merge: Merge pull request #7 from jerusdp/secruity

zamazan4ik · web-flow · commit 0634320111b8 · 2021-09-30T15:25:22.000+03:00
- Secruity Scan for Docker Image and fix for Issue #6
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -6,14 +6,38 @@ on:
       - master
 
 jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - name: Build
+      env:
+        REPO: ${{ github.repository }}
+      shell: bash
+      run: |
+        echo "docker_repo=${{ env.REPO }}" >> $GITHUB_ENV
+        make build
+    - name: Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@0.0.20
+      with:
+        image-ref: '${{ env.docker_repo }}:latest'
+        format: 'table'
+        exit-code: '1'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
   test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
+      - name: Build
+        shell: bash
+        run: make build
       - name: Test
         run: make test
   publish:
-    needs: [test]
+    needs: [scan, test]
+    if: github.repository == 'rust-serverless/lambda-rust'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 tests/test-*/test-out.log
 target
 .DS_Store
+.vscode
diff --git a/Dockerfile b/Dockerfile
@@ -2,6 +2,8 @@
 FROM docker.io/lambci/lambda:build-provided.al2
 
 ARG RUST_VERSION=1.54.0
+RUN yum -y update
+RUN yum -y remove kernel-devel-4.14.203-156.332.amzn2
 RUN yum install -y jq openssl-devel
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \
     | CARGO_HOME=/cargo RUSTUP_HOME=/rustup sh -s -- -y --profile minimal --default-toolchain $RUST_VERSION

-Original file line number
+Diff line change
@@ @@ -1,3 +1,4 @@ @@
 tests/test-*/test-out.log
 target
 .DS_Store
 +.vscode