This project intends to create on a cron basis a docker image of Debian with node and Firebase CLI bundled
Guiillaume Hemmen
0bd84540a6
# Overview This PR introduces several improvements to our Docker infrastructure, focusing on security, base image optimization, and workflow automation. # Key Changes ## Base Image Updates - Updated system package installation and cleanup processes ## Security Enhancements - Implemented Trivy security scanning in the Dockerfile - Adjusted Trivy scan configuration to handle known Debian vulnerabilities - Enhanced container security by ensuring proper ownership of `/workspaces` directory ## CI/CD Improvements - Added manual workflow dispatch capability to Docker workflows - Implemented cron scheduling for automated builds - Enhanced Docker image configuration and build process # Technical Details - Trivy security scanning is now implemented using a script-based installation method - Workflow improvements allow both scheduled and manual triggering of Docker builds # Security Considerations - Trivy scan exit code has been set to 0 to accommodate known Debian vulnerabilities while maintaining security awareness - Proper directory permissions and ownership are maintained for `/workspaces` # Impact These changes improve our Docker image by: - Reducing image size and improving build efficiency - Enhancing security scanning capabilities - Providing more flexible deployment options through manual triggers - Ensuring consistent automated builds through cron scheduling # Reviewer Notes Please pay special attention to: - The base image change and its impact on existing workflows - Security scanning configuration - Workflow trigger modifications Reviewed-on: #1 Co-authored-by: Guiillaume Hemmen <guillaume@van-hemmen.com> Co-committed-by: Guiillaume Hemmen <guillaume@van-hemmen.com> |
||
|---|---|---|
| .forgejo/workflows | ||
| .woodpecker.yml | ||
| Dockerfile | ||
| LICENSE | ||
| README.md | ||