36,10 +35,13 @@ RUN set -ex \
|
|||
ca-certificates \
|
||||
curl \
|
||||
jq \
|
||||
tzdata
|
||||
tzdata \
|
||||
&& mkdir /data \
|
||||
&& chown 1000:1000 /data
|
||||
|
||||
COPY --from=builder /go/bin/twitch-bot /usr/local/bin/twitch-bot
|
||||
|
||||
USER 1000:1000
|
||||
VOLUME ["/data"]
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/twitch-bot"]
|
||||
|
|
13
Makefile
13
Makefile
|
@ -40,3 +40,16 @@ push_wiki:
|
|||
update_ua_list:
|
||||
# User-Agents provided by https://www.useragents.me/
|
||||
curl -sSf https://www.useragents.me/api | jq -r '.data[].ua' | grep -v 'Trident' >internal/linkcheck/user-agents.txt
|
||||
|
||||
# -- Vulnerability scanning --
|
||||
|
||||
trivy:
|
||||
trivy fs . \
|
||||
--dependency-tree \
|
||||
--exit-code 1 \
|
||||
--format table \
|
||||
--ignore-unfixed \
|
||||
--quiet \
|
||||
--scanners config,license,secret,vuln \
|
||||
--severity HIGH,CRITICAL \
|
||||
--skip-dirs docs
|
||||
|
|
Loading…
Reference in a new issue