From 3473e815d38c5c5fea68335ad6bb2181e8e6d330 Mon Sep 17 00:00:00 2001 From: mrbasado Date: Thu, 4 Jan 2024 13:24:48 -0600 Subject: [PATCH 1/3] fix: trivy token fix --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index dee45f2..e17ea34 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN apt-get install libxml2>=2.9.10+dfsg-6.7+deb11u3 -y RUN apt-get install libksba8>=1.5.0-3+deb11u2 -y RUN apt-get install git -y RUN apt-get install libde265-0>=1.0.11-0+deb11u1 -y -RUN apt-get install openssh-server>=1:9.2p1-2+deb12u2 -y +#RUN apt-get install openssh-server>=1:9.2p1-2+deb12u2 -y RUN pip install --upgrade pip RUN pip install setuptools==65.5.1 requests==2.26.0 discord.py==2.3.2 aiohttp==3.9.0 From f3b54090971538623d64dc769dcbcc6929f4fc58 Mon Sep 17 00:00:00 2001 From: mrbasado Date: Thu, 4 Jan 2024 13:29:42 -0600 Subject: [PATCH 2/3] fix: add build change --- .github/workflows/build-trivy.yml | 39 +++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/build-trivy.yml diff --git a/.github/workflows/build-trivy.yml b/.github/workflows/build-trivy.yml new file mode 100644 index 0000000..f0af524 --- /dev/null +++ b/.github/workflows/build-trivy.yml @@ -0,0 +1,39 @@ +name: Pull Request - Build Image and Do Trivy Scan + +on: + pull_request: + branches: + - main + +env: + IMAGE_NAME: '/badger/${{ github.event.repository.name }}:${{ github.event.after }}' + +jobs: + build: + name: Build Container Image + runs-on: ubuntu-latest + steps: + - name: Checkout Service + uses: actions/checkout@main + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-west-1 + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: Build, tag, and push image to Amazon ECR + run: | + docker build --build-arg BOT_TOKEN=${{ secrets.BOT_TOKEN }} -t ${{ steps.login-ecr.outputs.registry }}${{ env.IMAGE_NAME }} . + docker push ${{ steps.login-ecr.outputs.registry }}${{ env.IMAGE_NAME }} + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: '${{ steps.login-ecr.outputs.registry }}${{ env.IMAGE_NAME }}' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' From 8c83e8c4801f4897239a57be4b0e83245af7d041 Mon Sep 17 00:00:00 2001 From: mrbasado Date: Thu, 4 Jan 2024 13:36:15 -0600 Subject: [PATCH 3/3] fix: remove old ssh client --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e17ea34..38c877f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN apt-get install libxml2>=2.9.10+dfsg-6.7+deb11u3 -y RUN apt-get install libksba8>=1.5.0-3+deb11u2 -y RUN apt-get install git -y RUN apt-get install libde265-0>=1.0.11-0+deb11u1 -y -#RUN apt-get install openssh-server>=1:9.2p1-2+deb12u2 -y +RUN apt-get remove openssh-client -y RUN pip install --upgrade pip RUN pip install setuptools==65.5.1 requests==2.26.0 discord.py==2.3.2 aiohttp==3.9.0