baseimage
/
autossl
Archived
generated from infra/template
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity
Browse Source

add-security-scanners
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details

add-security-scanners
fedy95 4 years ago
parent
09e22c2645
commit
900eb38939
4 changed files with 66 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 61
      .drone.yml
  2. 2
      Makefile
  3. 4
      README.md
  4. 3
      image/Dockerfile

61
.drone.yml
View File

@ -8,7 +8,64 @@ volumes:
- name: dockersock
host:
path: /var/run/docker.sock
steps:
- name: build image
image: docker:dind
volumes:
- name: dockersock
path: /var/run/docker.sock
environment:
REGISTRY: registry.fedy95.com
commands:
- docker build -t "$REGISTRY"/baseimage-autossl:$DRONE_COMMIT_SHA image -f image/Dockerfile
when:
event: pull_request
- name: trivy security scan
image: aquasec/trivy
volumes:
- name: dockersock
path: /var/run/docker.sock
environment:
REGISTRY: registry.fedy95.com
commands:
- "trivy \
--exit-code 1 \
--format json \
--no-progress \
$REGISTRY/baseimage-autossl:$DRONE_COMMIT_SHA"
when:
event: pull_request
- name: grype security scan
image: docker:dind
volumes:
- name: dockersock
path: /var/run/docker.sock
environment:
REGISTRY: registry.fedy95.com
commands:
- apk add --no-cache curl
- "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | \
sh -s -- -b /usr/local/bin"
- "grype $REGISTRY/baseimage-autossl:$DRONE_COMMIT_SHA \
--scope all-layers \
--fail-on=critical \
--verbose"
when:
event: pull_request
- name: cleanup
image: docker:dind
volumes:
- name: dockersock
path: /var/run/docker.sock
commands:
- docker rmi registry.fedy95.com/baseimage-autossl:$DRONE_COMMIT_SHA
when:
event: pull_request
- name: release
image: docker:dind
volumes:
@ -25,8 +82,8 @@ steps:
REGISTRY_PASSWORD:
from_secret: REGISTRY_PASSWORD
commands:
- docker build -t "$REGISTRY"/baseimage-autossl:"$DRONE_TAG" .
- docker build -t "$REGISTRY"/baseimage-autossl:latest .
- docker build -t "$REGISTRY"/baseimage-autossl:"$DRONE_TAG" image -f image/Dockerfile
- docker build -t "$REGISTRY"/baseimage-autossl:latest image -f image/Dockerfile
- docker login "$REGISTRY" -u"$REGISTRY_USERNAME" -p"$REGISTRY_PASSWORD"
- docker push "$REGISTRY"/baseimage-autossl:"$DRONE_TAG"
- docker push "$REGISTRY"/baseimage-autossl:latest

2
Makefile
View File

@ -5,6 +5,6 @@ LOCAL_REPOSITORY=fedy95/baseimage:autossl
TAG=latest
build:
docker build -t ${LOCAL_REPOSITORY}-${TAG} .
docker build -t ${LOCAL_REPOSITORY}-${TAG} image -f image/Dockerfile
.DEFAULT_GOAL := build

4
README.md
View File

@ -3,3 +3,7 @@
Base image for generate ssl-certs
- [acme git](https://github.com/acmesh-official/acme.sh)
### security scanners
- [trivy](https://github.com/aquasecurity/trivy)
- [grype](https://github.com/anchore/grype)

3
Dockerfile → image/Dockerfile
View File

@ -1,7 +1,8 @@
FROM alpine
FROM alpine:3.14
WORKDIR /src
RUN \
apk update && apk upgrade && \
apk add --no-cache git openssl wget && \
git clone https://github.com/acmesh-official/acme.sh.git && \
apk del git