HTTPS support for higher environments (#22)

* Initial install of nginx * Specify nginx version to install * Change nginx.conf COPY * Add nginx-common * Move nginx copy command to after installation * Update SSL certificate locations, add ufw * Add iptables * Fix build pipeline for first-run images * Only build one platform as part of the build CI * Move ufw to tna-run * Revert "Move ufw to tna-run" This reverts commit 23b95f8. * Update CI step names * Change nginx.conf location * Add timeouts and names * Update nginx.conf * Update linting rules, test nginx config * Disable http2 * Update permissions of key.pem * Disable pid * Remove nginx config * Fix small issues * Allow SSL file locations to be changed * Update CHANGELOG.md * Update CHANGELOG.md * Don't chmod the SSL files * Update curl and libcurl * Change default nvm in dev * Don't check key permissions * Add ALLOW_INSECURE env var
nationalarchives · Nov 11, 2024 · 48f7a7e · 48f7a7e
1 parent a660cb1
commit 48f7a7e
Show file tree

Hide file tree

Showing 13 changed files with 222 additions and 129 deletions.
diff --git a/.github/actions/lint/action.yml b/.github/actions/lint/action.yml
@@ -14,7 +14,8 @@ runs:
     - uses: hadolint/[email protected]
       with:
         dockerfile: ${{ inputs.dockerfile-location }}/Dockerfile
-        ignore: SC1091,${{ inputs.ignore-linting-rules }}
+        ignore: ${{ inputs.ignore-linting-rules }}
+
     - name: ShellCheck
       run: |
         cd ${{ inputs.dockerfile-location }}

diff --git a/.github/actions/push/action.yml b/.github/actions/push/action.yml
@@ -1,4 +1,4 @@
-name: Push Docker image
+name: Build and push Docker images
 
 inputs:
   image-id:
@@ -36,10 +36,13 @@ runs:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ inputs.github-token }}
+
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v3
+
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
+
     - name: Build and push image
       uses: docker/build-push-action@v6
       with:
@@ -56,9 +59,11 @@ runs:
         push: true
         tags: ${{ inputs.image-id }}:${{ inputs.image-tag }}
         provenance: false
+
     - name: List manifest
       run: docker buildx imagetools inspect ${{ inputs.image-id }}:${{ inputs.image-tag }}
       shell: bash
+
     - name: Build and push versioned and latest image tags
       if: startsWith(github.ref, 'refs/tags/')
       uses: docker/build-push-action@v6

diff --git a/.github/actions/scan/action.yml b/.github/actions/scan/action.yml
@@ -18,6 +18,7 @@ runs:
         format: "sarif"
         output: "trivy-results.sarif"
         ignore-unfixed: true
+
     - name: Upload Trivy scan results to GitHub Security tab
       uses: github/codeql-action/upload-sarif@v3
       with:

diff --git a/.github/actions/build/action.yml → .github/actions/test-build/action.yml b/.github/actions/build/action.yml → .github/actions/test-build/action.yml
@@ -1,4 +1,4 @@
-name: Build Docker images
+name: Test Docker image build
 
 inputs:
   image-name:
@@ -15,17 +15,6 @@ inputs:
     type: string
     default: app
 
-outputs:
-  image-id:
-    value: ${{ steps.generate-tags.outputs.image-id }}
-  tag:
-    description: "The generated tag"
-    value: ${{ steps.generate-tags.outputs.tag }}
-  major-version:
-    value: ${{ steps.generate-tags.outputs.major-version }}
-  minor-version:
-    value: ${{ steps.generate-tags.outputs.minor-version }}
-
 runs:
   using: "composite"
   steps:
@@ -48,15 +37,11 @@ runs:
         echo "major-version=$MAJOR_VERSION" >> "$GITHUB_OUTPUT"
         echo "minor-version=$MINOR_VERSION" >> "$GITHUB_OUTPUT"
       shell: bash
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+
     - name: Build images
       uses: docker/build-push-action@v6
       with:
         context: ${{ inputs.dockerfile-location }}
-        platforms: linux/amd64,linux/arm64
         labels: |
           runnumber=${{ github.run_id }}
         build-args: |
@@ -66,8 +51,17 @@ runs:
           TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url	}}/${{ github.repository }}/blob/main/${{ inputs.dockerfile-location }}/Dockerfile
           USER_IMAGE=${{ inputs.user-image }}
         push: false
+        load: true
         tags: ${{ steps.generate-tags.outputs.image-id }}:${{ steps.generate-tags.outputs.tag }}
         provenance: false
-    - name: List manifest
-      run: docker buildx imagetools inspect ${{ steps.generate-tags.outputs.image-id }}:${{ steps.generate-tags.outputs.tag }}
-      shell: bash
+
+outputs:
+  image-id:
+    value: ${{ steps.generate-tags.outputs.image-id }}
+  tag:
+    description: "The generated tag"
+    value: ${{ steps.generate-tags.outputs.tag }}
+  major-version:
+    value: ${{ steps.generate-tags.outputs.major-version }}
+  minor-version:
+    value: ${{ steps.generate-tags.outputs.minor-version }}
diff --git a/.github/actions/test/action.yml → .github/actions/test-container/action.yml b/.github/actions/test/action.yml → .github/actions/test-container/action.yml
@@ -1,4 +1,4 @@
-name: Test the Docker image user
+name: Test Docker image
 
 inputs:
   application-repository:
@@ -25,6 +25,7 @@ runs:
       with:
         repository: ${{ inputs.application-repository }}
         path: ${{ inputs.application-repository }}
+
     - name: Start application
       run: |
         cd ${{ inputs.application-repository }}
@@ -35,9 +36,11 @@ runs:
         echo "PORT=$PORT" >> "$GITHUB_ENV"
         docker compose up ${{ inputs.service }} -d
       shell: bash
+
     - name: Check healthcheck endpoint
       run: for c in {1..30}; do sleep 1 && curl -s -w '%{http_code}' -o /dev/null http://localhost:${{ env.PORT }}/healthcheck/live/ | grep -o "200" && break; done
       shell: bash
+
     - name: Check user
       run: |
         cd ${{ inputs.application-repository }}