Upgrading to LTS Version 3.27.4+210622

Add Trivy Scan and Structure Test (#71 )
* Add Trivy Scan and Structure Tests * Update README, fancy new Badges! * Update Makefile, full-qualified Image names
2025-12-06 16:39:11 +01:00 · 2021-06-25 08:17:47 +02:00 · 2021-06-23 08:40:51 +02:00 · 2021-06-22 10:32:33 +02:00 · 2021-06-22 10:26:07 +02:00
14 changed files with 174 additions and 53 deletions
--- a/.github/workflows/build-latest-container-images.yaml
+++ b/.github/workflows/build-latest-container-images.yaml
@@ -42,21 +42,12 @@ jobs:
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_TOKEN }}
-      ## Can be enabled in the future
-      # - name: Log in to GitHub Container Registry
-      #   uses: docker/login-action@v1
-      #   with:
-      #     registry: gchr.io
-      #     username: ${{ github.repository_owner }}
-      #     password: ${{ secrets.GITHUB_TOKEN }}
      - name: 'Apache variant metadata'
        id: metadata-apache
        uses: docker/metadata-action@v3
        with:
          images: |
            docker.io/martialblog/limesurvey
-          ## Can be enabled in the future
-          # ghcr.io/martialblog/limesurvey
          tags: |
            type=semver,pattern={{raw}},suffix=-apache
            type=semver,pattern={{major}},suffix=-apache
@@ -76,8 +67,6 @@ jobs:
        with:
          images: |
            docker.io/martialblog/limesurvey
-          ## Can be enabled in the future
-          # ghcr.io/martialblog/limesurvey
          tags: |
            type=semver,pattern={{version}},suffix=-fpm
            type=semver,pattern={{major}},suffix=-fpm
@@ -95,8 +84,6 @@ jobs:
        with:
          images: |
            docker.io/martialblog/limesurvey
-          ## Can be enabled in the future
-          # ghcr.io/martialblog/limesurvey
          tags: |
            type=semver,pattern={{version}},suffix=-fpm-alpine
            type=semver,pattern={{major}},suffix=-fpm-alpine
--- a/.github/workflows/build-lts-container-images.yaml
+++ b/.github/workflows/build-lts-container-images.yaml
@@ -42,22 +42,12 @@ jobs:
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_TOKEN }}
-      ## Can be enabled in the future
-      # - name: Log in to GitHub Container Registry
-      #   uses: docker/login-action@v1
-      #   with:
-      #     registry: gchr.io
-      #     username: ${{ github.repository_owner }}
-      #     password: ${{ secrets.GITHUB_TOKEN }}
-
      - name: 'Apache variant metadata'
        id: metadata-apache
        uses: docker/metadata-action@v3
        with:
          images: |
            docker.io/martialblog/limesurvey
-          ## Can be enabled in the future
-          # ghcr.io/martialblog/limesurvey
          tags: |
            type=semver,pattern={{raw}},suffix=-apache
            type=semver,pattern={{major}},suffix=-apache
@@ -77,8 +67,6 @@ jobs:
        with:
          images: |
            docker.io/martialblog/limesurvey
-            ## Can be enabled in the future
-            # ghcr.io/martialblog/limesurvey
          tags: |
            type=semver,pattern={{version}},suffix=-fpm
            type=semver,pattern={{major}},suffix=-fpm
@@ -96,8 +84,6 @@ jobs:
        with:
          images: |
            docker.io/martialblog/limesurvey
-          ## Can be enabled in the future
-          # ghcr.io/martialblog/limesurvey
          tags: |
            type=semver,pattern={{version}},suffix=-fpm-alpine
            type=semver,pattern={{major}},suffix=-fpm-alpine
--- a/.github/workflows/test-latest-container-images.yaml
+++ b/.github/workflows/test-latest-container-images.yaml
@@ -0,0 +1,49 @@
+name: Test Latest Container Images
+
+on: [push, pull_request]
+
+jobs:
+  test_images:
+    name: Test Latest Container Images with Trivy
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        context:
+          - apache
+          - fpm-alpine
+          - fpm
+    steps:
+      - name: 'Check out the repo'
+        uses: actions/checkout@v2
+
+      - name: 'Set up Docker Buildx'
+        uses: docker/setup-buildx-action@v1
+
+      - name: 'Build Container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 5.0/${{ matrix.context }}
+          push: false
+          load: true
+          tags: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
+
+      - name: 'Run Structure tests'
+        uses: plexsystems/container-structure-test-action@v0.2.0
+        with:
+          image: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
+          config: tests/${{ matrix.context }}-tests.yaml
+
+      - name: 'Run vulnerability scanner'
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: trivy-results-5-${{ matrix.context }}.sarif
+          severity: 'CRITICAL,HIGH'
+
+      - name: 'Upload Trivy scan results to GitHub'
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: trivy-results-5-${{ matrix.context }}.sarif
+          category: "${{ matrix.context }}"
--- a/.github/workflows/test-lts-container-images.yaml
+++ b/.github/workflows/test-lts-container-images.yaml
@@ -0,0 +1,49 @@
+name: Test LTS Container Images
+
+on: [push, pull_request]
+
+jobs:
+  test_images:
+    name: Test LTS Container Images with Trivy
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        context:
+          - apache
+          - fpm-alpine
+          - fpm
+    steps:
+      - name: 'Check out the repo'
+        uses: actions/checkout@v2
+
+      - name: 'Set up Docker Buildx'
+        uses: docker/setup-buildx-action@v1
+
+      - name: 'Build Container images'
+        uses: docker/build-push-action@v2
+        with:
+          context: 3.0/${{ matrix.context }}
+          push: false
+          load: true
+          tags: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
+
+      - name: 'Run Structure tests'
+        uses: plexsystems/container-structure-test-action@v0.2.0
+        with:
+          image: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
+          config: tests/${{ matrix.context }}-tests.yaml
+
+      - name: 'Run vulnerability scanner'
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: trivy-results-3-${{ matrix.context }}.sarif
+          severity: 'CRITICAL,HIGH'
+
+      - name: 'Upload Trivy scan results to GitHub'
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: trivy-results-3-${{ matrix.context }}.sarif
+          category: "${{ matrix.context }}"
--- a/3.0/apache/Dockerfile
+++ b/3.0/apache/Dockerfile
@@ -1,7 +1,7 @@
 FROM php:7.4-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.3+210615'
-ARG sha256_checksum='b4986b8be45a2e3d9dbd92ecd724b5bc4aef751f194c00ed445ed0201ad82aa1'
+ARG version='3.27.4+210622'
+ARG sha256_checksum='0333dcce611e06f46bdffc08a052d63dd68ef919860bf811116bf246bd214514'
 ARG USER=root
 ARG LISTEN_PORT=80

