Skip to content

Commit

Permalink
Merge branch 'main' of github.com:no10ds/rapid
Browse files Browse the repository at this point in the history
  • Loading branch information
lcardno10 committed Sep 30, 2024
2 parents 038f71c + 397132e commit e1e4e1d
Show file tree
Hide file tree
Showing 4 changed files with 66 additions and 22 deletions.
7 changes: 3 additions & 4 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,14 @@
export

# Versions
PYTHON_VERSION=3.10.6
PYTHON_VERSION=3.12.6
NODE_VERSION=lts/iron

# Git references
GITHUB_SHA=$$(git rev-parse HEAD)
GITHUB_REF_NAME=$$(git rev-parse --abbrev-ref HEAD)
GITHUB_SHORT_SHA=$$(git rev-parse --short HEAD)


# API Build variables
API_ACCOUNT_ECR_URI=$(AWS_ACCOUNT).dkr.ecr.$(AWS_REGION).amazonaws.com
API_PUBLIC_URI=public.ecr.aws
Expand Down Expand Up @@ -113,15 +112,15 @@ api/format: ## Run the api code format with black
##

api/tag-image: ## Tag the image with the latest commit hash
@cd api/; docker tag rapid-api-service-image:latest $(API_ACCOUNT_ECR_URI)/$(API_IMAGE_NAME):$(GITHUB_SHORT_SHA)
@cd api/; docker tag rapid-api/service-image:latest $(API_ACCOUNT_ECR_URI)/$(API_IMAGE_NAME):$(GITHUB_SHORT_SHA)

api/upload-image: ## Upload the tagged image to the image registry
@aws ecr get-login-password --region $(AWS_REGION) | docker login --username AWS --password-stdin $(API_ACCOUNT_ECR_URI) && docker push $(API_ACCOUNT_ECR_URI)/$(API_IMAGE_NAME):$(GITHUB_SHORT_SHA)

api/tag-and-upload: api/tag-image api/upload-image ## Tag and upload the latest api image

api/tag-release-image: ## Tag the image with the tag name
@cd api/; tag rapid-api-service-image:latest $(API_PUBLIC_URI)/$(API_PUBLIC_IMAGE):${GITHUB_REF_NAME}
@cd api/; tag rapid-api/service-image:latest $(API_PUBLIC_URI)/$(API_PUBLIC_IMAGE):${GITHUB_REF_NAME}

api/upload-release-image: ## Upload the tagged release image to the image registry
@aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin $(API_PUBLIC_URI) && docker push $(API_PUBLIC_URI)/$(API_PUBLIC_IMAGE):${GITHUB_REF_NAME}
Expand Down
2 changes: 1 addition & 1 deletion api/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#checkov:skip=CKV_DOCKER_9: Allow for use of apt
#checkov:skip=CKV_DOCKER_2: No need for healthcheck in container
#checkov:skip=CKV_DOCKER_3: No need for user in container
FROM python:3.10-slim
FROM python:3.12-slim

WORKDIR /app
RUN apt update
Expand Down
14 changes: 7 additions & 7 deletions api/image-utils.sh
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/usr/bin/env bash
set -eu -o pipefail

LATEST_TAG=$(git rev-parse --short "$GITHUB_SHA")
LATEST_TAG=$(git rev-parse --short HEAD)
IGNORE_LIST_FILE=vulnerability-ignore-list.txt

