From e30e4e7e8db406d379ea41add9fffd54d8a0a825 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 26 Feb 2025 20:39:08 -0500 Subject: [PATCH 001/109] edit --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d205584..4d54f7c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,8 +1,8 @@ name: Main Workflow on: push: - branches: - - main + + workflow_dispatch: permissions: contents: read From 4552ba80ee9833c26bc568dcb8f94aa3c1fe0f3a Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 21:02:54 -0500 Subject: [PATCH 002/109] I added some things to the pylint job --- .github/workflows/lint-format.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index 2c918ce..4038f7d 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -26,6 +26,11 @@ jobs: - name: Run pylint run: pylint $(git ls-files '*.py') + shell: /usr/bin/bash -e {0} + env: + pythonLocation: /opt/hostedtoolcache/Python/3.12.5/x64 + LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.12.5/x64/lib + - name: Run black run: black --check . \ No newline at end of file From d0f9f43c348c140f5d566347643732ae66fdc514 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 21:12:44 -0500 Subject: [PATCH 003/109] recent commit --- .github/workflows/lint-format.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index 4038f7d..742d860 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -20,6 +20,7 @@ jobs: - name: Install dependencies run: | + pip install -r requirements.txt python -m pip install --upgrade pip pip install pylint pip install pylint black From 7e92a41c6c8998ebd2bf7b1b631bc705500fcc25 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 21:18:48 -0500 Subject: [PATCH 004/109] added a blank line at the end of the main.py file --- main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.py b/main.py index b6eade5..41710e2 100644 --- a/main.py +++ b/main.py @@ -120,4 +120,4 @@ def secure_data(token: str = Query(...)): if token == API_SECRET: return {"data": "Sensitive Data"} - return JSONResponse(status_code=403, content={"message": "Forbidden"}) \ No newline at end of file + return JSONResponse(status_code=403, content={"message": "Forbidden"}) From cd09719d91d740c0e56621a89479a7438e0d7705 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 21:22:12 -0500 Subject: [PATCH 005/109] I added another empty line at the end of the test_main.py file --- .github/workflows/lint-format.yml | 5 ----- tests/test_main.py | 3 ++- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index 742d860..219dc27 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -27,11 +27,6 @@ jobs: - name: Run pylint run: pylint $(git ls-files '*.py') - shell: /usr/bin/bash -e {0} - env: - pythonLocation: /opt/hostedtoolcache/Python/3.12.5/x64 - LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.12.5/x64/lib - - name: Run black run: black --check . \ No newline at end of file diff --git a/tests/test_main.py b/tests/test_main.py index 0e3e436..d914aa0 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -115,4 +115,5 @@ def test_secure_data_with_invalid_token(): """ response = client.get("/secure-data", params={"token": "wrong_token"}) assert response.status_code == 403 - assert response.json() == {"message": "Forbidden"} \ No newline at end of file + assert response.json() == {"message": "Forbidden"} + From b9d57ff34ff010fb997d939803125d9169376f7e Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 21:24:53 -0500 Subject: [PATCH 006/109] I removed the extra white space at the end of the test_main.py file --- tests/test_main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_main.py b/tests/test_main.py index d914aa0..e1df2a4 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -116,4 +116,4 @@ def test_secure_data_with_invalid_token(): response = client.get("/secure-data", params={"token": "wrong_token"}) assert response.status_code == 403 assert response.json() == {"message": "Forbidden"} - + \ No newline at end of file From 2c361d7b46a18c0540d5db4c70abef983728fa03 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 21:29:14 -0500 Subject: [PATCH 007/109] I added another empty line at the end of the test_main.py file --- tests/test_main.py-e | 119 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 tests/test_main.py-e diff --git a/tests/test_main.py-e b/tests/test_main.py-e new file mode 100644 index 0000000..e1df2a4 --- /dev/null +++ b/tests/test_main.py-e @@ -0,0 +1,119 @@ +""" +Module containing