Upgrading to LTS Version 3.27.4+210622

Add Trivy Scan and Structure Test (#71 )
* Add Trivy Scan and Structure Tests * Update README, fancy new Badges! * Update Makefile, full-qualified Image names
2025-12-06 16:39:11 +01:00 · 2021-06-25 08:17:47 +02:00 · 2021-06-23 08:40:51 +02:00 · 2021-06-22 10:32:33 +02:00 · 2021-06-22 10:26:07 +02:00
14 changed files with 174 additions and 53 deletions
--- a/.github/workflows/build-latest-container-images.yaml
+++ b/.github/workflows/build-latest-container-images.yaml
@@ -42,21 +42,12 @@ jobs:
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_TOKEN }}
      ## Can be enabled in the future
      # - name: Log in to GitHub Container Registry
      #   uses: docker/login-action@v1
      #   with:
      #     registry: gchr.io
      #     username: ${{ github.repository_owner }}
      #     password: ${{ secrets.GITHUB_TOKEN }}
      - name: 'Apache variant metadata'
        id: metadata-apache
        uses: docker/metadata-action@v3
        with:
          images: |
            docker.io/martialblog/limesurvey
          ## Can be enabled in the future
          # ghcr.io/martialblog/limesurvey
          tags: |
            type=semver,pattern={{raw}},suffix=-apache
            type=semver,pattern={{major}},suffix=-apache
@@ -76,8 +67,6 @@ jobs:
        with:
          images: |
            docker.io/martialblog/limesurvey
          ## Can be enabled in the future
          # ghcr.io/martialblog/limesurvey
          tags: |
            type=semver,pattern={{version}},suffix=-fpm
            type=semver,pattern={{major}},suffix=-fpm
@@ -95,8 +84,6 @@ jobs:
        with:
          images: |
            docker.io/martialblog/limesurvey
          ## Can be enabled in the future
          # ghcr.io/martialblog/limesurvey
          tags: |
            type=semver,pattern={{version}},suffix=-fpm-alpine
            type=semver,pattern={{major}},suffix=-fpm-alpine
--- a/.github/workflows/build-lts-container-images.yaml
+++ b/.github/workflows/build-lts-container-images.yaml
@@ -42,22 +42,12 @@ jobs:
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_TOKEN }}
      ## Can be enabled in the future
      # - name: Log in to GitHub Container Registry
      #   uses: docker/login-action@v1
      #   with:
      #     registry: gchr.io
      #     username: ${{ github.repository_owner }}
      #     password: ${{ secrets.GITHUB_TOKEN }}
      - name: 'Apache variant metadata'
        id: metadata-apache
        uses: docker/metadata-action@v3
        with:
          images: |
            docker.io/martialblog/limesurvey
          ## Can be enabled in the future
          # ghcr.io/martialblog/limesurvey
          tags: |
            type=semver,pattern={{raw}},suffix=-apache
            type=semver,pattern={{major}},suffix=-apache
@@ -77,8 +67,6 @@ jobs:
        with:
          images: |
            docker.io/martialblog/limesurvey
            ## Can be enabled in the future
            # ghcr.io/martialblog/limesurvey
          tags: |
            type=semver,pattern={{version}},suffix=-fpm
            type=semver,pattern={{major}},suffix=-fpm
@@ -96,8 +84,6 @@ jobs:
        with:
          images: |
            docker.io/martialblog/limesurvey
          ## Can be enabled in the future
          # ghcr.io/martialblog/limesurvey
          tags: |
            type=semver,pattern={{version}},suffix=-fpm-alpine
