Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

.gitea/workflows/delpoy.yml aktualisiert
Deploy / security_scan (push) Failing after 10s
Details
Deploy / code_scan (push) Successful in 20s
Details
Deploy / deploy (push) Has been skipped
Details

Browse Source
This commit is contained in:
janis
2026-05-20 17:56:25 +00:00
parent 31e480d3de
commit 8766e534df
1 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/delpoy.yml
+22 -22
View File
@@ -5,17 +5,30 @@ on:
branches: branches:
- main - main
env:
GIT_HOST: git.jakach.ch
GIT_REPO: jakach/jakach-login
GIT_BRANCH: main
APP_NAME: auth
APP_DOMAIN: auth.jakach.ch
APP_PORT: 447
SECURITY_SCAN_ENABLED: ${{ vars.SECURITY_SCAN_ENABLED }}
CODE_SCAN_ENABLED: ${{ vars.CODE_SCAN_ENABLED }}
TRIVY_SEVERITY: HIGH,CRITICAL
TRIVY_IMAGE_SCANNERS: vuln
TRIVY_VEX: repo
TRIVY_FS_SCANNERS: vuln,misconfig,secret
SEMGREP_CONFIG: p/default
jobs: jobs:
security_scan: security_scan:
runs-on: ubuntu-latest runs-on: ubuntu-latest
env: env:
GIT_REPO: jakach/jakach-login
GIT_BRANCH: main
GIT_USER: ${{ vars.GIT_USER }} GIT_USER: ${{ vars.GIT_USER }}
GIT_TOKEN: ${{ secrets.GIT_TOKEN }} GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
SECURITY_SCAN_ENABLED: ${{ vars.SECURITY_SCAN_ENABLED }}
TRIVY_SEVERITY: HIGH,CRITICAL
steps: steps:
- name: Scan Docker images for vulnerabilities - name: Scan Docker images for vulnerabilities
@@ -53,7 +66,6 @@ jobs:
export PATH="$HOME/.local/bin:$PATH" export PATH="$HOME/.local/bin:$PATH"
fi fi
GIT_HOST="${GIT_HOST:-git.jakach.ch}"
REPO_URL="https://${GIT_USER}:${GIT_TOKEN}@${GIT_HOST}/${GIT_REPO}" REPO_URL="https://${GIT_USER}:${GIT_TOKEN}@${GIT_HOST}/${GIT_REPO}"
git clone \ git clone \
@@ -127,6 +139,8 @@ jobs:
if ! trivy \ if ! trivy \
image \ image \
--scanners "${TRIVY_IMAGE_SCANNERS}" \
--vex "${TRIVY_VEX}" \
--exit-code 1 \ --exit-code 1 \
--severity "${TRIVY_SEVERITY}" \ --severity "${TRIVY_SEVERITY}" \
--ignore-unfixed \ --ignore-unfixed \
@@ -148,11 +162,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
env: env:
GIT_REPO: jakach/jakach-login
GIT_BRANCH: main
GIT_USER: ${{ vars.GIT_USER }} GIT_USER: ${{ vars.GIT_USER }}
GIT_TOKEN: ${{ secrets.GIT_TOKEN }} GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
CODE_SCAN_ENABLED: ${{ vars.CODE_SCAN_ENABLED }}
steps: steps:
- name: Scan source code - name: Scan source code
@@ -197,7 +208,6 @@ jobs:
export PATH="$HOME/.local/bin:$PATH" export PATH="$HOME/.local/bin:$PATH"
fi fi
GIT_HOST="${GIT_HOST:-git.jakach.ch}"
REPO_URL="https://${GIT_USER}:${GIT_TOKEN}@${GIT_HOST}/${GIT_REPO}" REPO_URL="https://${GIT_USER}:${GIT_TOKEN}@${GIT_HOST}/${GIT_REPO}"
git clone \ git clone \
@@ -208,14 +218,14 @@ jobs:
cd source cd source
semgrep scan \ semgrep scan \
--config p/default \ --config "${SEMGREP_CONFIG}" \
--error \ --error \
--metrics=off --metrics=off
trivy fs \ trivy fs \
--scanners vuln,misconfig,secret \ --scanners "${TRIVY_FS_SCANNERS}" \
--exit-code 1 \ --exit-code 1 \
--severity HIGH,CRITICAL \ --severity "${TRIVY_SEVERITY}" \
--ignore-unfixed \ --ignore-unfixed \
--no-progress \ --no-progress \
. .
@@ -226,14 +236,6 @@ jobs:
- security_scan - security_scan
- code_scan - code_scan
env:
GIT_REPO: jakach/jakach-login
GIT_BRANCH: main
APP_NAME: template
APP_DOMAIN: auth.jakach.ch
APP_PORT: 447
steps: steps:
- name: Install dependencies - name: Install dependencies
run: | run: |
@@ -273,8 +275,6 @@ jobs:
: "${GIT_USER:?GIT_USER is required}" : "${GIT_USER:?GIT_USER is required}"
: "${GIT_TOKEN:?GIT_TOKEN is required}" : "${GIT_TOKEN:?GIT_TOKEN is required}"
GIT_HOST="${GIT_HOST:-git.jakach.ch}"
REPO_NAME="$(basename "$GIT_REPO")" REPO_NAME="$(basename "$GIT_REPO")"
APP_DIR="/srv/systems/${REPO_NAME}" APP_DIR="/srv/systems/${REPO_NAME}"