feat: keep up with technical debt
Some checks reported warnings
Cadoles/hydra-sql/pipeline/head This commit is unstable
Cadoles/hydra-sql/pipeline/pr-develop This commit is unstable

This commit is contained in:
Matthieu Lamalle 2023-12-11 14:41:20 +01:00
parent c7d1fb4ef3
commit 56373b7725
7 changed files with 121 additions and 41 deletions

14
.dockerignore Normal file
View File

@ -0,0 +1,14 @@
.env.local
.env.local.php
.env.*.local
config/secrets/prod/prod.decrypt.private.php
public/bundles/
var/
vendor/
supervisord.log
supervisord.pid
.composer/
.vscode
composer.phar
/tools
/.trivy

2
.gitignore vendored
View File

@ -18,3 +18,5 @@ composer.phar
/.npm
/.local
/.bash_history
/tools
/.trivy

17
.trivyignore.yaml Normal file
View File

@ -0,0 +1,17 @@
vulnerabilities:
- id: CVE-2023-39325
paths:
- usr/local/bin/gomplate
statement: Not concerned
- id: CVE-2023-3978
paths:
- usr/local/bin/gomplate
statement: Not concerned
- id: CVE-2023-44487
paths:
- usr/local/bin/gomplate
statement: Not concerned
- id: GHSA-m425-mq94-257g
paths:
- usr/local/bin/gomplate
statement: Not concerned

23
Jenkinsfile vendored
View File

@ -4,4 +4,25 @@
// Utilisation du pipeline partagé pour les applications Symfony de Cadoles
// Le nom de l'image Docker passée en paramètre vous permet de préciser l'environnement de test
// de votre application Symfony
symfonyAppPipeline("ubuntu:22.04")
symfonyAppPipeline('ubuntu:22.04', [
'hooks': [
// Run docker image build, verification and publication stages
'postSymfonyAppPipeline': {
boolean isRelease = ["develop", "staging", "master"].contains(env.BRANCH_NAME)
stage('Build and publish hydra-sql standalone image') {
container.buildAndPublishImage([
'imageName': 'reg.cadoles.com/cadoles/hydra-sql-standalone',
'dockerfile': './misc/images/hydra-sql-standalone/Dockerfile',
'dryRun': !isRelease
])
}
stage('Build and publish hydra-sql base image') {
container.buildAndPublishImage([
'imageName': 'reg.cadoles.com/cadoles/hydra-sql-base',
'dockerfile': './misc/images/hydra-sql-base/Dockerfile',
'dryRun': !isRelease
])
}
}
]
])