            type=semver,pattern={{major}},suffix=-fpm-alpine
--- a/.github/workflows/test-latest-container-images.yaml
+++ b/.github/workflows/test-latest-container-images.yaml
@@ -0,0 +1,49 @@
 name: Test Latest Container Images
 on: [push, pull_request]
 jobs:
  test_images:
    name: Test Latest Container Images with Trivy
    runs-on: ubuntu-latest
    strategy:
      matrix:
        context:
          - apache
          - fpm-alpine
          - fpm
    steps:
      - name: 'Check out the repo'
        uses: actions/checkout@v2
      - name: 'Set up Docker Buildx'
        uses: docker/setup-buildx-action@v1
      - name: 'Build Container images'
        uses: docker/build-push-action@v2
        with:
          context: 5.0/${{ matrix.context }}
          push: false
          load: true
          tags: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
      - name: 'Run Structure tests'
        uses: plexsystems/container-structure-test-action@v0.2.0
        with:
          image: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
          config: tests/${{ matrix.context }}-tests.yaml
      - name: 'Run vulnerability scanner'
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: trivy-results-5-${{ matrix.context }}.sarif
          severity: 'CRITICAL,HIGH'
      - name: 'Upload Trivy scan results to GitHub'
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: trivy-results-5-${{ matrix.context }}.sarif
          category: "${{ matrix.context }}"
--- a/.github/workflows/test-lts-container-images.yaml
+++ b/.github/workflows/test-lts-container-images.yaml
@@ -0,0 +1,49 @@
 name: Test LTS Container Images
 on: [push, pull_request]
 jobs:
  test_images:
    name: Test LTS Container Images with Trivy
    runs-on: ubuntu-latest
    strategy:
      matrix:
        context:
          - apache
          - fpm-alpine
          - fpm
    steps:
      - name: 'Check out the repo'
        uses: actions/checkout@v2
      - name: 'Set up Docker Buildx'
        uses: docker/setup-buildx-action@v1
      - name: 'Build Container images'
        uses: docker/build-push-action@v2
        with:
          context: 3.0/${{ matrix.context }}
          push: false
          load: true
          tags: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
      - name: 'Run Structure tests'
        uses: plexsystems/container-structure-test-action@v0.2.0
        with:
          image: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
          config: tests/${{ matrix.context }}-tests.yaml
      - name: 'Run vulnerability scanner'
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: trivy-results-3-${{ matrix.context }}.sarif
          severity: 'CRITICAL,HIGH'
      - name: 'Upload Trivy scan results to GitHub'
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: trivy-results-3-${{ matrix.context }}.sarif
          category: "${{ matrix.context }}"
--- a/3.0/apache/Dockerfile
+++ b/3.0/apache/Dockerfile
@@ -1,7 +1,7 @@
 FROM php:7.4-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.3+210615'
+ARG version='3.27.4+210622'
-ARG sha256_checksum='b4986b8be45a2e3d9dbd92ecd724b5bc4aef751f194c00ed445ed0201ad82aa1'
+ARG sha256_checksum='0333dcce611e06f46bdffc08a052d63dd68ef919860bf811116bf246bd214514'
 ARG USER=root
 ARG LISTEN_PORT=80
--- a/3.0/fpm-alpine/Dockerfile
+++ b/3.0/fpm-alpine/Dockerfile
