Skip to content

Commit

Permalink
security
Browse files Browse the repository at this point in the history
  • Loading branch information
@kimzuni
kimzuni committed Apr 4, 2024
1 parent 1980a4b commit 183a06a
Show file tree
Hide file tree
Showing 5 changed files with 49 additions and 4 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/developer.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
name: Developer image
on: # yamllint disable-line rule:truthy
push:
branches: [main]
branches: [dev]

jobs:
push:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/linting.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on: # yamllint disable-line rule:truthy
push:
branches:
- main
- dev

run-name: Pull request - ${{ github.event.pull_request.number }}
jobs:
Expand Down
42 changes: 42 additions & 0 deletions .github/workflows/security.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
---
name: Security
on: # yamllint disable-line rule:truthy
pull_request:
workflow_dispatch:
schedule:
- cron: 0 0 * * *
push:
branches:
- main

jobs:
container-scanning:
name: Container - Scan
runs-on: ubuntu-latest
steps:

- name: Checkout
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build and export to Docker
uses: docker/build-push-action@v5
with:
file: ./Dockerfile
load: true
tags: security

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'security'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
6 changes: 3 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,15 @@ ARG SUPERCRONIC_VERSION="0.2.29"
# hadolint ignore=DL3008
RUN apt-get update && \

Check failure on line 28 in Dockerfile

View workflow job for this annotation

GitHub Actions / Lint - Docker 

DL3015 info: Avoid additional packages by specifying `--no-install-recommends`

Check failure on line 28 in Dockerfile

View workflow job for this annotation

GitHub Actions / Lint - Docker 

DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
apt-get install --no-install-recommends --no-install-suggests -y \
git \
git-lfs \
wget \
curl wget \
ca-certificates \
lib32gcc1-amd64-cross \
procps=2:4.0.2-3 \
xdg-user-dirs=0.18-1 \
jo=1.9-1 \
jq=1.6-2.1 \
&& curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash \
&& apt-get -y install git git-lfs \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN su steam -c "/home/steam/steamcmd/steamcmd.sh +login anonymous +app_update 1007 +quit"
Expand Down
2 changes: 2 additions & 0 deletions docs/kr/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@
- Windows 11
- Ubuntu 22.04

또한 `x64`, `ARM64` 두 아키텍처에서 모두 정상적으로 작동하는 것을 확인했습니다.

> [!WARNING]
> 현재 롱빈터에서 RCON을 지원하지 않기 때문에 관련된 모든 기능이 교체 및 제거되었습니다.
>
Expand Down

0 comments on commit 183a06a

Please sign in to comment.