Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
8c44d52b69 | ||
|
|
99b8ed1996 | ||
|
|
18868a47fc | ||
|
|
cb5bd01a93 | ||
|
|
72ebde31ce | ||
|
|
7c79bf066a |
1
.github/workflows/docker-build.yml
vendored
1
.github/workflows/docker-build.yml
vendored
@@ -110,6 +110,7 @@ jobs:
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
pull: true # Always pull fresh base images to get latest security patches
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
build-args: |
|
||||
|
||||
2
.github/workflows/docker-publish.yml
vendored
2
.github/workflows/docker-publish.yml
vendored
@@ -114,6 +114,8 @@ jobs:
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
# Always pull fresh base images to get latest security patches
|
||||
pull: true
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
build-args: |
|
||||
|
||||
@@ -71,6 +71,7 @@ jobs:
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
no-cache: ${{ github.event_name == 'schedule' || inputs.force_rebuild }}
|
||||
pull: true # Always pull fresh base images to get latest security patches
|
||||
build-args: |
|
||||
VERSION=security-scan
|
||||
BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
|
||||
@@ -122,7 +123,7 @@ jobs:
|
||||
echo "Checking key security packages:" >> $GITHUB_STEP_SUMMARY
|
||||
echo '```' >> $GITHUB_STEP_SUMMARY
|
||||
docker run --rm --entrypoint "" ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }} \
|
||||
sh -c "apk info c-ares curl libcurl openssl" >> $GITHUB_STEP_SUMMARY
|
||||
sh -c "apk update >/dev/null 2>&1 && apk info c-ares curl libcurl openssl" >> $GITHUB_STEP_SUMMARY
|
||||
echo '```' >> $GITHUB_STEP_SUMMARY
|
||||
|
||||
- name: Create security scan summary
|
||||
|
||||
@@ -18,6 +18,7 @@ ARG CADDY_VERSION=2.10.2
|
||||
## plain Alpine base image and overwrite its caddy binary with our
|
||||
## xcaddy-built binary in the later COPY step. This avoids relying on
|
||||
## upstream caddy image tags while still shipping a pinned caddy binary.
|
||||
# renovate: datasource=docker depName=alpine
|
||||
ARG CADDY_IMAGE=alpine:3.23
|
||||
|
||||
# ---- Cross-Compilation Helpers ----
|
||||
@@ -203,6 +204,7 @@ RUN mkdir -p /crowdsec-out/config && \
|
||||
cp -r config/* /crowdsec-out/config/ || true
|
||||
|
||||
# ---- CrowdSec Fallback (for architectures where build fails) ----
|
||||
# renovate: datasource=docker depName=alpine
|
||||
FROM alpine:3.23 AS crowdsec-fallback
|
||||
|
||||
WORKDIR /tmp/crowdsec
|
||||
|
||||
@@ -406,7 +406,7 @@ describe('LiveLogViewer', () => {
|
||||
// Use findBy queries (built-in waiting) instead of single waitFor with multiple assertions
|
||||
// This avoids race conditions where one failing assertion causes the entire block to retry
|
||||
await screen.findByText('10.0.0.1');
|
||||
await screen.findByText(/BLOCKED: SQL injection detected/);
|
||||
await screen.findByText(/🚫 BLOCKED: SQL injection detected/);
|
||||
await screen.findByText(/\[SQL injection detected\]/);
|
||||
|
||||
// For getAllByText, keep in waitFor but separate from other assertions
|
||||
|
||||
Reference in New Issue
Block a user