@@ -1,7 +1,7 @@
 FROM php:7.4-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.3+210615'
+ARG version='3.27.4+210622'
-ARG sha256_checksum='b4986b8be45a2e3d9dbd92ecd724b5bc4aef751f194c00ed445ed0201ad82aa1'
+ARG sha256_checksum='0333dcce611e06f46bdffc08a052d63dd68ef919860bf811116bf246bd214514'
 # Install OS dependencies
 RUN set -ex; \
--- a/3.0/fpm/Dockerfile
+++ b/3.0/fpm/Dockerfile
@@ -1,7 +1,7 @@
 FROM php:7.4-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.3+210615'
+ARG version='3.27.4+210622'
-ARG sha256_checksum='b4986b8be45a2e3d9dbd92ecd724b5bc4aef751f194c00ed445ed0201ad82aa1'
+ARG sha256_checksum='0333dcce611e06f46bdffc08a052d63dd68ef919860bf811116bf246bd214514'
 # Install OS dependencies
 RUN set -ex; \
--- a/12
+++ b/12
@@ -1,14 +1,14 @@
 # .PHONY: apache fpm fpm-alpine
 apache-lts:
-	docker build --pull -t martialblog/limesurvey:3-apache 3.0/apache
+	docker build --pull -t docker.io/martialblog/limesurvey:3-apache 3.0/apache
 apache-latest:
-	docker build --pull -t martialblog/limesurvey:5-apache 5.0/apache
+	docker build --pull -t docker.io/martialblog/limesurvey:5-apache 5.0/apache
 fpm-alpine-lts:
-	docker build --pull -t martialblog/limesurvey:3-fpm-alpine 3.0/fpm-alpine
+	docker build --pull -t docker.io/martialblog/limesurvey:3-fpm-alpine 3.0/fpm-alpine
 fpm-alpine-latest:
-	docker build --pull -t martialblog/limesurvey:5-fpm-alpine 5.0/fpm-alpine
+	docker build --pull -t docker.io/martialblog/limesurvey:5-fpm-alpine 5.0/fpm-alpine
 fpm-lts:
-	docker build --pull -t martialblog/limesurvey:3-fpm 3.0/fpm
+	docker build --pull -t docker.io/martialblog/limesurvey:3-fpm 3.0/fpm
 fpm-latest:
-	docker build --pull -t martialblog/limesurvey:5-fpm 5.0/fpm
+	docker build --pull -t docker.io/martialblog/limesurvey:5-fpm 5.0/fpm
--- a/README.md
+++ b/README.md
@@ -1,4 +1,6 @@
-[![Build Status](https://travis-ci.com/martialblog/docker-limesurvey.svg?branch=master)](https://travis-ci.com/martialblog/docker-limesurvey)
+[![Lint Dockerfile](https://github.com/martialblog/docker-limesurvey/actions/workflows/lint-dockerfiles.yaml/badge.svg)](https://github.com/martialblog/docker-limesurvey/actions/workflows/lint-dockerfiles.yaml)
 [![Test LTS Container Images](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-lts-container-images.yaml/badge.svg)](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-lts-container-images.yaml)
 [![Test Latest Container Images](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-latest-container-images.yaml/badge.svg)](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-latest-container-images.yaml)
 [![](https://images.microbadger.com/badges/image/martialblog/limesurvey.svg)](https://microbadger.com/images/martialblog/limesurvey "Get your own image badge on microbadger.com")
 # LimeSurvey Docker
--- a/tests/apache-tests.yaml
+++ b/tests/apache-tests.yaml
--- a/tests/fpm-alpine-tests.yaml
+++ b/tests/fpm-alpine-tests.yaml
@@ -0,0 +1,57 @@
 schemaVersion: "2.0.0"
 globalEnvVars:
  - key: "PATH"
    value: "/env/bin:$PATH"
 fileContentTests:
  - name: 'Limesurvey admin file content'
    path: '/var/www/html/admin/index.php'
    expectedContents: ['LimeSurvey']
  - name: 'Entrypoint file content'
    path: '/var/www/html/entrypoint.sh'
    expectedContents: ['console.php', 'ADMIN_USER']
 fileExistenceTests:
  - name: 'Limesurvey files'
