Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 9ff2031d4a | |||
| 952cf78f45 | |||
| cbc5aafb24 | |||
| 78c168f9de | |||
| f3629abddf | |||
| 3f6c9e3be1 | |||
| af81140fa3 | |||
| 4c578ea2c2 | |||
| 4dbcf50614 |
@ -26,7 +26,7 @@ steps:
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
- name: security-scan
|
- name: security-scan
|
||||||
image: ghcr.io/aquasecurity/trivy:0.69.3
|
image: aquasec/trivy:latest
|
||||||
commands:
|
commands:
|
||||||
- trivy image --input image.tar --severity HIGH,CRITICAL --exit-code 1
|
- trivy image --input image.tar --severity HIGH,CRITICAL --exit-code 1
|
||||||
|
|
||||||
@ -47,13 +47,13 @@ steps:
|
|||||||
|
|
||||||
# Repo clonen
|
# Repo clonen
|
||||||
- git clone https://git.efi.th-nuernberg.de/gitea/freudenreichan/EinfuehrungInDocker_Pipeline2.git
|
- git clone https://git.efi.th-nuernberg.de/gitea/freudenreichan/EinfuehrungInDocker_Pipeline2.git
|
||||||
- cd EinfuehrungInDocker_Pipeline
|
- cd EinfuehrungInDocker_Pipeline2
|
||||||
|
|
||||||
# Branch wechseln oder erstellen
|
# Branch wechseln oder erstellen
|
||||||
- git checkout drone-artifacts || git checkout -b drone-artifacts
|
- git checkout drone-artifacts || git checkout -b drone-artifacts
|
||||||
|
|
||||||
# Artifact löschen und neu hinzufügen
|
# Artifact löschen und neu hinzufügen
|
||||||
- git rm image.tar
|
- rm -f image.tar
|
||||||
- cp $DRONE_WORKSPACE/image.tar .
|
- cp $DRONE_WORKSPACE/image.tar .
|
||||||
- git add image.tar
|
- git add image.tar
|
||||||
|
|
||||||
@ -64,4 +64,4 @@ steps:
|
|||||||
- git pull || true
|
- git pull || true
|
||||||
|
|
||||||
# Push
|
# Push
|
||||||
- git push
|
- git push --set-upstream origin drone-artifacts
|
||||||
42
Dockerfile
42
Dockerfile
@ -1,22 +1,34 @@
|
|||||||
# Base-Image
|
FROM alpine:3.20
|
||||||
FROM ubuntu:latest
|
|
||||||
|
|
||||||
# Pakete installieren
|
# gcc installieren
|
||||||
RUN apt-get update
|
RUN apk add --no-cache gcc musl-dev
|
||||||
RUN apt-get install -y build-essential gcc curl vim net-tools
|
|
||||||
|
|
||||||
# Arbeitsverzeichnis setzen
|
# Arbeitsverzeichnis
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
# alles kopieren
|
# Dateien kopieren
|
||||||
COPY . .
|
COPY deployment.c .
|
||||||
|
|
||||||
# Code kompilieren
|
# Programm kompilieren
|
||||||
RUN gcc -o deployment deployment.c
|
RUN gcc -O2 -o deployment deployment.c
|
||||||
|
|
||||||
# Verzeichnis für Ausgabe anlegen
|
# Non-root User
|
||||||
RUN mkdir /output
|
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
|
||||||
|
|
||||||
# Ausgabe wird ins Container-Dateisystem geschrieben
|
# Output-Verzeichnis
|
||||||
ENTRYPOINT ["/bin/bash", "-c"]
|
RUN mkdir /output && chown -R appuser:appgroup /output /app
|
||||||
CMD ["./deployment 10 > /output/output.txt && tail -f /output/output.txt"]
|
|
||||||
|
# Datavolume
|
||||||
|
VOLUME ["/output"]
|
||||||
|
|
||||||
|
# User wechseln
|
||||||
|
USER appuser
|
||||||
|
|
||||||
|
# Healthcheck
|
||||||
|
HEALTHCHECK CMD test -f /output/output.txt || exit 1
|
||||||
|
|
||||||
|
# Anwendung starten
|
||||||
|
CMD ["/bin/sh", "-c", "./deployment 10 > /output/output.txt"]
|
||||||
|
|
||||||
|
# Start
|
||||||
|
CMD ["/app/deployment", "10"]
|
||||||
Loading…
x
Reference in New Issue
Block a user