Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Travis - Multiarch Builds, Autopublish on Docker-Hub and Security Scan with trivy #70

Closed

Conversation

thiscantbeserious
Copy link

@thiscantbeserious thiscantbeserious commented Feb 18, 2020

From #43

Changelog in a nutshell:

  1. replaced node-sass with sass to solve dependency issues while npm install and improve build speed
  2. Updated package(-lock).json to fix outdated dependencies
  3. Modified Dockerfile to allow Multiarch builds - reworked stages to minify overhead and increase reuse while doing these builds
  4. Added .travis.yml file to add Autobuild, Autoscan via trivy and last but not least Autopublish on Docker Hub via :latest and :commit-id(:8) tags

This will require you to setup a free Travis account on https://travis-ci.com/ and setup the repositories settings for k8dash by adding the Environment Variables:

  • HUB_USER = herbrandson
  • HUB_TOKEN = docker-api-token-generated-on-docker-hub

I strongly recommend not to use your personal password for HUB_TOKEN but really generate a Token in your Account (pretty easy) - see also here: https://docs.docker.com/docker-hub/access-tokens/

That should be all. The current functionality of the PR can be verified on my master repo:

https://github.com/thiscantbeserious/k8dash

Also Docker Hub:

https://hub.docker.com/r/youcantbeserious/multiarch-k8dash/tags

And Travis log:

https://travis-ci.com/thiscantbeserious/k8dash/builds/149216396

herbrandson and others added 30 commits April 2, 2019 08:39
…tter api for validating tokens. Added some server logging at startup to help track down issues.
nodeport yaml provided and readme updated for faster up-and-running option
…ndling and messaging. Improved logging on the server. Better proxy handling on server (changeOrigin)
Copy link
Collaborator

@herbrandson herbrandson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a ton for this! I left a handful of questions/comments, but it looks really good :)

client/src/components/derp.log Outdated Show resolved Hide resolved
trivy.log Outdated Show resolved Hide resolved
Dockerfile Outdated Show resolved Hide resolved
Dockerfile Show resolved Hide resolved
@@ -0,0 +1,33 @@
language: generic
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've not tried using travis-ci w/ an open source project before, but I absolutely love that you've added this :)

Is there anything that will needs to be configured at travis-ci.com to make this work?

Copy link
Author

@thiscantbeserious thiscantbeserious Feb 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes you need to generate an API-Token on Docker Hub and add that to the Travis Project via the HUB_TOKEN Environment Variable and you also need to set HUB_USER to your accoutname.

See here:

https://docs.travis-ci.com/user/environment-variables/#defining-variables-in-repository-settings

Afterwards Travis will publish it automatically on Docker Hub after each commit.

Btw. I only used it once myself but I loved the idea of being able to work remotely on my Chromebook and Travis doing the heavy duty for me (not just testing) so I gave it a go.

Guess I'll do that more often from now on, since I like the result. :) ...

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I kinda love this idea :)

However, I need a bit to get this all wired up. It also makes for multiple large and only semi related changes in the PR. How would you feel about pulling the travis.yml file out into a separate PR? Everything else LGTM and I'd love to be able to merge it asap.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, sorry. One other comment on your last comment above. I currently have it configured so DockerHub watches GitHub for changes and automatically does this build there. I think that's the same thing you were going for via Travis. Any advantages to moving that build out of DockerHub and into Travis?

client/src/components/button.scss Show resolved Hide resolved
@thiscantbeserious
Copy link
Author

@herbrandson fixes should be done

- docker buildx build ./ --platform=linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/amd64,linux/i386 -t ${HUB_REPO}:${COMMIT} -t ${HUB_REPO}:latest --push
- docker save -o docker_images/images.tar $(docker images -a -q)
- export VERSION=$(curl --silent "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
- wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious... any reason you're using wget here and curl above?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy & Paste from the individual snippets :))

@herbrandson
Copy link
Collaborator

Hey @thiscantbeserious I just wanted to apologize for how long it's taken to get this PR merged. Thank you so much for your patience. I REALLY appreciate all the effort you've put into this and am excited to get it merged :)

@thiscantbeserious
Copy link
Author

thiscantbeserious commented Mar 16, 2020

@herbrandson no worries. No need to hurry here. I'm testing in the meantime, also have quite a busy life myself.

I noticed some additional comments via email but I cant find any of them here (mobile view). Did you remove them or did you leave them in another place?

@herbrandson herbrandson closed this Feb 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants