From bbd5b413ab7b72cf956507fc49ed8fa876ad5098 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 12 May 2025 08:14:51 +0000 Subject: [PATCH 1/6] fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN12-EXPAT-7855502 - https://snyk.io/vuln/SNYK-DEBIAN12-EXPAT-7855503 - https://snyk.io/vuln/SNYK-DEBIAN12-EXPAT-7855507 - https://snyk.io/vuln/SNYK-DEBIAN12-SQLITE3-6139924 - https://snyk.io/vuln/SNYK-DEBIAN12-LIBTASN16-8689970 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 102339e..21efb68 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.13.0b4-slim +FROM python:3.13.2-slim WORKDIR /app COPY app/ . RUN pip install -r requirements.txt From 8e884fbd7f47a1142a3b83d480eebaa6a045739c Mon Sep 17 00:00:00 2001 From: Maciej Michalski <5445923+spy86@users.noreply.github.com> Date: Wed, 21 May 2025 19:11:09 +0200 Subject: [PATCH 2/6] Delete .github/workflows directory --- .../docker-image-build-pull-request.yml | 11 ----- .github/workflows/docker-publish.yml | 41 ------------------- 2 files changed, 52 deletions(-) delete mode 100644 .github/workflows/docker-image-build-pull-request.yml delete mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/workflows/docker-image-build-pull-request.yml b/.github/workflows/docker-image-build-pull-request.yml deleted file mode 100644 index 12b6508..0000000 --- a/.github/workflows/docker-image-build-pull-request.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Build Docker Image on Pull Request -on: - pull_request: - branches: [ "main" ] -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Build the Docker image - run: docker build . --file Dockerfile --tag ghcr.io/think-cube/dockerh2t:latest diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml deleted file mode 100644 index 8961cea..0000000 --- a/.github/workflows/docker-publish.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: Docker -on: - push: - tags: [ 'v*.*.*' ] -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} -jobs: - build: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - id-token: write - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max From 68ea46b1ae218b921e657177d2d3d3bb28f3175a Mon Sep 17 00:00:00 2001 From: Maciej Michalski <5445923+spy86@users.noreply.github.com> Date: Wed, 21 May 2025 19:14:29 +0200 Subject: [PATCH 3/6] Delete LICENSE --- LICENSE | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 LICENSE diff --git a/LICENSE b/LICENSE deleted file mode 100644 index b6afbd7..0000000 --- a/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2019 Maciej Michalski - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. From ad12214dc0295c12f8f36aa19951810a51759064 Mon Sep 17 00:00:00 2001 From: Maciej Michalski <5445923+spy86@users.noreply.github.com> Date: Wed, 21 May 2025 19:14:47 +0200 Subject: [PATCH 4/6] Create LICENSE --- LICENSE | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..ab908cf --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025 ThinkCube + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. From ad75bf003d02a6b4077d02d2df172357198058e6 Mon Sep 17 00:00:00 2001 From: Maciej Michalski <5445923+spy86@users.noreply.github.com> Date: Wed, 21 May 2025 19:16:08 +0200 Subject: [PATCH 5/6] Create azure-pipelines-pr.yaml --- pipelines/azure-pipelines-pr.yaml | 1 + 1 file changed, 1 insertion(+) create mode 100644 pipelines/azure-pipelines-pr.yaml diff --git a/pipelines/azure-pipelines-pr.yaml b/pipelines/azure-pipelines-pr.yaml new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/pipelines/azure-pipelines-pr.yaml @@ -0,0 +1 @@ + From 3d0fdce477c4a7fd6f9a52575535da95e9b94e06 Mon Sep 17 00:00:00 2001 From: Maciej Michalski <5445923+spy86@users.noreply.github.com> Date: Wed, 21 May 2025 19:19:12 +0200 Subject: [PATCH 6/6] Update and rename azure-pipelines-pr.yaml to azure-pipelines.yaml --- pipelines/azure-pipelines-pr.yaml | 1 - pipelines/azure-pipelines.yaml | 74 +++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 1 deletion(-) delete mode 100644 pipelines/azure-pipelines-pr.yaml create mode 100644 pipelines/azure-pipelines.yaml diff --git a/pipelines/azure-pipelines-pr.yaml b/pipelines/azure-pipelines-pr.yaml deleted file mode 100644 index 8b13789..0000000 --- a/pipelines/azure-pipelines-pr.yaml +++ /dev/null @@ -1 +0,0 @@ - diff --git a/pipelines/azure-pipelines.yaml b/pipelines/azure-pipelines.yaml new file mode 100644 index 0000000..824eae8 --- /dev/null +++ b/pipelines/azure-pipelines.yaml @@ -0,0 +1,74 @@ + +name: $(date:yyyyMMdd)-$(rev:.r) + +parameters: +- name: publish_docker + displayName: 'Publish Docker Container ???' + type: string + default: 'false' + values: + - true + - false + +trigger: + branches: + include: + - refs/heads/master + - refs/heads/main + +resources: + repositories: + - repository: self + +variables: + - group: GITHUB-PAT-TOKEN + - name: PUBLISH_DOCKER + value: ${{parameters.publish_docker}} + - name: VM_IMAGE + value: ubuntu-latest + - name: IMAGE_NAME + value: "think-cube/dockerh2t" + +pool: + vmImage: $(VM_IMAGE) + +stages: +- stage: TestBuild + condition: eq('${{parameters.publish_docker}}', 'false') + displayName: "Build Docker Image" + jobs: + - job: Build + steps: + - script: echo "##vso[task.setvariable variable=IMAGE_TAG]$(date +%Y%m%d)" + displayName: "Set IMAGE_TAG variable" + + - task: Docker@2 + inputs: + repository: '$(IMAGE_NAME)' + command: 'build' + Dockerfile: 'docker/Dockerfile' + tags: '$(IMAGE_TAG)' + +- stage: BuildAndPush + condition: eq('${{parameters.publish_docker}}', 'true') + displayName: "Push Docker Image" + jobs: + - job: Push + steps: + - checkout: self + - script: echo "##vso[task.setvariable variable=IMAGE_TAG]$(date +%Y%m%d)" + displayName: "Set IMAGE_TAG variable" + - task: Docker@2 + inputs: + command: 'login' + containerRegistry: 'ghcr.io' + username: '$(USERNAME)' + password: '$(TOKEN-FOR-GHCR)' + + - task: Docker@2 + inputs: + containerRegistry: 'ghcr.io' + repository: '$(IMAGE_NAME)' + command: 'buildAndPush' + Dockerfile: 'docker/Dockerfile' + tags: '$(IMAGE_TAG)'