hkc
/
mastoposter
2
0
Fork 2
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: hkc:master
Branches Tags
hkc:master
hkc:22-crash-when-using-user=auto-on-pleroma-account-with-no-posts
hkc:autoconfig
hkc:logging
hkc:unsafe
hkc:formatting
hkc:filters
vapronva:docker-fixes
vapronva:master
vapronva:unsafe
vapronva:formatting
vapronva:filters
...
pull from: vapronva:master
Branches Tags
vapronva:docker-fixes
vapronva:master
vapronva:unsafe
vapronva:formatting
vapronva:filters
hkc:master
hkc:22-crash-when-using-user=auto-on-pleroma-account-with-no-posts
hkc:autoconfig
hkc:logging
hkc:unsafe
hkc:formatting
hkc:filters

4 Commits
master ... master

Author SHA1 Message Date
Vladimir (vapronva) 5a519505fa
add: some variables were missing for container analysis 2022-09-30 05:00:41 +03:00
Vladimir (vapronva) 2d67f6b0c8
fix: ooops, container scanning should be past building 2022-09-30 04:49:36 +03:00
Vladimir (vapronva) 91685a06e4
add: basic ci docker image building, deepsource sast 2022-09-30 04:08:24 +03:00
Vladimir (vapronva) 80a3d9c89d
add: `dockerignore`; change: df layers handling (🤓) 2022-09-30 02:23:18 +03:00
4 changed files with 75 additions and 2 deletions
Show Stats Expand all files Collapse all files

23
.deepsource.toml Normal file
View File

@ -0,0 +1,23 @@
version = 1
[[analyzers]]
name = "test-coverage"
enabled = true
[[analyzers]]
name = "python"
enabled = true
[analyzers.meta]
runtime_version = "3.x.x"
[[analyzers]]
name = "secrets"
enabled = true
[[analyzers]]
name = "docker"
enabled = true
[analyzers.meta]
dockerfile_paths = ["Dockerfile"]

5
.dockerignore Normal file
View File

@ -0,0 +1,5 @@
.git
.gitignore
config.ini
README.md
TODO

40
.gitlab-ci.yml Normal file
View File

@ -0,0 +1,40 @@
stages:
- test
- build-image
- post-test
sast:
stage: test
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/SAST-IaC.latest.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml
docker-image-build:
stage: build-image
image: docker:20-git
script:
- docker build -t $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest .
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker image push $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
rules:
- if: $CI_COMMIT_BRANCH == "master"
exists:
- Dockerfile
changes:
- "*.py"
- Dockerfile
- requirements.txt
- .gitlab-ci.yml
container_scanning:
stage: post-test
variables:
CS_DISABLE_DEPENDENCY_LIST: "true"
CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter
CI_APPLICATION_TAG: "latest"
CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5"
SECURE_LOG_LEVEL: "debug"

9
Dockerfile
View File

@ -1,6 +1,11 @@
FROM python:3.10-alpine FROM python:3.10-alpine
COPY . /app
WORKDIR /app WORKDIR /app
RUN pip install -r /app/requirements.txt
COPY requirements.txt /app/requirements.txt
RUN pip install -r /app/requirements.txt && rm /app/requirements.txt
COPY . /app
CMD ["python3", "-m", "mastoposter", "/config.ini"] CMD ["python3", "-m", "mastoposter", "/config.ini"]