From c0e43b92a869e2bbc7828d7b282bd4c15ff7a291 Mon Sep 17 00:00:00 2001 From: Maaike Date: Fri, 1 Nov 2024 17:09:28 +0100 Subject: [PATCH 01/10] add trivvy.yml and add fix --- .github/workflows/trivvy.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/trivvy.yml diff --git a/.github/workflows/trivvy.yml b/.github/workflows/trivvy.yml new file mode 100644 index 0000000..16eae55 --- /dev/null +++ b/.github/workflows/trivvy.yml @@ -0,0 +1,24 @@ +name: Run Trivy vulnerability scanner + + +on: [ push ] + +jobs: + main: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Build wis2box-api + run: | + docker build -t wis2box-management:test wis2box-api + - name: Run Trivy vulnerability scanner on wis2box-api + if: always() + uses: aquasecurity/trivy-action@0.20.0 + with: + image-ref: 'wis2box-api:test' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' \ No newline at end of file From 3688cbc8cb33b6fc7a89355b5c065562726206bb Mon Sep 17 00:00:00 2001 From: Maaike Date: Fri, 1 Nov 2024 17:09:51 +0100 Subject: [PATCH 02/10] fix --- .github/workflows/trivvy.yml | 2 +- Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/trivvy.yml b/.github/workflows/trivvy.yml index 16eae55..9d8bbb8 100644 --- a/.github/workflows/trivvy.yml +++ b/.github/workflows/trivvy.yml @@ -11,7 +11,7 @@ jobs: uses: actions/checkout@v2 - name: Build wis2box-api run: | - docker build -t wis2box-management:test wis2box-api + docker build -t wis2box-api:test wis2box-api - name: Run Trivy vulnerability scanner on wis2box-api if: always() uses: aquasecurity/trivy-action@0.20.0 diff --git a/Dockerfile b/Dockerfile index 8065050..eeb5680 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ # under the License. # ############################################################################### -FROM wmoim/dim_eccodes_baseimage:jammy-2.36.0 +FROM wmoim/dim_eccodes_baseimage:jammy-2.36.0-fix ENV PYGEOAPI_CONFIG=/data/wis2box/config/pygeoapi/local.config.yml ENV PYGEOAPI_OPENAPI=/data/wis2box/config/pygeoapi/local.openapi.yml From 33e158c0a8d0bcf7157a9c5434a9cebcbaca5a19 Mon Sep 17 00:00:00 2001 From: Maaike Date: Fri, 1 Nov 2024 17:12:35 +0100 Subject: [PATCH 03/10] fix build --- .github/workflows/trivvy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trivvy.yml b/.github/workflows/trivvy.yml index 9d8bbb8..7e5fa99 100644 --- a/.github/workflows/trivvy.yml +++ b/.github/workflows/trivvy.yml @@ -11,7 +11,7 @@ jobs: uses: actions/checkout@v2 - name: Build wis2box-api run: | - docker build -t wis2box-api:test wis2box-api + docker build -t wis2box-api:test . - name: Run Trivy vulnerability scanner on wis2box-api if: always() uses: aquasecurity/trivy-action@0.20.0 From 85be61f19fef872d6afd1f85667da666f69f0b5f Mon Sep 17 00:00:00 2001 From: Tom Kralidis Date: Sat, 2 Nov 2024 08:48:41 -0400 Subject: [PATCH 04/10] Rename trivvy.yml to trivy.yml --- .github/workflows/{trivvy.yml => trivy.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{trivvy.yml => trivy.yml} (93%) diff --git a/.github/workflows/trivvy.yml b/.github/workflows/trivy.yml similarity index 93% rename from .github/workflows/trivvy.yml rename to .github/workflows/trivy.yml index 7e5fa99..0fdaca3 100644 --- a/.github/workflows/trivvy.yml +++ b/.github/workflows/trivy.yml @@ -21,4 +21,4 @@ jobs: exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' \ No newline at end of file + severity: 'CRITICAL,HIGH' From 01ab9af33cea1319549aa653d1fdb2654c25a798 Mon Sep 17 00:00:00 2001 From: Maaike Date: Sun, 3 Nov 2024 16:12:13 +0100 Subject: [PATCH 05/10] use original image --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index eeb5680..8065050 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ # under the License. # ############################################################################### -FROM wmoim/dim_eccodes_baseimage:jammy-2.36.0-fix +FROM wmoim/dim_eccodes_baseimage:jammy-2.36.0 ENV PYGEOAPI_CONFIG=/data/wis2box/config/pygeoapi/local.config.yml ENV PYGEOAPI_OPENAPI=/data/wis2box/config/pygeoapi/local.openapi.yml From 48660cee837485164768a25602d60326f817f9a6 Mon Sep 17 00:00:00 2001 From: Maaike Date: Mon, 4 Nov 2024 14:18:57 +0100 Subject: [PATCH 06/10] add alternative DB repo to avoid TOOMANYREQUESTS from ghcr.io --- .github/workflows/trivy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 0fdaca3..6b4deae 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -15,6 +15,8 @@ jobs: - name: Run Trivy vulnerability scanner on wis2box-api if: always() uses: aquasecurity/trivy-action@0.20.0 + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 with: image-ref: 'wis2box-api:test' format: 'table' From 5f32b3d02be1eb5fc95e387b1cd27a6e67a145d1 Mon