test cases for a FastAPI application. + +This module uses the FastAPI TestClient to perform unit tests on endpoints +defined in the `main` FastAPI app. The tests include checking responses for +various endpoints under normal and edge-case scenarios. +""" + +# pylint: disable=wrong-import-position + +import sys +import os +from fastapi.testclient import TestClient + +# Add the parent directory to the system path for imports +sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), ".."))) + +from main import app # Adjust the import if your file is named differently + +client = TestClient(app) + + +def test_index(): + """ + Test the index route (`/`). + + Ensures the endpoint returns a 200 status code and the correct JSON response. + """ + response = client.get("/") + assert response.status_code == 200 + assert response.json() == {"message": "Hello World!"} + + +def test_get_user_sql_injection(): + """ + Test the `/users` endpoint for SQL injection vulnerability. + + Sends a malicious input to ensure the query is logged or handled securely. + """ + response = client.get("/users", params={"username": "admin'; DROP TABLE users; --"}) + assert response.status_code == 200 + # Ensure the query is built with the vulnerable input + assert "DROP TABLE users" in response.json()["query"] + + +def test_read_file_valid_path(tmp_path): + """ + Test the `/read_file` endpoint with a valid file path. + + Creates a temporary file, sends its path to the endpoint, and verifies the + content is returned correctly. + """ + temp_file = tmp_path / "test.txt" + temp_file.write_text("This is a test file.") + response = client.get("/read_file", params={"file_path": str(temp_file)}) + assert response.status_code == 200 + assert response.json() == {"content": "This is a test file."} + + +def test_read_file_invalid_path(): + """ + Test the `/read_file` endpoint with an invalid file path. + + Sends a non-existent file path and ensures the response contains an error. + """ + response = client.get("/read_file", params={"file_path": "/non/existent/file.txt"}) + assert response.status_code == 500 + assert "detail" in response.json() + + +def test_error_endpoint(): + """ + Test the `/error` endpoint. + + Ensures the endpoint raises a 500 Internal Server Error as expected and + verifies the error type. + """ + try: + response = client.get("/error") + assert response.status_code == 500 # Should raise a 500 Internal Server Error + except ZeroDivisionError as err: + assert "division by zero" in str(err) + + +def test_upload_file(): + """ + Test the `/upload` endpoint with a dummy file. + + Verifies that a file can be uploaded successfully and the correct response + is returned. + """ + file_content = b"dummy content" + files = {"file": ("test.txt", file_content, "text/plain")} + response = client.post("/upload", files=files) + assert response.status_code == 200 + assert response.json() == {"message": "File uploaded successfully"} + + +def test_secure_data_with_valid_token(): + """ + Test the `/secure-data` endpoint with a valid token. + + Sends a valid token and ensures the secure data is returned. + """ + response = client.get("/secure-data", params={"token": "1234567890"}) + assert response.status_code == 200 + assert response.json() == {"data": "Sensitive Data"} + + +def test_secure_data_with_invalid_token(): + """ + Test the `/secure-data` endpoint with an invalid token. + + Sends an invalid token and ensures a 403 Forbidden status code is returned. + """ + response = client.get("/secure-data", params={"token": "wrong_token"}) + assert response.status_code == 403 + assert response.json() == {"message": "Forbidden"} + \ No newline at end of file From 5a24fa5ef6cecf7e02946c52cbc1d5c95ab2f1bd Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 21:31:26 -0500 Subject: [PATCH 008/109] I added another empty line at the end of the test_main.py file --- tests/test_main.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/test_main.py b/tests/test_main.py index e1df2a4..4a1ba95 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -116,4 +116,5 @@ def test_secure_data_with_invalid_token(): response = client.get("/secure-data", params={"token": "wrong_token"}) assert response.status_code == 403 assert response.json() == {"message": "Forbidden"} + \ No newline at end of file From dbf7fc1cabe1d39c70d464e69a4dd9275df78469 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 21:34:33 -0500 Subject: [PATCH 009/109] I added another empty line at the end of the test_main.py file --- tests/test_main.