    path: '/var/www/html/index.php'
    shouldExist: true
    permissions: '-rw-rw-r--'
  - name: 'Limesurvey admin files'
    path: '/var/www/html/admin/index.php'
    shouldExist: true
    permissions: '-rw-rw-r--'
  - name:  "Dependencies - PHP - gd"
    path: '/usr/local/etc/php/conf.d/docker-php-ext-gd.ini'
    shouldExist: true
  - name:  "Dependencies - PHP - imap"
    path: '/usr/local/etc/php/conf.d/docker-php-ext-imap.ini'
    shouldExist: true
  - name:  "Dependencies - PHP - ldap"
    path: '/usr/local/etc/php/conf.d/docker-php-ext-ldap.ini'
    shouldExist: true
  - name:  "Dependencies - PHP - pgsql"
    path: '/usr/local/etc/php/conf.d/docker-php-ext-pgsql.ini'
    shouldExist: true
  - name:  "Dependencies - PHP - zip"
    path: '/usr/local/etc/php/conf.d/docker-php-ext-zip.ini'
    shouldExist: true
  - name:  "Dependencies - PHP - sodium"
    path: '/usr/local/etc/php/conf.d/docker-php-ext-sodium.ini'
    shouldExist: true
  - name:  "Dependencies - PHP - pdo_mysql"
    path: '/usr/local/etc/php/conf.d/docker-php-ext-pdo_mysql.ini'
    shouldExist: true
  - name:  "Dependencies - PHP - pdo_pgsql"
    path: '/usr/local/etc/php/conf.d/docker-php-ext-pdo_pgsql.ini'
    shouldExist: true
 commandTests:
  - name:  "Dependencies - netcat"
    command: "apk"
    args: ["info", "-e", "netcat-openbsd"]
    exitCode: 0
  - name:  "Dependencies - PHP Modules"
    command: "php"
    args: ["-m"]
    expectedOutput: ["ldap", "zip", "pdo_mysql", "pdo_sqlite", "gd", "mbstring", "PDO", "imap"]
--- a/tests/fpm-tests.yaml
+++ b/tests/fpm-tests.yaml
@@ -0,0 +1 @@
 apache-tests.yaml
--- a/tests/run.sh
+++ b/tests/run.sh
@@ -1,11 +0,0 @@
 #!/usr/bin/env bash
 IMAGE=$1
 if [ ! -f container-structure-test ]; then
   curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64
   mv container-structure-test-linux-amd64 container-structure-test
   chmod +x container-structure-test
 fi
 ./container-structure-test test --image $IMAGE --config tests/image_tests.yaml
--- a/upgrade.sh
+++ b/upgrade.sh
@@ -12,6 +12,7 @@ fi
 NEW_VERSION=$1
 MAJOR_VERSION=$(echo $NEW_VERSION | cut -c 1 | awk '{print $1".0"}')
 NEW_TAG=$(echo $NEW_VERSION | sed "s/+/-/")
 grep -qc $NEW_VERSION $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile
@@ -31,5 +32,5 @@ sed -r -i -e "s/[0-9]+(\.[0-9]+)+\+[0-9]+/$NEW_VERSION/" $MAJOR_VERSION/apache/D
 sed -r -i -e "s/[A-Fa-f0-9]{64}/$SHA256_CHECKSUM/" $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile
 # After that, check and commit
-echo "git add 3.0 ; git commit -m 'Upgrading to LTS Version ${NEW_VERSION}' && git tag ${NEW_VERSION}"
+echo "git add 3.0 ; git commit -m 'Upgrading to LTS Version ${NEW_VERSION}' && git tag ${NEW_TAG}"
-echo "git add 5.0 ; git commit -m 'Upgrading to Version ${NEW_VERSION}' && git tag ${NEW_VERSION}"
+echo "git add 5.0 ; git commit -m 'Upgrading to Version ${NEW_VERSION}' && git tag ${NEW_TAG}"
Author	SHA1	Message	Date
Markus Opolka	fdce9e0f97	Upgrading to LTS Version 3.27.4+210622	2021-06-25 08:17:47 +02:00
Markus Opolka	d0259b255b	Add Trivy Scan and Structure Test (#71 ) * Add Trivy Scan and Structure Tests * Update README, fancy new Badges! * Update Makefile, full-qualified Image names	2021-06-23 08:40:51 +02:00
Markus Opolka	0770ca63c7	Remove gchr.io comments	2021-06-22 10:32:33 +02:00
Markus Opolka	1e3009bf6c	Update update.sh for new Tag Schema	2021-06-22 10:26:07 +02:00