--- a/3.0/fpm-alpine/Dockerfile
+++ b/3.0/fpm-alpine/Dockerfile
@@ -1,7 +1,7 @@
 FROM php:7.4-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.3+210615'
-ARG sha256_checksum='b4986b8be45a2e3d9dbd92ecd724b5bc4aef751f194c00ed445ed0201ad82aa1'
+ARG version='3.27.4+210622'
+ARG sha256_checksum='0333dcce611e06f46bdffc08a052d63dd68ef919860bf811116bf246bd214514'

 # Install OS dependencies
 RUN set -ex; \
--- a/3.0/fpm/Dockerfile
+++ b/3.0/fpm/Dockerfile
@@ -1,7 +1,7 @@
 FROM php:7.4-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.3+210615'
-ARG sha256_checksum='b4986b8be45a2e3d9dbd92ecd724b5bc4aef751f194c00ed445ed0201ad82aa1'
+ARG version='3.27.4+210622'
+ARG sha256_checksum='0333dcce611e06f46bdffc08a052d63dd68ef919860bf811116bf246bd214514'

 # Install OS dependencies
 RUN set -ex; \
--- a/12
+++ b/12
@@ -1,14 +1,14 @@
 # .PHONY: apache fpm fpm-alpine

 apache-lts:
-	docker build --pull -t martialblog/limesurvey:3-apache 3.0/apache
+	docker build --pull -t docker.io/martialblog/limesurvey:3-apache 3.0/apache
 apache-latest:
-	docker build --pull -t martialblog/limesurvey:5-apache 5.0/apache
+	docker build --pull -t docker.io/martialblog/limesurvey:5-apache 5.0/apache
 fpm-alpine-lts:
-	docker build --pull -t martialblog/limesurvey:3-fpm-alpine 3.0/fpm-alpine
+	docker build --pull -t docker.io/martialblog/limesurvey:3-fpm-alpine 3.0/fpm-alpine
 fpm-alpine-latest:
-	docker build --pull -t martialblog/limesurvey:5-fpm-alpine 5.0/fpm-alpine
+	docker build --pull -t docker.io/martialblog/limesurvey:5-fpm-alpine 5.0/fpm-alpine
 fpm-lts:
-	docker build --pull -t martialblog/limesurvey:3-fpm 3.0/fpm
+	docker build --pull -t docker.io/martialblog/limesurvey:3-fpm 3.0/fpm
 fpm-latest:
-	docker build --pull -t martialblog/limesurvey:5-fpm 5.0/fpm
+	docker build --pull -t docker.io/martialblog/limesurvey:5-fpm 5.0/fpm
--- a/README.md
+++ b/README.md
@@ -1,4 +1,6 @@
-[![Build Status](https://travis-ci.com/martialblog/docker-limesurvey.svg?branch=master)](https://travis-ci.com/martialblog/docker-limesurvey)
+[![Lint Dockerfile](https://github.com/martialblog/docker-limesurvey/actions/workflows/lint-dockerfiles.yaml/badge.svg)](https://github.com/martialblog/docker-limesurvey/actions/workflows/lint-dockerfiles.yaml)
+[![Test LTS Container Images](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-lts-container-images.yaml/badge.svg)](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-lts-container-images.yaml)
+[![Test Latest Container Images](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-latest-container-images.yaml/badge.svg)](https://github.com/martialblog/docker-limesurvey/actions/workflows/test-latest-container-images.yaml)
 [![](https://images.microbadger.com/badges/image/martialblog/limesurvey.svg)](https://microbadger.com/images/martialblog/limesurvey "Get your own image badge on microbadger.com")