RETRIES=0
Expand All @@ -19,7 +19,7 @@ function _scan_in_progress {

STATUS=$(aws ecr describe-image-scan-findings \
--region "$AWS_REGION" \
--repository-name "$IMAGE_NAME" \
--repository-name "$API_IMAGE_NAME" \
--image-id imageTag="$LATEST_TAG" \
| jq '.imageScanStatus.status' \
| jq -r .)
Expand Down Expand Up @@ -47,7 +47,7 @@ function _get_high_or_critical_vulnerabilities {
VULNS=()
while IFS='' read -r line; do VULNS+=("$line"); done < <(aws ecr describe-image-scan-findings \
--region "$AWS_REGION" \
--repository-name "$IMAGE_NAME" \
--repository-name "$API_IMAGE_NAME" \
--image-id imageTag="$1" \
| jq '.imageScanFindings.findings[] | select(.severity == "HIGH" or .severity == "CRITICAL") | (.name + "_" + .uri)' \
| jq -r .)
Expand All @@ -72,7 +72,7 @@ function get_image_sha_if_exists {
set +e
IMAGE_METADATA="$( aws ecr describe-images \
--region "$AWS_REGION" \
--repository-name=$IMAGE_NAME \
--repository-name="$API_IMAGE_NAME" \
--image-ids=imageTag="$1" 2> /dev/null )"
set -e
if [[ $? == 0 ]]; then
Expand Down Expand Up @@ -117,13 +117,13 @@ function tag_image {

MANIFEST=$(aws ecr batch-get-image \
--region "$AWS_REGION" \
--repository-name "$IMAGE_NAME" \
--repository-name "$API_IMAGE_NAME" \
--image-ids imageTag="$2" \
--query 'images[].imageManifest' --output text)

aws ecr put-image \
--region "$AWS_REGION" \
--repository-name "$IMAGE_NAME" \
--repository-name "$API_IMAGE_NAME" \
--image-tag "$1" \
--image-manifest "$MANIFEST" > /dev/null
}
Expand All @@ -133,7 +133,7 @@ function _untag_and_delete {

aws ecr batch-delete-image \
--region "$AWS_REGION" \
--repository-name "$IMAGE_NAME" \
--repository-name "$API_IMAGE_NAME" \
--image-ids imageTag="$1" > /dev/null
}

