From a95e4a1b00c4f1ff9596d4e9b7909c5a9c570412 Mon Sep 17 00:00:00 2001 From: Alex Braz Date: Mon, 28 Oct 2024 11:48:03 -0300 Subject: [PATCH] adjusting findings --- .github/workflows/build.yml | 4 ++-- .github/workflows/deploy_MainNet_UI.yml | 2 +- .github/workflows/deploy_TestNet_UI.yml | 2 +- .github/workflows/deploy_staging_MainNet_UI.yml | 2 +- .github/workflows/deploy_staging_TestNet_UI.yml | 2 +- Dockerfile | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e2c7bfd85..a01fbfcfc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,7 +16,7 @@ jobs: fetch-depth: 0 - name: Setup NodeJS - uses: actions/setup-node@v3 + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 with: node-version-file: '.nvmrc' cache: 'npm' @@ -28,7 +28,7 @@ jobs: npm run lint npm run test:unit - name: Code Coverage Report - uses: SonarSource/sonarcloud-github-action@master + uses: SonarSource/sonarcloud-github-action@9f9bba2c7aaf7a55eac26abbac906c3021d211b2 # master env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} diff --git a/.github/workflows/deploy_MainNet_UI.yml b/.github/workflows/deploy_MainNet_UI.yml index 25e78801c..4c337568b 100644 --- a/.github/workflows/deploy_MainNet_UI.yml +++ b/.github/workflows/deploy_MainNet_UI.yml @@ -58,7 +58,7 @@ jobs: npm run-script build - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: ${{ secrets.MAINNET_ROLE_ARN }} aws-region: us-east-1 diff --git a/.github/workflows/deploy_TestNet_UI.yml b/.github/workflows/deploy_TestNet_UI.yml index 8305672ba..4186d6285 100644 --- a/.github/workflows/deploy_TestNet_UI.yml +++ b/.github/workflows/deploy_TestNet_UI.yml @@ -58,7 +58,7 @@ jobs: npm run-script build - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: ${{ secrets.TESTNET_ROLE_ARN }} aws-region: us-east-1 diff --git a/.github/workflows/deploy_staging_MainNet_UI.yml b/.github/workflows/deploy_staging_MainNet_UI.yml index c227e72d4..c041c2b52 100644 --- a/.github/workflows/deploy_staging_MainNet_UI.yml +++ b/.github/workflows/deploy_staging_MainNet_UI.yml @@ -58,7 +58,7 @@ jobs: npm run-script build - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: ${{ secrets.STAGING_MAINNET_ROLE_ARN }} aws-region: us-east-1 diff --git a/.github/workflows/deploy_staging_TestNet_UI.yml b/.github/workflows/deploy_staging_TestNet_UI.yml index 260dc1568..e5e630970 100644 --- a/.github/workflows/deploy_staging_TestNet_UI.yml +++ b/.github/workflows/deploy_staging_TestNet_UI.yml @@ -58,7 +58,7 @@ jobs: npm run-script build - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: ${{ secrets.STAGING_TESTNET_ROLE_ARN }} aws-region: us-east-1 diff --git a/Dockerfile b/Dockerfile index 4b41aa2b6..fe40c7634 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,11 @@ -FROM node:latest as build-stage +FROM node@sha256:840dad0077213cadd2d734d542ae11cd0f648200be29504eb1b6e2c995d2b75a as build-stage WORKDIR /app COPY package*.json ./ RUN npm ci COPY ./ . RUN npm run build -FROM nginx as production-stage +FROM nginx@sha256:28402db69fec7c17e179ea87882667f1e054391138f77ffaf0c3eb388efc3ffb as production-stage RUN mkdir /app COPY --from=build-stage /app/dist /app COPY nginx.crt /etc/ssl/