Skip to content

Commit

Permalink
Merge pull request #1783 from OpenC3/minio
Browse files Browse the repository at this point in the history 
Update Minio
  • Loading branch information
@jmthomas
jmthomas authored Dec 19, 2024
2 parents 620b543 + 885beee commit b25adc7
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 2 deletions.
43 changes: 43 additions & 0 deletions .github/workflows/trivy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,166 +24,209 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: openc3.sh build
id: build
# This `shell` line is required to get around a known issue: https://github.com/actions/runner/issues/241#issuecomment-745902718
shell: 'script -q -e -c "bash {0}"'
run: ./openc3.sh build
env:
OPENC3_TAG: ${{ github.sha }}
- name: Run Trivy on image ruby
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/openc3inc/openc3-ruby:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-ruby.sarif"
ignore-unfixed: true
vuln-type: "os,library"
scanners: "vuln"
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: github/codeql-action/upload-sarif@v3
with:
category: "openc3-ruby"
sarif_file: "trivy-ruby.sarif"
- name: Run Trivy on image node
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/openc3inc/openc3-node:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-node.sarif"
ignore-unfixed: true
vuln-type: "os,library"
scanners: "vuln"
severity: "CRITICAL,HIGH"
# On a subsequent call to the action we know trivy is already installed so can skip this
skip-setup-trivy: true
- name: Upload Trivy scan results
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: github/codeql-action/upload-sarif@v3
with:
category: "openc3-node"
sarif_file: "trivy-node.sarif"
- name: Run Trivy on image base
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/openc3inc/openc3-base:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-base.sarif"
ignore-unfixed: true
vuln-type: "os,library"
scanners: "vuln"
severity: "CRITICAL,HIGH"
skip-setup-trivy: true
- name: Upload Trivy scan results
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: github/codeql-action/upload-sarif@v3
with:
category: "openc3-base"
sarif_file: "trivy-base.sarif"
- name: Run Trivy on image cosmos-init
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/openc3inc/openc3-cosmos-init:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-init.sarif"
ignore-unfixed: true
vuln-type: "os,library"
scanners: "vuln"
severity: "CRITICAL,HIGH"
skip-setup-trivy: true
- name: Upload Trivy scan results
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: github/codeql-action/upload-sarif@v3
with:
category: "openc3-init"
sarif_file: "trivy-init.sarif"
- name: Run Trivy on image redis
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/openc3inc/openc3-redis:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-redis.sarif"
ignore-unfixed: true
vuln-type: "os,library"
scanners: "vuln"
severity: "CRITICAL,HIGH"
skip-setup-trivy: true
- name: Upload Trivy scan results
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: github/codeql-action/upload-sarif@v3
with:
category: "openc3-redis"
sarif_file: "trivy-redis.sarif"
- name: Run Trivy on image minio
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/openc3inc/openc3-minio:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-minio.sarif"
ignore-unfixed: true
vuln-type: "os,library"
scanners: "vuln"
severity: "CRITICAL,HIGH"
skip-setup-trivy: true
- name: Upload Trivy scan results
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: github/codeql-action/upload-sarif@v3
with:
category: "openc3-minio"
sarif_file: "trivy-minio.sarif"
- name: Run Trivy on image operator
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/openc3inc/openc3-operator:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-operator.sarif"
ignore-unfixed: true
vuln-type: "os,library"
scanners: "vuln"
severity: "CRITICAL,HIGH"
skip-setup-trivy: true
- name: Upload Trivy scan results
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: github/codeql-action/upload-sarif@v3
with:
category: "openc3-operator"
sarif_file: "trivy-operator.sarif"
- name: Run Trivy on image cmd-tlm-api
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/openc3inc/openc3-cosmos-cmd-tlm-api:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-cmd-tlm-api.sarif"
ignore-unfixed: true
vuln-type: "os,library"
scanners: "vuln"
severity: "CRITICAL,HIGH"
skip-setup-trivy: true
- name: Upload Trivy scan results
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: github/codeql-action/upload-sarif@v3
with:
category: "openc3-cmd-tlm-api"
sarif_file: "trivy-cmd-tlm-api.sarif"
- name: Run Trivy on image script-runner-api
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/openc3inc/openc3-cosmos-script-runner-api:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-script-runner-api.sarif"
ignore-unfixed: true
vuln-type: "os,library"
scanners: "vuln"
severity: "CRITICAL,HIGH"
skip-setup-trivy: true
- name: Upload Trivy scan results
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: github/codeql-action/upload-sarif@v3
with:
category: "openc3-script-runner-api"
sarif_file: "trivy-script-runner-api.sarif"
- name: Run Trivy on image traefik
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/openc3inc/openc3-traefik:${{ github.sha }}"
format: "sarif"
exit-code: 1
output: "trivy-traefik.sarif"
ignore-unfixed: true
vuln-type: "os,library"
scanners: "vuln"
severity: "CRITICAL,HIGH"
skip-setup-trivy: true
- name: Upload Trivy scan results
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: github/codeql-action/upload-sarif@v3
with:
category: "openc3-traefik"
sarif_file: "trivy-traefik.sarif"
- name: Run Trivy in GitHub SBOM mode and submit results to Dependency Snapshots
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
uses: aquasecurity/trivy-action@master
with:
scan-type: "fs"
format: "github"
exit-code: 1
output: "dependency-results.sbom.json"
image-ref: "."
github-pat: ${{ secrets.GITHUB_TOKEN }}
Expand Down
2 changes: 1 addition & 1 deletion openc3-cosmos-init/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ ARG OPENC3_NAMESPACE=openc3inc
ARG OPENC3_TAG=latest
ARG OPENC3_NODE_IMAGE=openc3-node
ARG OPENC3_BASE_IMAGE=openc3-base
ARG OPENC3_MC_RELEASE=RELEASE.2024-04-29T09-56-05Z
ARG OPENC3_MC_RELEASE=RELEASE.2024-11-21T17-21-54Z

FROM ${OPENC3_DEPENDENCY_REGISTRY}/minio/mc:${OPENC3_MC_RELEASE} AS minio-mc
FROM ${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/${OPENC3_NODE_IMAGE}:${OPENC3_TAG} AS openc3-frontend-tmp
Expand Down
2 changes: 1 addition & 1 deletion openc3-minio/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
ARG OPENC3_DEPENDENCY_REGISTRY=docker.io
ARG OPENC3_MINIO_RELEASE=RELEASE.2024-06-22T05-26-45Z
ARG OPENC3_MINIO_RELEASE=RELEASE.2024-12-18T13-15-44Z
FROM ${OPENC3_DEPENDENCY_REGISTRY}/minio/minio:${OPENC3_MINIO_RELEASE}

COPY cacert.pem /devel/cacert.pem
Expand Down

0 comments on commit b25adc7

Please sign in to comment.