Expand Down
65 changes: 55 additions & 10 deletions api/vulnerability-ignore-list.txt
Original file line number Diff line number Diff line change
@@ -1,11 +1,56 @@
CVE-2019-19814 https://security-tracker.debian.org/tracker/CVE-2019-19814
CVE-2021-39686 https://security-tracker.debian.org/tracker/CVE-2021-39686
CVE-2013-7445 https://security-tracker.debian.org/tracker/CVE-2013-7445
CVE-2022-24765 https://security-tracker.debian.org/tracker/CVE-2022-24765
CVE-2023-6879 https://security-tracker.debian.org/tracker/CVE-2023-6879
CVE-2023-45853 https://security-tracker.debian.org/tracker/CVE-2023-45853
CVE-2023-52425 https://security-tracker.debian.org/tracker/CVE-2023-52425
CVE-2023-49462 https://security-tracker.debian.org/tracker/CVE-2023-49462
CVE-2024-46724 https://security-tracker.debian.org/tracker/CVE-2024-46724
CVE-2024-46738 https://security-tracker.debian.org/tracker/CVE-2024-46738
CVE-2024-46756 https://security-tracker.debian.org/tracker/CVE-2024-46756
CVE-2024-46731 https://security-tracker.debian.org/tracker/CVE-2024-46731
CVE-2024-44987 https://security-tracker.debian.org/tracker/CVE-2024-44987
CVE-2024-26913 https://security-tracker.debian.org/tracker/CVE-2024-26913
CVE-2024-46725 https://security-tracker.debian.org/tracker/CVE-2024-46725
CVE-2024-46759 https://security-tracker.debian.org/tracker/CVE-2024-46759
CVE-2024-44998 https://security-tracker.debian.org/tracker/CVE-2024-44998
CVE-2024-26952 https://security-tracker.debian.org/tracker/CVE-2024-26952
CVE-2024-38630 https://security-tracker.debian.org/tracker/CVE-2024-38630
CVE-2024-44974 https://security-tracker.debian.org/tracker/CVE-2024-44974
CVE-2024-41061 https://security-tracker.debian.org/tracker/CVE-2024-41061
CVE-2021-3847 https://security-tracker.debian.org/tracker/CVE-2021-3847
CVE-2022-27404 https://security-tracker.debian.org/tracker/CVE-2022-27404
CVE-2019-8457 https://security-tracker.debian.org/tracker/CVE-2019-8457
CVE-2022-1679 https://security-tracker.debian.org/tracker/CVE-2022-1679
CVE-2022-1652 https://security-tracker.debian.org/tracker/CVE-2022-1652
CVE-2019-15794 https://security-tracker.debian.org/tracker/CVE-2019-15794
CVE-2022-29187 https://security-tracker.debian.org/tracker/CVE-2022-29187
CVE-2024-46740 https://security-tracker.debian.org/tracker/CVE-2024-46740
CVE-2024-39479 https://security-tracker.debian.org/tracker/CVE-2024-39479
CVE-2024-41071 https://security-tracker.debian.org/tracker/CVE-2024-41071
CVE-2024-38570 https://security-tracker.debian.org/tracker/CVE-2024-38570
CVE-2019-19449 https://security-tracker.debian.org/tracker/CVE-2019-19449
CVE-2024-21803 https://security-tracker.debian.org/tracker/CVE-2024-21803
CVE-2024-46674 https://security-tracker.debian.org/tracker/CVE-2024-46674
CVE-2024-46673 https://security-tracker.debian.org/tracker/CVE-2024-46673
CVE-2024-46798 https://security-tracker.debian.org/tracker/CVE-2024-46798
CVE-2024-46782 https://security-tracker.debian.org/tracker/CVE-2024-46782
CVE-2024-46722 https://security-tracker.debian.org/tracker/CVE-2024-46722
CVE-2023-52452 https://security-tracker.debian.org/tracker/CVE-2023-52452
CVE-2024-42162 https://security-tracker.debian.org/tracker/CVE-2024-42162
CVE-2024-26930 https://security-tracker.debian.org/tracker/CVE-2024-26930
CVE-2024-46743 https://security-tracker.debian.org/tracker/CVE-2024-46743
CVE-2023-52827 https://security-tracker.debian.org/tracker/CVE-2023-52827
CVE-2024-45026 https://security-tracker.debian.org/tracker/CVE-2024-45026
CVE-2024-44941 https://security-tracker.debian.org/tracker/CVE-2024-44941
CVE-2024-44940 https://security-tracker.debian.org/tracker/CVE-2024-44940
CVE-2024-44942 https://security-tracker.debian.org/tracker/CVE-2024-44942
CVE-2024-46757 https://security-tracker.debian.org/tracker/CVE-2024-46757
CVE-2024-44999 https://security-tracker.debian.org/tracker/CVE-2024-44999
CVE-2024-46747 https://security-tracker.debian.org/tracker/CVE-2024-46747
CVE-2024-46723 https://security-tracker.debian.org/tracker/CVE-2024-46723
CVE-2021-3864 https://security-tracker.debian.org/tracker/CVE-2021-3864
CVE-2024-44986 https://security-tracker.debian.org/tracker/CVE-2024-44986
CVE-2024-46746 https://security-tracker.debian.org/tracker/CVE-2024-46746
CVE-2024-42228 https://security-tracker.debian.org/tracker/CVE-2024-42228
CVE-2013-7445 https://security-tracker.debian.org/tracker/CVE-2013-7445
CVE-2024-46800 https://security-tracker.debian.org/tracker/CVE-2024-46800
CVE-2019-19814 https://security-tracker.debian.org/tracker/CVE-2019-19814
CVE-2024-46758 https://security-tracker.debian.org/tracker/CVE-2024-46758
CVE-2023-2953 https://security-tracker.debian.org/tracker/CVE-2023-2953
CVE-2023-31484 https://security-tracker.debian.org/tracker/CVE-2023-31484
CVE-2023-7104 https://security-tracker.debian.org/tracker/CVE-2023-7104
CVE-2024-7006 https://security-tracker.debian.org/tracker/CVE-2024-7006
CVE-2023-52356 https://security-tracker.debian.org/tracker/CVE-2023-52356
CVE-2023-52355 https://security-tracker.debian.org/tracker/CVE-2023-52355

0 comments on commit e1e4e1d

Please sign in to comment.