conplementAG · ChristianGottinger · Jul 5, 2021 · Jun 22, 2021 · Jun 22, 2021 · Jul 5, 2021
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build-env
+FROM mcr.microsoft.com/dotnet/sdk:5.0-focal AS build-env
 WORKDIR /app
 
 COPY *.csproj ./
@@ -7,7 +7,7 @@ RUN dotnet restore ConplementAG.CopsController.csproj
 COPY . ./
 RUN dotnet publish ConplementAG.CopsController.csproj -c Release -o out
 
-FROM mcr.microsoft.com/dotnet/aspnet:5.0
+FROM mcr.microsoft.com/dotnet/aspnet:5.0-focal
 
 RUN useradd -u 8877 donetuser
 USER donetuser

diff --git a/Dockerfile.develop b/Dockerfile.develop
@@ -1,4 +1,4 @@
-FROM microsoft/dotnet:2.2-sdk
+FROM mcr.microsoft.com/dotnet/sdk:5.0-focal
 ARG BUILD_CONFIGURATION=Debug
 ENV ASPNETCORE_ENVIRONMENT=Development
 ENV DOTNET_USE_POLLING_FILE_WATCHER=true

diff --git a/azure-pipelines-nightly.yml b/azure-pipelines-nightly.yml
@@ -0,0 +1,32 @@
+name: $(imageName)
+
+schedules:
+- cron: "0 0 * * *"
+  displayName: Nightly build
+  branches:
+    include:
+    - master
+  always: true
+
+resources:
+  pipelines:
+    - pipeline: cops-controller
+      source: conplementAG.cops-controller
+      trigger: 
+        branches:
+          include:
+            - master
+
+pool:
+  vmImage: 'ubuntu-20.04'
+
+variables:
+  dockerId: conplementag
+  imageBaseName: cops-controller
+  imageName: '$(imageBaseName):$(resources.pipeline.cops-controller.runName)-dev'
+
+steps:
+- script: |
+    docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy --exit-code 0 --severity MEDIUM,HIGH --ignore-unfixed $(dockerId)/$(imageName)
+    docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy --exit-code 1 --severity CRITICAL --ignore-unfixed $(dockerId)/$(imageName)
+  displayName: Scan
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -8,7 +8,7 @@ trigger:
 - master
 
 pool:
-  vmImage: 'Ubuntu-16.04'
+  vmImage: 'ubuntu-20.04'
 
 variables:
   dockerId: conplementag
@@ -17,9 +17,18 @@ variables:
 
 steps:
 - script: |
-    docker build -t $(dockerId)/$(imageName) .
     docker login -u $(dockerUsername) -p $(dockerPassword)
+    docker build -t $(dockerId)/$(imageName) .
+  displayName: Build
+
+- script: |
+    docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy --exit-code 0 --severity MEDIUM,HIGH --ignore-unfixed $(dockerId)/$(imageName)
+    docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy --exit-code 1 --severity CRITICAL --ignore-unfixed $(dockerId)/$(imageName)
+  displayName: Scan
+
+- script: |
     docker push $(dockerId)/$(imageName)
+  displayName: Push
 
 - task: PublishBuildArtifacts@1
   inputs: