From 81314f755e0f748cb7e26cedcb92f68e5e28419e Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Fri, 23 Aug 2024 12:00:28 -0300 Subject: [PATCH 1/3] deploy multiples version --- .github/workflows/deploy-image.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-image.yml b/.github/workflows/deploy-image.yml index 6c6c2f3..5f717e3 100644 --- a/.github/workflows/deploy-image.yml +++ b/.github/workflows/deploy-image.yml @@ -16,16 +16,20 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Build Docker image + id: build run: | - docker build --file Dockerfile --tag ${{ github.repository }}:latest . - docker tag ${{ github.repository }}:latest docker.pkg.github.com/${{ github.repository }}/security-gate:latest + COMMIT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7) + docker build --file Dockerfile --tag ${{ github.repository }}:latest --tag ${{ github.repository }}:${COMMIT_SHA} . + echo "COMMIT_SHA=${COMMIT_SHA}" >> $GITHUB_ENV - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: - registry: docker.pkg.github.com + registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.LESIS_DEPLOY }} - name: Push Docker image to GitHub Container Registry - run: docker push docker.pkg.github.com/${{ github.repository }}/security-gate:latest \ No newline at end of file + run: | + docker push ghcr.io/${{ github.repository }}/security-gate:latest + docker push ghcr.io/${{ github.repository }}/security-gate:${{ env.COMMIT_SHA }} \ No newline at end of file From 9c74e64dd7f1189c2a6739ee36a8679a7bd51ff3 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Fri, 23 Aug 2024 12:00:57 -0300 Subject: [PATCH 2/3] fix instructions --- README.md | 13 ++++++++----- lib/SecurityGate/Utils/Helper.pm | 6 +++--- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index ae0dccd..0256acd 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,10 @@ jobs: --critical $MAX_CRITICAL \ --high $MAX_HIGH \ --medium $MAX_MEDIUM \ - --low $MAX_LOW + --low $MAX_LOW \ + --dependency-alerts \ + --code-alerts \ + --secret-alerts ``` --- @@ -89,9 +92,9 @@ Core Commands -h, --high High severity limit -m, --medium Medium severity limit -l, --low Low severity limit - --dependency-alerts Check for dependency alerts - --secret-alerts Check for secret scanning alerts - --code-alerts Check for code scanning alerts + --dependency-alerts Check dependency alerts + --secret-alerts Check secret scanning alerts + --code-alerts Check code scanning alerts ``` --- @@ -100,7 +103,7 @@ Core Commands ``` $ docker build -t security-gate . -$ docker run -ti --rm security-gate -t -r --critical 1 --high 2 --medium 3 --low 5 +$ docker run -ti --rm security-gate -t -r --critical 1 --high 2 --medium 3 --low 5 --dependency-alerts --code-alerts --secret-alerts ``` --- diff --git a/lib/SecurityGate/Utils/Helper.pm b/lib/SecurityGate/Utils/Helper.pm index 05920a0..db31acf 100644 --- a/lib/SecurityGate/Utils/Helper.pm +++ b/lib/SecurityGate/Utils/Helper.pm @@ -15,9 +15,9 @@ package SecurityGate::Utils::Helper { \r\t-h, --high High severity limit \r\t-m, --medium Medium severity limit \r\t-l, --low Low severity limit - \r\t--dependency-alerts Check for dependency alerts - \r\t--secret-alerts Check for secret scanning alerts - \r\t--code-alerts Check for code scanning alerts\n\n"; + \r\t--dependency-alerts Check dependency alerts + \r\t--secret-alerts Check secret scanning alerts + \r\t--code-alerts Check code scanning alerts\n\n"; } } From c60a5f3dd19f460417086a9d806461acdae5e148 Mon Sep 17 00:00:00 2001 From: htrgouvea Date: Fri, 23 Aug 2024 12:01:20 -0300 Subject: [PATCH 3/3] change branch master to main --- .github/workflows/docker-image.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 9a77bbd..81a07c3 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -2,9 +2,9 @@ name: Docker Image CI on: push: - branches: [ "master", "develop" ] + branches: [ "main", "develop" ] pull_request: - branches: [ "master", "develop" ] + branches: [ "main", "develop" ] jobs: