diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index b010b48b..540f1f59 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -17,7 +17,27 @@ jobs: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4 - name: Build the Docker image run: make compose/rebuild + - name: Run static checks in Docker image + run: make compose/lint - name: Run test in Docker image run: make compose/run - name: Tag Docker image run: docker tag algorithm-exercises-py:latest algorithm-exercises-py:${{ github.sha }} + + - name: Run Snyk to check Docker image for vulnerabilities + # Snyk can be used to break the build when it detects vulnerabilities. + # In this case we want to upload the issues to GitHub Code Scanning + continue-on-error: true + uses: snyk/actions/docker@master + env: + # In order to use the Snyk Action you will need to have a Snyk API token. + # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token + # or you can sign up for free at https://snyk.io/login + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + image: algorithm-exercises-py:latest + args: --file=Dockerfile + # - name: Upload result to GitHub Code Scanning + # uses: github/codeql-action/upload-sarif@v2 + # with: + # sarif_file: snyk.sarif diff --git a/Dockerfile b/Dockerfile index 15384720..353ab689 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,16 +5,15 @@ ENV WORKDIR=/app WORKDIR ${WORKDIR} ############################################################################### -FROM node:20.14.0-alpine3.20 AS lint +FROM base AS lint ENV WORKDIR=/app WORKDIR ${WORKDIR} COPY ./src ${WORKDIR}/src -RUN apk add --update --no-cache make -RUN npm install -g --ignore-scripts markdownlint-cli +RUN apk add --update --no-cache make nodejs npm -RUN apk add --update --no-cache nodejs npm +RUN npm install -g --ignore-scripts markdownlint-cli RUN npm install -g --ignore-scripts pyright ############################################################################### diff --git a/Makefile b/Makefile index b198d51a..e4e2e2b5 100644 --- a/Makefile +++ b/Makefile @@ -110,6 +110,7 @@ clean: find . -path "*/__pycache__" -type d -print -exec rm -fr {} ';' compose/build: env + docker-compose --profile lint build docker-compose --profile testing build compose/rebuild: env @@ -118,10 +119,10 @@ compose/rebuild: env compose/mdlint: env docker-compose --profile lint build - docker-compose --profile lint run --rm algorithm-exercises-py-mdlint make mdlint + docker-compose --profile lint run --rm algorithm-exercises-py-lint make mdlint compose/test/static: compose/build - docker-compose --profile testing run --rm algorithm-exercises-py make test/static + docker-compose --profile lint run --rm algorithm-exercises-py-lint make test/static compose/lint: compose/test/static compose/mdlint diff --git a/compose.yaml b/compose.yaml index f079585b..15ede2c6 100644 --- a/compose.yaml +++ b/compose.yaml @@ -11,8 +11,8 @@ services: - ./coverage:/app/coverage profiles: ["testing"] - algorithm-exercises-py-mdlint: - image: algorithm-exercises-ts:mdlint + algorithm-exercises-py-lint: + image: algorithm-exercises-py:lint build: context: . target: lint