Skip to content

Commit fe54e4a

Browse files
tolgaozentolgaozen
authored
Merge pull request #2064 from Permify/dockerfile-update-v0-4-37
chore(build): update docker image version and add Trivy scan for vuln…
2 parents ac54934 + 92605c1 commit fe54e4a

File tree

2 files changed

+12
-6
lines changed

2 files changed

+12
-6
lines changed

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ COPY . .
55
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod CGO_ENABLED=0 go build -v ./cmd/permify/
66

77
FROM cgr.dev/chainguard/static:latest@sha256:853bfd4495abb4b65ede8fc9332513ca2626235589c2cef59b4fce5082d0836d
8-
COPY --from=ghcr.io/grpc-ecosystem/grpc-health-probe:v0.4.28 /ko-app/grpc-health-probe /usr/local/bin/grpc_health_probe
8+
COPY --from=ghcr.io/grpc-ecosystem/grpc-health-probe:v0.4.37 /ko-app/grpc-health-probe /usr/local/bin/grpc_health_probe
99
COPY --from=permify-builder /go/src/app/permify /usr/local/bin/permify
1010
ENV PATH="$PATH:/usr/local/bin"
1111
ENTRYPOINT ["permify"]

Makefile

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,17 +9,17 @@ GO_PACKAGES := $(shell find ./cmd ./pkg ./internal -name '*_test.go' | xargs -n1
99
help: ## Display this help screen
1010
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
1111

12+
.PHONY: compose-up
1213
compose-up: ### Run docker-compose
1314
docker-compose up --build
14-
.PHONY: compose-up
1515

16+
.PHONY: compose-up-integration-test
1617
compose-up-integration-test: ### Run docker-compose with integration test
1718
docker-compose up --build --abort-on-container-exit --exit-code-from integration
18-
.PHONY: compose-up-integration-test
1919

20+
.PHONY: compose-down
2021
compose-down: ### Down docker-compose
2122
docker-compose down --remove-orphans
22-
.PHONY: compose-down
2323

2424
.PHONY: download
2525
download:
@@ -70,6 +70,11 @@ lint-all: linter-golangci linter-hadolint linter-dotenv ## Run all linters
7070
security-scan: ## Scan code for security vulnerabilities using Gosec
7171
gosec -exclude=G115 -exclude-dir=sdk -exclude-dir=playground -exclude-dir=docs -exclude-dir=assets ./...
7272

73+
.PHONY: trivy-scan
74+
trivy-scan: ## Scan Docker image for vulnerabilities using Trivy
75+
docker build -t permify-image .
76+
trivy image --format json --output trivy-report.json --scanners vuln permify-image
77+
7378
.PHONY: coverage
7479
coverage: ## Generate global code coverage report
7580
go test -coverprofile=covprofile ./cmd/... ./internal/... ./pkg/...
@@ -80,15 +85,16 @@ clean: ## Remove temporary and generated files
8085
rm -f ./permify
8186
rm -f ./pkg/development/wasm/main.wasm
8287
rm -f ./pkg/development/wasm/play.wasm
83-
rm -f covprofile coverage.html
88+
rm -f covprofile coverage.html trivy-report.json
89+
docker rmi -f permify-image || true
8490

8591
.PHONY: wasm-build
8692
wasm-build: ## Build wasm & place it in playground
8793
cd ./pkg/development/wasm && GOOS=js GOARCH=wasm go build -ldflags="-s -w" -o main.wasm && wasm-opt main.wasm --enable-bulk-memory -Oz -o play.wasm
8894
cp ./pkg/development/wasm/play.wasm ./playground/public/play.wasm
8995

9096
.PHONY: release
91-
release: format test security-scan clean ## Prepare for release
97+
release: format test security-scan trivy-scan clean ## Prepare for release
9298

9399
# Serve
94100

0 commit comments

Comments
 (0)