sir-gon · sir-gon · Jun 9, 2024 · Jun 9, 2024 · Jun 9, 2024 · Jun 9, 2024
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -17,7 +17,27 @@ jobs:
     - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
     - name: Build the Docker image
       run: make compose/rebuild
+    - name: Run static checks in Docker image
+      run: make compose/lint
     - name: Run test in Docker image
       run: make compose/run
     - name: Tag Docker image
       run: docker tag algorithm-exercises-py:latest algorithm-exercises-py:${{ github.sha }}
+
+    - name: Run Snyk to check Docker image for vulnerabilities
+      # Snyk can be used to break the build when it detects vulnerabilities.
+      # In this case we want to upload the issues to GitHub Code Scanning
+      continue-on-error: true
+      uses: snyk/actions/docker@master
+      env:
+        # In order to use the Snyk Action you will need to have a Snyk API token.
+        # See https://docs.snyk.io/integrations/ci-cd-integrations/github-actions-integration#getting-your-snyk-token
+        # or you can sign up for free at https://snyk.io/login
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      with:
+        image: algorithm-exercises-py:latest
+        args: --file=Dockerfile
+    # - name: Upload result to GitHub Code Scanning
+    #   uses: github/codeql-action/upload-sarif@v2
+    #   with:
+    #     sarif_file: snyk.sarif
diff --git a/Dockerfile b/Dockerfile
@@ -5,16 +5,15 @@ ENV WORKDIR=/app
 WORKDIR ${WORKDIR}
 
 ###############################################################################
-FROM node:20.14.0-alpine3.20 AS lint
+FROM base AS lint
 
 ENV WORKDIR=/app
 WORKDIR ${WORKDIR}
 
 COPY ./src ${WORKDIR}/src
-RUN apk add --update --no-cache make
-RUN npm install -g --ignore-scripts markdownlint-cli
+RUN apk add --update --no-cache make nodejs npm
 
-RUN apk add --update --no-cache nodejs npm
+RUN npm install -g --ignore-scripts markdownlint-cli
 RUN npm install -g --ignore-scripts pyright
 
 ###############################################################################

diff --git a/Makefile b/Makefile
@@ -110,6 +110,7 @@ clean:
 	find . -path "*/__pycache__" -type d -print -exec rm -fr {} ';'
 
 compose/build: env
+	docker-compose --profile lint build
 	docker-compose --profile testing build
 
 compose/rebuild: env
@@ -118,10 +119,10 @@ compose/rebuild: env
 
 compose/mdlint: env
 	docker-compose --profile lint build
-	docker-compose --profile lint run --rm algorithm-exercises-py-mdlint make mdlint
+	docker-compose --profile lint run --rm algorithm-exercises-py-lint make mdlint
 
 compose/test/static: compose/build
-	docker-compose --profile testing run --rm algorithm-exercises-py make test/static
+	docker-compose --profile lint run --rm algorithm-exercises-py-lint make test/static
 
 compose/lint: compose/test/static compose/mdlint
 

diff --git a/compose.yaml b/compose.yaml
@@ -11,8 +11,8 @@ services:
       - ./coverage:/app/coverage
     profiles: ["testing"]
 
-  algorithm-exercises-py-mdlint:
-    image: algorithm-exercises-ts:mdlint
+  algorithm-exercises-py-lint:
+    image: algorithm-exercises-py:lint
     build:
       context: .
       target: lint