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/test_main.py b/tests/test_main.py index 4a1ba95..61d1c72 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -116,5 +116,3 @@ def test_secure_data_with_invalid_token(): response = client.get("/secure-data", params={"token": "wrong_token"}) assert response.status_code == 403 assert response.json() == {"message": "Forbidden"} - - \ No newline at end of file From 3d643eb2723060f51c37ef3dcabb66428432a621 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 21:38:14 -0500 Subject: [PATCH 010/109] changed the python version to 3.12.4 --- .github/workflows/lint-format.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index 219dc27..d1421b4 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: ["3.12.5"] + python-version: ["3.12.4"] steps: - uses: actions/checkout@v4 From 5d44d9b743b134c95e3604847b69ab9b7c753ad8 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 21:45:02 -0500 Subject: [PATCH 011/109] added some commands to the snyk job from the error log --- .github/workflows/unit-sec-test.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index a518a30..c40e477 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -44,6 +44,14 @@ jobs: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - name: Snyk Code test run: snyk code test --sarif > snyk-cide.sarif + shell: /usr/bin/bash -e {0} + env: + pythonLocation: /opt/hostedtoolcache/Python/3.12.5/x64 + PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.12.5/x64/lib/pkgconfig + Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.12.5/x64 + Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.12.5/x64 + Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.12.5/x64 + LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.12.5/x64/lib - name: Snyk Test Dependencies run: snyk test From a91dde7d6dca78df1778324768ac070bfc1b971e Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 21:58:55 -0500 Subject: [PATCH 012/109] new change --- .github/workflows/unit-sec-test.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index c40e477..2ca6c0e 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -44,14 +44,7 @@ jobs: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - name: Snyk Code test run: snyk code test --sarif > snyk-cide.sarif - shell: /usr/bin/bash -e {0} - env: - pythonLocation: /opt/hostedtoolcache/Python/3.12.5/x64 - PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.12.5/x64/lib/pkgconfig - Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.12.5/x64 - Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.12.5/x64 - Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.12.5/x64 - LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.12.5/x64/lib + - name: Snyk Test Dependencies run: snyk test @@ -68,7 +61,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe with: - image-ref: 'awesome-fastapi:${{ github.sha }}' + image-ref: 'awesome-fastapi' format: 'template' template: '@/contrib/sarif.tpl' output: 'GitHub Actions/Trivy Automation' From 6bc61d604ea106ff57377870bc3fc378503943c3 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 22:02:24 -0500 Subject: [PATCH 013/109] another change --- .github/workflows/unit-sec-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 2ca6c0e..187ee69 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -61,7 +61,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe with: - image-ref: 'awesome-fastapi' + image-ref: 'awesome-fastapi:${{ github.sha }}' format: 'template' template: '@/contrib/sarif.tpl' output: 'GitHub Actions/Trivy Automation' From 2bf8ab45b3dae98ea96febfa2dc33db4f65676fd Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 22:30:29 -0500 Subject: [PATCH 014/109] added the docker build job to the trivy job --- .github/workflows/unit-sec-test.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 187ee69..7c6b1a5 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -58,6 +58,10 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Build Docker Image + run: | + docker build -t awesome-fastapi:${{ github.sha }} . + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe with: From 1dc1489737acd42ea6b5c30519444feaadfe6ba0 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 22:39:18 -0500 Subject: [PATCH 015/109] added sarif file --- .DS_Store | Bin 6148 -> 6148 bytes .github/workflows/unit-sec-test.yml | 4 +- DevSecOps-Pipeline.yml | 124 ---------------------------- 3 files changed, 2 insertions(+), 126 deletions(-) delete mode 100644 DevSecOps-Pipeline.yml diff --git a/.DS_Store b/.DS_Store index 7109329ed9facfe7b7b7fba9d872c1a41911ed61..835f3cda289ef66b77cf13b1b2704c2ef701cb0d 100644 GIT binary patch delta 31 ncmZoMXfc@J&nU1lU^g?Pz+@hl>dlu~OqeGY_-tn9_{$FfpehO@ delta 100 zcmZoMXfc@J&nUPtU^g?P;A9?