From bd991183eec1c013a5f4d40e4e20eb70cb9c5077 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 23 Apr 2024 19:56:28 +0000 Subject: [PATCH 1/7] Update github/super-linter action to v6 --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 1eb6a44..bbeeebe 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -18,7 +18,7 @@ jobs: fetch-depth: 0 - name: Lint Code Base - uses: github/super-linter@v5 + uses: github/super-linter@v6 env: VALIDATE_ALL_CODEBASE: false DEFAULT_BRANCH: main From 5d9e2edcf0cc1e0bdbe79a36de8d9a451afcd75e Mon Sep 17 00:00:00 2001 From: Elliot Matson <1711604+elliotmatson@users.noreply.github.com> Date: Thu, 9 May 2024 19:27:40 -0500 Subject: [PATCH 2/7] Update Dockerfile, add user --- pgadmin-config-creator/Dockerfile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pgadmin-config-creator/Dockerfile b/pgadmin-config-creator/Dockerfile index c237e97..bb19e98 100644 --- a/pgadmin-config-creator/Dockerfile +++ b/pgadmin-config-creator/Dockerfile @@ -1,7 +1,13 @@ FROM python:3.12-alpine + +RUN useradd -m pgadmin-config-creator +USER pgadmin-config-creator + RUN mkdir /app RUN mkdir /config + COPY . /app WORKDIR /app + CMD ["python", "app.py"] -HEALTHCHECK CMD test -f /config/servers.json || exit 1 \ No newline at end of file +HEALTHCHECK CMD test -f /config/servers.json || exit 1 From 2da3272ec6cbe9453c02cab83bbb0ffb36866532 Mon Sep 17 00:00:00 2001 From: Elliot Matson <1711604+elliotmatson@users.noreply.github.com> Date: Thu, 9 May 2024 19:35:13 -0500 Subject: [PATCH 3/7] Update lint.yml --- .github/workflows/lint.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index bbeeebe..bb5740c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -6,6 +6,8 @@ on: pull_request: branches: [main] +permissions: read-all + jobs: run-lint: name: Lint From 5fe62c074d8005db2baf7dc48b44ea0c4c13b7f6 Mon Sep 17 00:00:00 2001 From: Elliot Matson <1711604+elliotmatson@users.noreply.github.com> Date: Thu, 9 May 2024 19:35:37 -0500 Subject: [PATCH 4/7] Update stack-healthcheck.yml --- .github/workflows/stack-healthcheck.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/stack-healthcheck.yml b/.github/workflows/stack-healthcheck.yml index 2701875..e00477d 100644 --- a/.github/workflows/stack-healthcheck.yml +++ b/.github/workflows/stack-healthcheck.yml @@ -5,6 +5,8 @@ on: pull_request: workflow_dispatch: +permissions: read-all + jobs: test: name: Test Stack @@ -18,4 +20,4 @@ jobs: - name: Check database creation run: docker compose logs | grep "Success. You can now start the database server" - name: Check postgres init - run: docker compose logs | grep "PostgreSQL init process complete; ready for start up." \ No newline at end of file + run: docker compose logs | grep "PostgreSQL init process complete; ready for start up." From 58f586024cde4e131256a30b161d481eec84c47f Mon Sep 17 00:00:00 2001 From: Elliot Matson <1711604+elliotmatson@users.noreply.github.com> Date: Thu, 9 May 2024 19:37:11 -0500 Subject: [PATCH 5/7] Update stale.yml --- .github/workflows/stale.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index ff67a26..58a5b62 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -4,6 +4,10 @@ on: - cron: '0 */1 * * *' workflow_dispatch: +permissions: + issues: write + pull-requests: write + jobs: stale: runs-on: ubuntu-latest From ee4c677cffba1316b410ae24eca0c04d98021603 Mon Sep 17 00:00:00 2001 From: Elliot Matson <1711604+elliotmatson@users.noreply.github.com> Date: Thu, 9 May 2024 19:42:14 -0500 Subject: [PATCH 6/7] Update docker.yml --- .github/workflows/docker.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 772c8a3..72ae746 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -15,6 +15,8 @@ on: release: types: [published, edited] workflow_dispatch: + +permissions: read-all env: REGISTRY: ghcr.io From f6cf7586fc55c1c858692913fc9bf98bdf966ac4 Mon Sep 17 00:00:00 2001 From: Elliot Matson <1711604+elliotmatson@users.noreply.github.com> Date: Thu, 9 May 2024 19:45:03 -0500 Subject: [PATCH 7/7] Update docker.yml --- .github/workflows/docker.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 72ae746..cad2a63 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -75,14 +75,3 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: ${{ env.DOCKER_IMAGE }} - format: 'sarif' - output: 'trivy-results.sarif' - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: 'trivy-results.sarif'