Skip to content

Commit

Permalink
📌 07/10/24 Patching (#147)
Browse files Browse the repository at this point in the history
Signed-off-by: Jacob Woffenden <[email protected]>
  • Loading branch information
Jacob Woffenden authored Oct 7, 2024
1 parent 1a85fa4 commit fe96c91
Show file tree
Hide file tree
Showing 6 changed files with 25 additions and 5 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/devcontainer-lock.json
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@
"integrity": "sha256:e81d52725655c8ffb861605feac7ad155b447d51af65f6c3a03cab32d59f1e16"
}
}
}
}
3 changes: 3 additions & 0 deletions .github/workflows/scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@ jobs:
- name: Scan
id: scan
uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
with:
image-ref: ghcr.io/${{ github.repository }}:${{ github.sha }}
severity: HIGH,CRITICAL
Expand Down
3 changes: 3 additions & 0 deletions .trivyignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# Ubuntu
CVE-2024-43882

# Python
## setuptools
CVE-2024-6345 # TODO: @jacobwoffenden - Figure out where this comes from and patch it
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
FROM ghcr.io/ministryofjustice/analytical-platform-cloud-development-environment-base@sha256:cd9fdb57437707322896c33655c02e6ae10e114615b206713c899281cdb71153
FROM ghcr.io/ministryofjustice/analytical-platform-cloud-development-environment-base@sha256:9ef99705307856126bef61285965f0c5aed6f4525bb69586ac1fad23a7728827

LABEL org.opencontainers.image.vendor="Ministry of Justice" \
org.opencontainers.image.authors="Analytical Platform ([email protected])" \
org.opencontainers.image.title="Visual Studio Code" \
org.opencontainers.image.description="Visual Studio Code image for Analytical Platform" \
org.opencontainers.image.url="https://github.com/ministryofjustice/analytical-platform-visual-studio-code"

ENV VISUAL_STUDIO_CODE_VERSION="1.93.1-1726079302"
ENV VISUAL_STUDIO_CODE_VERSION="1.94.0-1727878498"

SHELL ["/bin/bash", "-e", "-u", "-o", "pipefail", "-c"]

Expand Down
8 changes: 7 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,14 +1,20 @@
.PHONY: test build run
.PHONY: build scan test run

IMAGE_NAME ?= ghcr.io/ministryofjustice/analytical-platform-visual-studio-code
IMAGE_TAG ?= local

TRIVY_DB_REPOSITORY ?= public.ecr.aws/aquasecurity/trivy-db:2
TRIVY_JAVA_DB_REPOSITORY ?= public.ecr.aws/aquasecurity/trivy-java-db:1

run: build
docker run --rm -it --publish 8080:8080 $(IMAGE_NAME):$(IMAGE_TAG)

test: build
container-structure-test test --platform linux/amd64 --config test/container-structure-test.yml --image $(IMAGE_NAME):$(IMAGE_TAG)

scan: build
trivy image --platform linux/amd64 --severity HIGH,CRITICAL $(IMAGE_NAME):$(IMAGE_TAG)

build:
@ARCH=`uname --machine`; \
case $$ARCH in \
Expand Down
10 changes: 9 additions & 1 deletion test/container-structure-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,17 @@ commandTests:
- name: "code"
command: "code"
args: ["--version"]
expectedOutput: ["1.93.1"]
expectedOutput: ["1.94.0"]

fileExistenceTests:
- name: "/opt/analytical-platform/first-run-notice.txt"
path: "/opt/analytical-platform/first-run-notice.txt"
shouldExist: true

- name: "/usr/local/bin/entrypoint.sh"
path: "/usr/local/bin/entrypoint.sh"
shouldExist: true

- name: "/usr/local/bin/healthcheck.sh"
path: "/usr/local/bin/healthcheck.sh"
shouldExist: true

0 comments on commit fe96c91

Please sign in to comment.