_YIiXP7lu@ZGKOFvnatqNP{2^kpvw@zkO^d^GUNd1 sJRq&dP|1+XkmH$?pPZDFpTxkxAOOUUK& snyk-cide.sarif - - - name: Snyk Test Dependencies - run: snyk test - - - # Scan the contianer and lists all security vulnerabilities - trivy_scans: - name: Run Trivy security scanner against the image - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe - with: - image-ref: 'awesome-fastapi:${{ github.sha }}' - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'GitHub Actions/Trivy Automation' - severity: 'CRITICAL,HIGH' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: 'trivy-results.sarif' - - From 23dfe528e8a99072e0e50242a9bfcba4af5c270b Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 22:46:02 -0500 Subject: [PATCH 016/109] added sarif file --- .github/workflows/unit-sec-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 507329f..f31233b 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -74,7 +74,7 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: 'trivy-results.sarif' + sarif_file: 'trivy-results.sarif' owasp_zap_scan: runs-on: ubuntu-latest From 03a160b4bd0aee9aaaaeb1d43411db57c78b09b2 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 22:57:43 -0500 Subject: [PATCH 017/109] edited the trivy file to change the format from templat to sarif and added the ouput correctly --- .github/workflows/unit-sec-test.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index f31233b..049edef 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -63,12 +63,11 @@ jobs: docker build -t awesome-fastapi:${{ github.sha }} . ###- This section needed to be added becasue the image was not persisting between jobs--## - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe + uses: aquasecurity/trivy-action@0.28.0 with: image-ref: 'awesome-fastapi:${{ github.sha }}' - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'GitHub Actions/Trivy Automation' + format: 'sarif' + output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab From fa3f10075fa9675a2dc3a732f7ebc5d84a893527 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 23:16:01 -0500 Subject: [PATCH 018/109] edited the trivy file to change the format from templat to sarif and added the ouput correctly --- .github/workflows/unit-sec-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 049edef..9393ee3 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -73,7 +73,7 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: 'trivy-results.sarif' + sarif_file: 'trivy-results.sarif' owasp_zap_scan: runs-on: ubuntu-latest From b5ec42d3cf8b52b7da0dcf501ae3859eb630d574 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Feb 2025 23:26:01 -0500 Subject: [PATCH 019/109] installed black --- .github/workflows/lint-format.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index d1421b4..612ce29 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -23,10 +23,10 @@ jobs: pip install -r requirements.txt python -m pip install --upgrade pip pip install pylint - pip install pylint black + pip install black - name: Run pylint run: pylint $(git ls-files '*.py') - name: Run black - run: black --check . \ No newline at end of file + run: black . \ No newline at end of file From bcad054f29b106d9e0cb92c799c678f8db8e17da Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Fri, 28 Feb 2025 22:58:16 -0600 Subject: [PATCH 020/109] fixing pylint issues --- .github/workflows/lint-format.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index 612ce29..78ade06 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -22,11 +22,9 @@ jobs: run: | pip install -r requirements.txt python -m pip install --upgrade pip - pip install pylint - pip install black - name: Run pylint run: pylint $(git ls-files '*.py') - name: Run black - run: black . \ No newline at end of file + run: black --check . \ No newline at end of file From 3452d99e9dae2eda605f61b15cad35b76b33792a Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Fri, 28 Feb 2025 23:05:55 -0600 Subject: [PATCH 021/109] updating --- .github/workflows/unit-sec-test.