 # LimeSurvey Docker
--- a/tests/apache-tests.yaml
+++ b/tests/apache-tests.yaml
--- a/tests/fpm-alpine-tests.yaml
+++ b/tests/fpm-alpine-tests.yaml
@@ -0,0 +1,57 @@
+schemaVersion: "2.0.0"
+
+globalEnvVars:
+  - key: "PATH"
+    value: "/env/bin:$PATH"
+
+fileContentTests:
+  - name: 'Limesurvey admin file content'
+    path: '/var/www/html/admin/index.php'
+    expectedContents: ['LimeSurvey']
+  - name: 'Entrypoint file content'
+    path: '/var/www/html/entrypoint.sh'
+    expectedContents: ['console.php', 'ADMIN_USER']
+
+fileExistenceTests:
+  - name: 'Limesurvey files'
+    path: '/var/www/html/index.php'
+    shouldExist: true
+    permissions: '-rw-rw-r--'
+  - name: 'Limesurvey admin files'
+    path: '/var/www/html/admin/index.php'
+    shouldExist: true
+    permissions: '-rw-rw-r--'
+  - name:  "Dependencies - PHP - gd"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-gd.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - imap"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-imap.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - ldap"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-ldap.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - pgsql"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-pgsql.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - zip"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-zip.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - sodium"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-sodium.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - pdo_mysql"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-pdo_mysql.ini'
+    shouldExist: true
+  - name:  "Dependencies - PHP - pdo_pgsql"
+    path: '/usr/local/etc/php/conf.d/docker-php-ext-pdo_pgsql.ini'
+    shouldExist: true
+
+commandTests:
+  - name:  "Dependencies - netcat"
+    command: "apk"
+    args: ["info", "-e", "netcat-openbsd"]
+    exitCode: 0
+  - name:  "Dependencies - PHP Modules"
+    command: "php"
+    args: ["-m"]
+    expectedOutput: ["ldap", "zip", "pdo_mysql", "pdo_sqlite", "gd", "mbstring", "PDO", "imap"]
--- a/tests/fpm-tests.yaml
+++ b/tests/fpm-tests.yaml
@@ -0,0 +1 @@
+apache-tests.yaml
--- a/tests/run.sh
+++ b/tests/run.sh
@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-
-IMAGE=$1
-
-if [ ! -f container-structure-test ]; then
-   curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64
-   mv container-structure-test-linux-amd64 container-structure-test
-   chmod +x container-structure-test
-fi
-
-./container-structure-test test --image $IMAGE --config tests/image_tests.yaml
--- a/upgrade.sh
+++ b/upgrade.sh
@@ -12,6 +12,7 @@ fi

 NEW_VERSION=$1
 MAJOR_VERSION=$(echo $NEW_VERSION | cut -c 1 | awk '{print $1".0"}')
+NEW_TAG=$(echo $NEW_VERSION | sed "s/+/-/")

 grep -qc $NEW_VERSION $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile

@@ -31,5 +32,5 @@ sed -r -i -e "s/[0-9]+(\.[0-9]+)+\+[0-9]+/$NEW_VERSION/" $MAJOR_VERSION/apache/D
 sed -r -i -e "s/[A-Fa-f0-9]{64}/$SHA256_CHECKSUM/" $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile

 # After that, check and commit
-echo "git add 3.0 ; git commit -m 'Upgrading to LTS Version ${NEW_VERSION}' && git tag ${NEW_VERSION}"
-echo "git add 5.0 ; git commit -m 'Upgrading to Version ${NEW_VERSION}' && git tag ${NEW_VERSION}"
+echo "git add 3.0 ; git commit -m 'Upgrading to LTS Version ${NEW_VERSION}' && git tag ${NEW_TAG}"
+echo "git add 5.0 ; git commit -m 'Upgrading to Version ${NEW_VERSION}' && git tag ${NEW_TAG}"
Author	SHA1	Message	Date
Markus Opolka	fdce9e0f97	Upgrading to LTS Version 3.27.4+210622	2021-06-25 08:17:47 +02:00
Markus Opolka	d0259b255b	Add Trivy Scan and Structure Test (#71 ) * Add Trivy Scan and Structure Tests * Update README, fancy new Badges! * Update Makefile, full-qualified Image names	2021-06-23 08:40:51 +02:00
Markus Opolka	0770ca63c7	Remove gchr.io comments	2021-06-22 10:32:33 +02:00
Markus Opolka	1e3009bf6c	Update update.sh for new Tag Schema	2021-06-22 10:26:07 +02:00