Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add pipeline for build goss docker image #909

Merged
merged 4 commits into from
Jun 24, 2024

Conversation

dklimpel
Copy link
Contributor

@dklimpel dklimpel commented May 10, 2024

Checklist
  • make test-all (UNIX) passes. CI will also test this
  • unit and/or integration tests are included (if applicable)
  • documentation is changed or added (if applicable)

Description of change

Add building own docker image and upload to ghcr.io. Realted image: https://github.com/aelsabbahy/goss-docker/blob/master/Dockerfile

Build image from

  • master branch with goss version: <latest-tag>-master+<short commit sha> (semantic version)
  • tag with version <tag>

Add CVE scan to github security page

Related to:

@dklimpel dklimpel requested a review from aelsabbahy as a code owner May 10, 2024 22:19
@aelsabbahy
Copy link
Member

So is this essentially a replacement for: https://github.com/aelsabbahy/goss-docker

Btw.. many thanks for the awesome work you've submitted! These are all great improvements.

Copy link
Member

@aelsabbahy aelsabbahy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a small question, and might be helpful to add some documentation to this PR (can be minimal). Otherwise, it seems ready to merge

labels: ${{ steps.meta.outputs.labels }}
platforms: ${{ env.PLATFORMS }}

- name: Run Trivy vulnerability scanner
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this some thing that typically runs before or after the container is pushed to the repository?

Also, when doing a goss release, this will run against the master branch, but not the released version?

Copy link
Contributor Author

@dklimpel dklimpel Jun 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a small add on and runs whenever (after) an image (goss:master) is pushed into the repo. It scans the image goss:master and not the repository. This is the same image as the tagged image at the time of creating a tag. The step should not trigger a failing, but serves to keep an overview of the image. It scans not only the goss binary, but the whole image including the operating system (base image).
This gives you an overview of the status of the CVEs at the time the image was published. In my opinion, this cannot replace a regular scan of your own code.

@dklimpel
Copy link
Contributor Author

Added a small question, and might be helpful to add some documentation to this PR (can be minimal). Otherwise, it seems ready to merge

Did you mean this kind of documentation? Or something to the GH pipeline?

@aelsabbahy
Copy link
Member

Did you mean this kind of documentation? Or something to the GH pipeline?

Yup, this looks great!

@aelsabbahy aelsabbahy merged commit bdc4f15 into goss-org:master Jun 24, 2024
4 checks passed
@dklimpel dklimpel deleted the build_docker_goss branch June 24, 2024 13:41
@dklimpel
Copy link
Contributor Author

I will have a look why it is failing. I had tested it successfully.

@dklimpel
Copy link
Contributor Author

In my repo I have not problems and it works. But I cannot see the package in goss Repo: https://github.com/orgs/goss-org/packages?repo_name=goss

Perhaps GH needs some time to activate.

@dklimpel
Copy link
Contributor Author

It seems that permissions have to set there for the package: https://docs.github.com/en/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility

@aelsabbahy
Copy link
Member

Yeah it's set to private, but I can't set it to public due to org settings. I'll take a look at it sometime in the next couple of days.

@aelsabbahy
Copy link
Member

https://github.com/goss-org/goss/pkgs/container/goss

Done, was pretty simple actually.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants