Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(ci): Revert using caddy to host frontend static files. #229

Open
wants to merge 19 commits into
base: main
Choose a base branch
from
Open

chore(ci): Revert using caddy to host frontend static files. #229

wants to merge 19 commits into from

Conversation

fergmac
Copy link
Collaborator

@fergmac fergmac commented Dec 5, 2024
edited by github-actions bot
Loading

Description

Please provide a summary of the change and the issue fixed. Please include relevant context. List dependency changes.

Fixes # (issue)

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • Test A
  • Test B

Checklist

  • I have read the CONTRIBUTING doc
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have already been accepted and merged

Further comments

Thanks for the PR!

Deployments, as required, will be available below:

Please create PRs in draft mode. Mark as ready to enable:

After merge, new images are deployed in:

@fergmac fergmac self-assigned this Dec 5, 2024
@fergmac fergmac requested review from DerekRoberts and a team as code owners December 5, 2024 19:56
@github-actions github-actions bot added the docker label Dec 9, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 9, 2024
View reviewed changes
Dockerfile
@@ -0,0 +1,162 @@
FROM node:14.21.3 AS frontend-build

Check failure

Code scanning / Trivy

Image user should not be 'root' High

Artifact: Dockerfile
Type: dockerfile
Vulnerability DS002
Severity: HIGH
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
Link: DS002
Dockerfile
@@ -0,0 +1,162 @@
FROM node:14.21.3 AS frontend-build

Check notice

Code scanning / Trivy

No HEALTHCHECK defined Low

Artifact: Dockerfile
Type: dockerfile
Vulnerability DS026
Severity: LOW
Message: Add HEALTHCHECK instruction in your Dockerfile
Link: DS026
Dockerfile
ENV CUSTOM_GDAL_GEOS="False"
ENV DATABASE_NAME=gwells
ENV DATABASE_USER="gwells"
ENV DATABASE_PASSWORD="test1"

Check failure

Code scanning / Trivy

Secrets passed via `build-args` or envs or copied secret files Critical

Artifact: Dockerfile
Type: dockerfile
Vulnerability DS031
Severity: CRITICAL
Message: Possible exposure of secret env "DATABASE_PASSWORD" in ENV
Link: DS031
Dockerfile
ENV DATABASE_SERVICE_NAME=gwells
ENV DJANGO_ADMIN_URL=admin
ENV DJANGO_DEBUG="true"
ENV DJANGO_SECRET_KEY=secret

Check failure

Code scanning / Trivy

Secrets passed via `build-args` or envs or copied secret files Critical

Artifact: Dockerfile
Type: dockerfile
Vulnerability DS031
Severity: CRITICAL
Message: Possible exposure of secret env "DJANGO_SECRET_KEY" in ENV
Link: DS031
Dockerfile
ENV ENABLE_AQUIFERS_SEARCH="true"
ENV GWELLS_SERVICE_HOST="db"
ENV GWELLS_SERVICE_PORT="5432"
ENV MINIO_ACCESS_KEY=minio

Check failure

Code scanning / Trivy

Secrets passed via `build-args` or envs or copied secret files Critical

Artifact: Dockerfile
Type: dockerfile
Vulnerability DS031
Severity: CRITICAL
Message: Possible exposure of secret env "MINIO_ACCESS_KEY" in ENV
Link: DS031
Dockerfile
ENV GWELLS_SERVICE_HOST="db"
ENV GWELLS_SERVICE_PORT="5432"
ENV MINIO_ACCESS_KEY=minio
ENV MINIO_SECRET_KEY=minio1234

Check failure

Code scanning / Trivy

Secrets passed via `build-args` or envs or copied secret files Critical

Artifact: Dockerfile
Type: dockerfile
Vulnerability DS031
Severity: CRITICAL
Message: Possible exposure of secret env "MINIO_SECRET_KEY" in ENV
Link: DS031
Dockerfile
ENV SSO_CLIENT=gwells-4121
ENV SSO_TEST_AUDIENCE=gwells-api-tests-4820
ENV SSO_TEST_CLIENT=gwells-api-tests-4820
ENV SSO_AUTH_HOST=https://test.loginproxy.gov.bc.ca/auth

Check failure

Code scanning / Trivy

Secrets passed via `build-args` or envs or copied secret files Critical

Artifact: Dockerfile
Type: dockerfile
Vulnerability DS031
Severity: CRITICAL
Message: Possible exposure of secret env "SSO_AUTH_HOST" in ENV
Link: DS031
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DerekRoberts DerekRoberts Awaiting requested review from DerekRoberts DerekRoberts is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@fergmac fergmac

Labels
docker github actions
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@fergmac