Skip to content

Commit 514f63b

Browse files
committed
common vulns
1 parent ef5a91a commit 514f63b

8 files changed

Lines changed: 43 additions & 392 deletions

File tree

.github/workflows/build_all_images.yml

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,19 +18,19 @@ jobs:
1818
runs-on: ubuntu-latest
1919
outputs:
2020
base_node_folders: ${{ steps.find-folders.outputs.base_node }}
21-
language_folders: ${{ steps.find-folders.outputs.languages }}
21+
node_24_language_folders: ${{ steps.find-folders.outputs.node_24_languages }}
2222
project_folders: ${{ steps.find-folders.outputs.projects }}
2323
steps:
2424
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
2525

2626
- id: find-folders
2727
run: |
2828
base_node_folders=$(find src/base_node -mindepth 1 -maxdepth 1 -type d -printf '%f\n' | jq -R -s -c 'split("\n")[:-1]')
29-
language_folders=$(find src/languages -mindepth 1 -maxdepth 1 -type d -printf '%f\n' | jq -R -s -c 'split("\n")[:-1]')
29+
node_24_language_folders=$(find src/languages -mindepth 1 -maxdepth 1 -type d -name 'node_24*' -printf '%f\n' | jq -R -s -c 'split("\n")[:-1]')
3030
project_folders=$(find src/projects -mindepth 1 -maxdepth 1 -type d -printf '%f\n' | jq -R -s -c 'split("\n")[:-1]')
3131
{
3232
echo "base_node=$base_node_folders"
33-
echo "languages=$language_folders"
33+
echo "node_24_languages=$node_24_language_folders"
3434
echo "projects=$project_folders"
3535
} >> "$GITHUB_OUTPUT"
3636
package_base_docker_image:
@@ -56,25 +56,26 @@ jobs:
5656
container_name: ${{ matrix.container_name }}
5757
base_folder: "base_node"
5858
NO_CACHE: ${{ inputs.NO_CACHE }}
59-
package_language_docker_images:
59+
package_node_24_language_docker_images:
6060
needs:
6161
- package_base_docker_image
6262
- package_base_node_images
6363
- discover_folders
6464
strategy:
6565
fail-fast: false
6666
matrix:
67-
container_name: ${{ fromJson(needs.discover_folders.outputs.language_folders) }}
67+
container_name: ${{ fromJson(needs.discover_folders.outputs.node_24_language_folders) }}
6868
uses: ./.github/workflows/build_multi_arch_image.yml
6969
with:
7070
tag_latest: ${{ inputs.tag_latest }}
7171
docker_tag: ${{ inputs.docker_tag }}
7272
container_name: ${{ matrix.container_name }}
7373
base_folder: "languages"
7474
NO_CACHE: ${{ inputs.NO_CACHE }}
75+
EXTRA_COMMON: "common_node_24"
7576
package_project_docker_images:
7677
needs:
77-
- package_language_docker_images
78+
- package_node_24_language_docker_images
7879
- discover_folders
7980
strategy:
8081
fail-fast: false

.github/workflows/build_multi_arch_image.yml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@ name: Build and push docker image
1717
NO_CACHE:
1818
required: true
1919
type: boolean
20+
EXTRA_COMMON:
21+
required: false
22+
type: string
2023

2124
jobs:
2225
build_and_push_image:
@@ -88,6 +91,7 @@ jobs:
8891
BASE_FOLDER: "${{ inputs.base_folder }}"
8992
IMAGE_TAG: "${{ inputs.docker_tag }}-${{ matrix.arch }}"
9093
EXIT_CODE: 0
94+
EXTRA_COMMON: "${{ inputs.extra_common }}"
9195
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
9296
name: Upload scan results
9397
with:
@@ -101,7 +105,7 @@ jobs:
101105
BASE_FOLDER: "${{ inputs.base_folder }}"
102106
IMAGE_TAG: "${{ inputs.docker_tag }}-${{ matrix.arch }}"
103107
EXIT_CODE: "1"
104-
108+
EXTRA_COMMON: "${{ inputs.extra_common }}"
105109
- name: Show docker vulnerability output
106110
if: always()
107111
run: |

