Docker Image Updates and Security Enhancements #1

Merged
GuillaumeHemmen merged 7 commits from rework-dockerfile into master 2025-06-25 17:26:37 +00:00

Overview

This PR introduces several improvements to our Docker infrastructure, focusing on security, base image optimization, and workflow automation.

Key Changes

Base Image Updates

  • Updated system package installation and cleanup processes

Security Enhancements

  • Implemented Trivy security scanning in the Dockerfile
  • Adjusted Trivy scan configuration to handle known Debian vulnerabilities
  • Enhanced container security by ensuring proper ownership of /workspaces directory

CI/CD Improvements

  • Added manual workflow dispatch capability to Docker workflows
  • Implemented cron scheduling for automated builds
  • Enhanced Docker image configuration and build process

Technical Details

  • Trivy security scanning is now implemented using a script-based installation method
  • Workflow improvements allow both scheduled and manual triggering of Docker builds

Security Considerations

  • Trivy scan exit code has been set to 0 to accommodate known Debian vulnerabilities while maintaining security awareness
  • Proper directory permissions and ownership are maintained for /workspaces

Impact

These changes improve our Docker image by:

  • Reducing image size and improving build efficiency
  • Enhancing security scanning capabilities
  • Providing more flexible deployment options through manual triggers
  • Ensuring consistent automated builds through cron scheduling

Reviewer Notes

Please pay special attention to:

  • The base image change and its impact on existing workflows
  • Security scanning configuration
  • Workflow trigger modifications
# Overview This PR introduces several improvements to our Docker infrastructure, focusing on security, base image optimization, and workflow automation. # Key Changes ## Base Image Updates - Updated system package installation and cleanup processes ## Security Enhancements - Implemented Trivy security scanning in the Dockerfile - Adjusted Trivy scan configuration to handle known Debian vulnerabilities - Enhanced container security by ensuring proper ownership of `/workspaces` directory ## CI/CD Improvements - Added manual workflow dispatch capability to Docker workflows - Implemented cron scheduling for automated builds - Enhanced Docker image configuration and build process # Technical Details - Trivy security scanning is now implemented using a script-based installation method - Workflow improvements allow both scheduled and manual triggering of Docker builds # Security Considerations - Trivy scan exit code has been set to 0 to accommodate known Debian vulnerabilities while maintaining security awareness - Proper directory permissions and ownership are maintained for `/workspaces` # Impact These changes improve our Docker image by: - Reducing image size and improving build efficiency - Enhancing security scanning capabilities - Providing more flexible deployment options through manual triggers - Ensuring consistent automated builds through cron scheduling # Reviewer Notes Please pay special attention to: - The base image change and its impact on existing workflows - Security scanning configuration - Workflow trigger modifications
GuillaumeHemmen added 6 commits 2025-06-25 17:16:27 +00:00
GuillaumeHemmen changed title from rework-dockerfile to Docker Image Updates and Security Enhancements 2025-06-25 17:18:16 +00:00
GuillaumeHemmen added 1 commit 2025-06-25 17:21:03 +00:00
GuillaumeHemmen merged commit 0bd84540a6 into master 2025-06-25 17:26:37 +00:00
GuillaumeHemmen deleted branch rework-dockerfile 2025-06-25 17:26:38 +00:00
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: GuillaumeHemmen/debian-node-firebase#1
No description provided.