From b18cde9dd7e77a0356ad5ed30147ae7dbf8fe750 Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Thu, 6 Jun 2024 17:01:14 -0400 Subject: [PATCH 1/2] [CONFIG] Docker Alpine-based images updated to Alpine 3.20 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f0b0c59..c799588 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ RUN apk add --update --no-cache make WORKDIR /app ############################################################################### -FROM node:22.2.0-alpine3.19 AS lint +FROM node:20.14.0-alpine3.20 AS lint ENV WORKDIR=/app WORKDIR ${WORKDIR} From 83c8ab265b62a20e96725ccb88032f52f896b40b Mon Sep 17 00:00:00 2001 From: Gonzalo Diaz Date: Thu, 6 Jun 2024 18:54:47 -0400 Subject: [PATCH 2/2] [CONFIG] Github Actions: Snyk added to Docker build. --- .github/workflows/docker-image.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 5b83ff6..be0ef27 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -25,3 +25,20 @@ jobs: - name: Tag Docker image run: docker tag algorithm-exercises-java:latest algorithm-exercises-java:${{ github.sha }} + - name: Run Snyk to check Docker image for vulnerabilities + # Snyk can be used to break the build when it detects vulnerabilities. + # In this case we want to upload the issues to GitHub Code Scanning + continue-on-error: true + uses: snyk/actions/docker@master + env: + # In order to use the Snyk Action you will need to have a Snyk API token. + # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token + # or you can sign up for free at https://snyk.io/login + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + image: algorithm-exercises-java:latest + args: --file=Dockerfile + # - name: Upload result to GitHub Code Scanning + # uses: github/codeql-action/upload-sarif@v2 + # with: + # sarif_file: snyk.sarif