Add admin backend #4
2 changed files with 5 additions and 38 deletions
3
.github/workflows/deploy.yaml
vendored
3
.github/workflows/deploy.yaml
vendored
|
|
@ -17,7 +17,6 @@ concurrency:
|
|||
cancel-in-progress: false
|
||||
|
||||
jobs:
|
||||
# Single deploy job since we're just deploying
|
||||
deploy:
|
||||
environment:
|
||||
name: github-pages
|
||||
|
|
@ -31,7 +30,7 @@ jobs:
|
|||
- name: Upload artifact
|
||||
uses: actions/upload-pages-artifact@v3
|
||||
with:
|
||||
path: "."
|
||||
path: "frontend"
|
||||
- name: Deploy to GitHub Pages
|
||||
id: deployment
|
||||
uses: actions/deploy-pages@v4
|
||||
|
|
|
|||
38
.github/workflows/docker-publish.yml
vendored
38
.github/workflows/docker-publish.yml
vendored
|
|
@ -2,13 +2,7 @@ name: Build and Publish Docker Image
|
|||
|
||||
on:
|
||||
push:
|
||||
branches: [ "main", "develop" ]
|
||||
paths: [ "backend/**" ]
|
||||
pull_request:
|
||||
branches: [ "main" ]
|
||||
paths: [ "backend/**" ]
|
||||
release:
|
||||
types: [ published ]
|
||||
branches: ["main"]
|
||||
|
||||
env:
|
||||
REGISTRY: ghcr.io
|
||||
|
|
@ -76,19 +70,13 @@ jobs:
|
|||
sbom: true
|
||||
provenance: true
|
||||
|
||||
# Sign the resulting Docker image digest except on PRs.
|
||||
# Sign the resulting Docker image digest.
|
||||
# This will only write to the public Rekor transparency log when the Docker
|
||||
# repository is public to avoid leaking data. If you would like to publish
|
||||
# transparency data even for private images, pass --force to cosign below.
|
||||
# https://github.com/sigstore/cosign
|
||||
- name: Install cosign
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: sigstore/cosign-installer@v3.1.1
|
||||
with:
|
||||
cosign-release: 'v2.1.1'
|
||||
|
||||
- name: Sign the published Docker image
|
||||
if: github.event_name != 'pull_request'
|
||||
if: ${{ github.ref_type == 'tag' }}
|
||||
env:
|
||||
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
|
||||
TAGS: ${{ steps.meta.outputs.tags }}
|
||||
|
|
@ -96,23 +84,3 @@ jobs:
|
|||
# This step uses the identity token to provision an ephemeral certificate
|
||||
# against the sigstore community Fulcio instance.
|
||||
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
|
||||
|
||||
security-scan:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build-and-push
|
||||
if: github.event_name != 'pull_request'
|
||||
permissions:
|
||||
security-events: write
|
||||
|
||||
steps:
|
||||
- name: Run Trivy vulnerability scanner
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
|
||||
format: 'sarif'
|
||||
output: 'trivy-results.sarif'
|
||||
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
with:
|
||||
sarif_file: 'trivy-results.sarif'
|
||||
Loading…
Add table
Add a link
Reference in a new issue