Makefile

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -41,30 +41,35 @@ build-githubactions-image: guard-BASE_IMAGE_NAME guard-BASE_IMAGE_TAG guard-IMAG
4141
.
4242

4343
scan-image: guard-CONTAINER_NAME guard-BASE_FOLDER
44+
mkdir -p .out
4445
@combined="src/$${BASE_FOLDER}/$${CONTAINER_NAME}/.trivyignore_combined.yaml"; \
4546
common="src/common/.trivyignore.yaml"; \
47+
extra_common="src/$${EXTRA_COMMON}/.trivyignore.yaml"; \
4648
specific="src/$${BASE_FOLDER}/$${CONTAINER_NAME}/.trivyignore.yaml"; \
4749
exit_code="$${EXIT_CODE:-1}"; \
4850
echo "vulnerabilities:" > "$$combined"; \
4951
if [ -f "$$common" ]; then sed -n '2,$$p' "$$common" >> "$$combined"; fi; \
50-
if [ -f "$$specific" ]; then sed -n '2,$$p' "$$specific" >> "$$combined"; fi
52+
if [ -f "$$extra_common" ]; then sed -n '2,$$p' "$$extra_common" >> "$$combined"; fi; \
53+
if [ -f "$$specific" ]; then sed -n '2,$$p' "$$specific" >> "$$combined"; fi; \
5154
trivy image \
5255
--severity HIGH,CRITICAL \
5356
--config src/${BASE_FOLDER}/${CONTAINER_NAME}/trivy.yaml \
5457
--scanners vuln \
55-
--exit-code "$$exit_code" \
58+
--exit-code $$exit_code \
5659
--format table \
5760
--output .out/scan_results_docker.txt "${CONTAINER_PREFIX}$${CONTAINER_NAME}:$${IMAGE_TAG}"
5861

5962
scan-image-json: guard-CONTAINER_NAME guard-BASE_FOLDER guard-IMAGE_TAG
63+
mkdir -p .out
6064
@combined="src/$${BASE_FOLDER}/$${CONTAINER_NAME}/.trivyignore_combined.yaml"; \
6165
common="src/common/.trivyignore.yaml"; \
66+
extra_common="src/$${EXTRA_COMMON}/.trivyignore.yaml"; \
6267
specific="src/$${BASE_FOLDER}/$${CONTAINER_NAME}/.trivyignore.yaml"; \
6368
exit_code="$${EXIT_CODE:-1}"; \
6469
echo "vulnerabilities:" > "$$combined"; \
6570
if [ -f "$$common" ]; then sed -n '2,$$p' "$$common" >> "$$combined"; fi; \
66-
if [ -f "$$specific" ]; then sed -n '2,$$p' "$$specific" >> "$$combined"; fi
67-
mkdir -p .out
71+
if [ -f "$$extra_common" ]; then sed -n '2,$$p' "$$extra_common" >> "$$combined"; fi; \
72+
if [ -f "$$specific" ]; then sed -n '2,$$p' "$$specific" >> "$$combined"; fi; \
6873
trivy image \
6974
--severity HIGH,CRITICAL \
7075
--config src/${BASE_FOLDER}/${CONTAINER_NAME}/trivy.yaml \

README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -230,9 +230,10 @@ CONTAINER_NAME=node_24 \
230230
```
231231
Language images
232232
```
233-
CONTAINER_NAME=node_24_python_3_12 \
233+
CONTAINER_NAME=node_24_python_3_14 \
234234
BASE_FOLDER=languages \
235235
IMAGE_TAG=local-build \
236+
EXTRA_COMMON=common_node_24 \
236237
make scan-image
237238
```
238239
Project images

0 commit comments

Comments
 (0)