Sep 17 00:00:00 2001 From: Maaike Date: Tue, 5 Nov 2024 10:45:06 +0100 Subject: [PATCH 07/10] alt java db repo source --- .github/workflows/trivy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 6b4deae..b99db92 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -17,6 +17,7 @@ jobs: uses: aquasecurity/trivy-action@0.20.0 env: TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 + TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1 with: image-ref: 'wis2box-api:test' format: 'table' From 95c6ca213427218d1c21e09cf6eb5dd4c4b73fa8 Mon Sep 17 00:00:00 2001 From: Maaike Date: Fri, 8 Nov 2024 11:50:04 +0100 Subject: [PATCH 08/10] additional sleep plus curl to figure out issue with test --- .github/workflows/wis2box_test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/wis2box_test.yml b/.github/workflows/wis2box_test.yml index 8e55613..4a538d2 100644 --- a/.github/workflows/wis2box_test.yml +++ b/.github/workflows/wis2box_test.yml @@ -41,7 +41,8 @@ jobs: docker exec -t wis2box-api-test-wis2box-management wis2box metadata station publish-collection -p /data/wis2box/metadata/station/station_list.csv -th origin/a/wis2/synop-test/data/core/weather/surface-based-observations/synop docker exec -t wis2box-api-test-wis2box-management wis2box metadata station publish-collection -p /data/wis2box/metadata/station/station_list.csv -th origin/a/wis2/csv-test/data/core/weather/surface-based-observations/synop docker exec -t wis2box-api-test-wis2box-management wis2box metadata station publish-collection -p /data/wis2box/metadata/station/station_list.csv -th origin/a/wis2/bufr-test/data/core/weather/surface-based-observations/synop - + sleep 5 + curl http://localhost:4343/oapi/collections/stations/items - name: Check status code API working-directory: docker_compose_test run: | From 9b171ce049c79b9588eae40ae63bb160def89670 Mon Sep 17 00:00:00 2001 From: Maaike Date: Fri, 8 Nov 2024 12:11:02 +0100 Subject: [PATCH 09/10] test with add-topic command --- .github/workflows/wis2box_test.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/wis2box_test.yml b/.github/workflows/wis2box_test.yml index 4a538d2..559e3dc 100644 --- a/.github/workflows/wis2box_test.yml +++ b/.github/workflows/wis2box_test.yml @@ -39,9 +39,8 @@ jobs: working-directory: docker_compose_test run: | docker exec -t wis2box-api-test-wis2box-management wis2box metadata station publish-collection -p /data/wis2box/metadata/station/station_list.csv -th origin/a/wis2/synop-test/data/core/weather/surface-based-observations/synop - docker exec -t wis2box-api-test-wis2box-management wis2box metadata station publish-collection -p /data/wis2box/metadata/station/station_list.csv -th origin/a/wis2/csv-test/data/core/weather/surface-based-observations/synop - docker exec -t wis2box-api-test-wis2box-management wis2box metadata station publish-collection -p /data/wis2box/metadata/station/station_list.csv -th origin/a/wis2/bufr-test/data/core/weather/surface-based-observations/synop - sleep 5 + docker exec -t wis2box-api-test-wis2box-management wis2box metadata station add-topic --wsi 0-20000-0-15015 origin/a/wis2/csv-test/data/core/weather/surface-based-observations/synop + docker exec -t wis2box-api-test-wis2box-management wis2box metadata station add-topic --wsi 0-20000-0-16344 origin/a/wis2/bufr-test/data/core/weather/surface-based-observations/synop curl http://localhost:4343/oapi/collections/stations/items - name: Check status code API working-directory: docker_compose_test From 99e92d5b1513d70a2d81b965547e6da45eccc4cd Mon Sep 17 00:00:00 2001 From: Maaike Date: Fri, 8 Nov 2024 12:34:25 +0100 Subject: [PATCH 10/10] Update wis2box_test.yml --- .github/workflows/wis2box_test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/wis2box_test.yml b/.github/workflows/wis2box_test.yml index 559e3dc..e32d3f2 100644 --- a/.github/workflows/wis2box_test.yml +++ b/.github/workflows/wis2box_test.yml @@ -41,7 +41,6 @@ jobs: docker exec -t wis2box-api-test-wis2box-management wis2box metadata station publish-collection -p /data/wis2box/metadata/station/station_list.csv -th origin/a/wis2/synop-test/data/core/weather/surface-based-observations/synop docker exec -t wis2box-api-test-wis2box-management wis2box metadata station add-topic --wsi 0-20000-0-15015 origin/a/wis2/csv-test/data/core/weather/surface-based-observations/synop docker exec -t wis2box-api-test-wis2box-management wis2box metadata station add-topic --wsi 0-20000-0-16344 origin/a/wis2/bufr-test/data/core/weather/surface-based-observations/synop - curl http://localhost:4343/oapi/collections/stations/items - name: Check status code API working-directory: docker_compose_test run: |