View File

@ -1,46 +1,40 @@
CI_COMPOSE=FIXUID=$(shell id -u) FIXGID=$(shell id -g) docker-compose -f docker-compose.yml
HYDRA_SQL_SHELL_USER ?= www-data:
DOCKER_CMD ?=
DOCKER_IMAGE_NAME ?= login-app-sql_hydra-sql
up:
FIXUID=$(shell id -u) FIXGID=$(shell id -g) docker-compose up --build
down:
docker-compose down -v
IMAGE_REPO ?= reg.cadoles.com/cadoles
IMAGES_DIR := misc/images
IMAGES := $(foreach file, $(wildcard $(IMAGES_DIR)/*), $(basename $(notdir $(file))))
purge:
docker-compose down -v --remove-orphans --rmi local
TRIVY_ARGS ?=
hydra-sql-shell:
$(CI_COMPOSE) exec \
-u "$(HYDRA_SQL_SHELL_USER)" \
hydra-sql \
/bin/bash
build-image: $(foreach image, $(IMAGES), build-image-$(image))
build-image-%:
docker build \
-t "${IMAGE_REPO}/$*:latest" \
-f ${IMAGES_DIR}/$*/Dockerfile \
.
APP_LOCALES ?= fr,en
HYDRA_ADMIN_BASE_URL ?= http://hydra:4445
TRUSTED_PROXIES ?= 127.0.0.1,REMOTE_ADDR,localhost
ISSUER_URL ?= http://localhost:8000
BASE_URL ?= http://localhost:8080
DB_USER ?= lasql
DB_PASSWORD ?= lasql
DEFAULT_LOCALE ?= fr
BDD ?= postgres
DSN_REMOTE_DATABASE=mysql:host=mariadb;port=3306;dbname=lasql
scan-image: $(foreach image, $(IMAGES), scan-image-$(image))
up-mysql:
docker run \
-it --rm \
-p 8080:80 \
-e APP_LOCALES=$(APP_LOCALES) \
-e HYDRA_ADMIN_BASE_URL=$(HYDRA_ADMIN_BASE_URL) \
-e TRUSTED_PROXIES=$(TRUSTED_PROXIES) \
-e ISSUER_URL=$(ISSUER_URL) \
-e BASE_URL=$(BASE_URL) \
-e DB_USER=$(DB_USER) \
-e DB_PASSWORD=$(DB_PASSWORD) \
-e DEFAULT_LOCALE=$(DEFAULT_LOCALE) \
-e DSN_REMOTE_DATABASE=$(DSN_REMOTE_DATABASE) \
$(DOCKER_IMAGE_NAME):latest \
$(DOCKER_CMD)
scan-image-%: tools/trivy/bin/trivy
mkdir -p .trivy/.cache
tools/trivy/bin/trivy --cache-dir .trivy/.cache --ignorefile .trivyignore.yaml image $(TRIVY_ARGS) $(IMAGE_REPO)/$*:latest
release-image: $(foreach image, $(IMAGES), release-image-$(image))
release-image-%: .mktools
@[ ! -z "$(MKT_PROJECT_VERSION)" ] || ( echo "Just downloaded mktools. Please re-run command."; exit 1 )
docker tag "${IMAGE_REPO}/$*:latest" "${IMAGE_REPO}/$*:$(MKT_PROJECT_VERSION)"
docker tag "${IMAGE_REPO}/$*:latest" "${IMAGE_REPO}/$*:$(MKT_PROJECT_SHORT_VERSION)"
docker push "${IMAGE_REPO}/$*:$(MKT_PROJECT_VERSION)"
docker push "${IMAGE_REPO}/$*:$(MKT_PROJECT_SHORT_VERSION)"
docker push "${IMAGE_REPO}/$*:latest"
tools/trivy/bin/trivy:
mkdir -p tools/trivy/bin
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.47.0
.mktools:
rm -rf .mktools
curl -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | TASKS="version" $(SHELL)
-include .mktools/*.mk

View File

@ -0,0 +1,16 @@
ARG NODE_OPTIONS="--openssl-legacy-provider"
ARG PHP_PKG_VERSION="8.1.22-r0"
ARG ADDITIONAL_PACKAGES="bash=5.2.15-r0 \
build-base=0.5-r3 \
php81-gd=${PHP_PKG_VERSION} \
php81-xsl=${PHP_PKG_VERSION} \
php81-pdo=${PHP_PKG_VERSION} \
php81-pgsql=${PHP_PKG_VERSION} \
php81-pdo_pgsql=${PHP_PKG_VERSION} \
php81-soap=${PHP_PKG_VERSION} \
php81-ldap=${PHP_PKG_VERSION} \
php81-pdo_mysql=${PHP_PKG_VERSION} \
php81-bcmath=${PHP_PKG_VERSION}"
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone-2023.11.16-stable.1541.eec311d

View File

@ -0,0 +1,16 @@
ARG NODE_OPTIONS="--openssl-legacy-provider"
ARG PHP_PKG_VERSION="8.1.22-r0"
ARG ADDITIONAL_PACKAGES="bash=5.2.15-r0 \
build-base=0.5-r3 \
php81-gd=${PHP_PKG_VERSION} \
php81-xsl=${PHP_PKG_VERSION} \
php81-pdo=${PHP_PKG_VERSION} \
php81-pgsql=${PHP_PKG_VERSION} \
php81-pdo_pgsql=${PHP_PKG_VERSION} \
php81-soap=${PHP_PKG_VERSION} \
php81-ldap=${PHP_PKG_VERSION} \
php81-pdo_mysql=${PHP_PKG_VERSION} \
php81-bcmath=${PHP_PKG_VERSION}"
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone-2023.11.16-stable.1541.eec311d