forked from freudenreichan/EinfuehrungInDocker_Pipeline2
Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 1a0fcbbd12 |
@ -26,7 +26,7 @@ steps:
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
- name: security-scan
|
- name: security-scan
|
||||||
image: aquasec/trivy:latest
|
image: ghcr.io/aquasecurity/trivy:0.69.3
|
||||||
commands:
|
commands:
|
||||||
- trivy image --input image.tar --severity HIGH,CRITICAL --exit-code 1
|
- trivy image --input image.tar --severity HIGH,CRITICAL --exit-code 1
|
||||||
|
|
||||||
@ -47,13 +47,13 @@ steps:
|
|||||||
|
|
||||||
# Repo clonen
|
# Repo clonen
|
||||||
- git clone https://git.efi.th-nuernberg.de/gitea/freudenreichan/EinfuehrungInDocker_Pipeline2.git
|
- git clone https://git.efi.th-nuernberg.de/gitea/freudenreichan/EinfuehrungInDocker_Pipeline2.git
|
||||||
- cd EinfuehrungInDocker_Pipeline2
|
- cd EinfuehrungInDocker_Pipeline
|
||||||
|
|
||||||
# Branch wechseln oder erstellen
|
# Branch wechseln oder erstellen
|
||||||
- git checkout drone-artifacts || git checkout -b drone-artifacts
|
- git checkout drone-artifacts || git checkout -b drone-artifacts
|
||||||
|
|
||||||
# Artifact löschen und neu hinzufügen
|
# Artifact löschen und neu hinzufügen
|
||||||
- rm -f image.tar
|
- git rm image.tar
|
||||||
- cp $DRONE_WORKSPACE/image.tar .
|
- cp $DRONE_WORKSPACE/image.tar .
|
||||||
- git add image.tar
|
- git add image.tar
|
||||||
|
|
||||||
@ -64,4 +64,4 @@ steps:
|
|||||||
- git pull || true
|
- git pull || true
|
||||||
|
|
||||||
# Push
|
# Push
|
||||||
- git push --set-upstream origin drone-artifacts
|
- git push
|
||||||
42
Dockerfile
42
Dockerfile
@ -1,34 +1,22 @@
|
|||||||
FROM alpine:3.20
|
# Base-Image
|
||||||
|
FROM ubuntu:latest
|
||||||
|
|
||||||
# gcc installieren
|
# Pakete installieren
|
||||||
RUN apk add --no-cache gcc musl-dev
|
RUN apt-get update
|
||||||
|
RUN apt-get install -y build-essential gcc curl vim net-tools
|
||||||
|
|
||||||
# Arbeitsverzeichnis
|
# Arbeitsverzeichnis setzen
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
# Dateien kopieren
|
# alles kopieren
|
||||||
COPY deployment.c .
|
COPY . .
|
||||||
|
|
||||||
# Programm kompilieren
|
# Code kompilieren
|
||||||
RUN gcc -O2 -o deployment deployment.c
|
RUN gcc -o deployment deployment.c
|
||||||
|
|
||||||
# Non-root User
|
# Verzeichnis für Ausgabe anlegen
|
||||||
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
|
RUN mkdir /output
|
||||||
|
|
||||||
# Output-Verzeichnis
|
# Ausgabe wird ins Container-Dateisystem geschrieben
|
||||||
RUN mkdir /output && chown -R appuser:appgroup /output /app
|
ENTRYPOINT ["/bin/bash", "-c"]
|
||||||
|
CMD ["./deployment 10 > /output/output.txt && tail -f /output/output.txt"]
|
||||||
# Datavolume
|
|
||||||
VOLUME ["/output"]
|
|
||||||
|
|
||||||
# User wechseln
|
|
||||||
USER appuser
|
|
||||||
|
|
||||||
# Healthcheck
|
|
||||||
HEALTHCHECK CMD test -f /output/output.txt || exit 1
|
|
||||||
|
|
||||||
# Anwendung starten
|
|
||||||
CMD ["/bin/sh", "-c", "./deployment 10 > /output/output.txt"]
|
|
||||||
|
|
||||||
# Start
|
|
||||||
CMD ["/app/deployment", "10"]
|
|
||||||
Loading…
x
Reference in New Issue
Block a user