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 9393ee3..7a9cb5f 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -32,19 +32,17 @@ jobs: uses: actions/setup-python@v4 with: python-version: "3.12.5" - - + - name: Install dependencies run: pip install -r requirements.txt - name: Install Snyk CLI uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb - env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + - name: Snyk Code test run: snyk code test --sarif > snyk-cide.sarif - - name: Snyk Test Dependencies run: snyk test @@ -62,7 +60,7 @@ jobs: run: | docker build -t awesome-fastapi:${{ github.sha }} . ###- This section needed to be added becasue the image was not persisting between jobs--## - - name: Run Trivy vulnerability scanner + - name: Run Trivy Vulnerability Scanner uses: aquasecurity/trivy-action@0.28.0 with: image-ref: 'awesome-fastapi:${{ github.sha }}' @@ -87,7 +85,7 @@ jobs: - name: zap scan uses: zaproxy/action-api-scan@v0.9.0 with: - token: ${{ secrets.GITHUB_TOKEN}} + token: ${{ secrets.GITHUB_TOKEN }} docker_name: 'ghcr.io/zaproxy/zaproxy:stable' format: openapi target: '' From af31bae221528021155b23639d0337243a8fff75 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 7 Mar 2025 19:31:46 -0500 Subject: [PATCH 022/109] edit --- .github/.DS_Store | Bin 6148 -> 6148 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.github/.DS_Store b/.github/.DS_Store index efb25487d3488b34e5bac7c06fcb6206d72891bd..680ba76de5cf49b1778dddfa7d255ff6a2a885bc 100644 GIT binary patch delta 41 rcmZoMXffDez{n*0XL1aq#AGiWz#AGi Date: Fri, 7 Mar 2025 19:50:57 -0500 Subject: [PATCH 023/109] edit --- .github/workflows/unit-sec-test.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 7a9cb5f..9fc4239 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -36,10 +36,11 @@ jobs: - name: Install dependencies run: pip install -r requirements.txt - - name: Install Snyk CLI - uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb + + - name: Run Snyk to check for vulnerabilities + uses: actions/checkout@master env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + synk_auth: ${{ secrets.SNYK_TOKEN }} - name: Snyk Code test run: snyk code test --sarif > snyk-cide.sarif From b2c23d554718d49e5b1997c9c1521d76c0d80130 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 7 Mar 2025 19:58:33 -0500 Subject: [PATCH 024/109] edit --- .github/workflows/unit-sec-test.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 9fc4239..38dda6a 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -36,11 +36,13 @@ jobs: - name: Install dependencies run: pip install -r requirements.txt - - - name: Run Snyk to check for vulnerabilities - uses: actions/checkout@master + - name: Install Snyk CLI + run: npn install -g snyk + + - name: Authenticate with Snyk + run: snyk auth ${{ secrets.SNYK_TOKEN }} env: - synk_auth: ${{ secrets.SNYK_TOKEN }} + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - name: Snyk Code test run: snyk code test --sarif > snyk-cide.sarif From 3fd8c78f8bcbf2e4a4571ed155feb1628fd598df Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 7 Mar 2025 20:01:03 -0500 Subject: [PATCH 025/109] edit --- .github/workflows/unit-sec-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 38dda6a..6d93e48 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -37,7 +37,7 @@ jobs: run: pip install -r requirements.txt - name: Install Snyk CLI - run: npn install -g snyk + run: npm install -g snyk - name: Authenticate with Snyk run: snyk auth ${{ secrets.SNYK_TOKEN }} From 7a918b2fcc63563a2b889a22d0207a98c7672bc1 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 11 Mar 2025 00:13:06 -0400 Subject: [PATCH 026/109] testing the new test --- .github/workflows/build-image.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 019d934..0a4c9a8 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -15,4 +15,5 @@ jobs: - name: Build Docker Image run: | - docker build -t awesome-fastapi:${{ github.sha }} . \ No newline at end of file + docker build -t awesome-fastapi:${{ github.sha }} . + \ No newline at end of file From 2621321228000aca1d17973ed5a9d6108878904f Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 11 Mar 2025 00:34:42 -0400 Subject: [PATCH 027/109] testing the new test --- .github/workflows/unit-sec-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 6d93e48..7566377 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -40,7 +40,7 @@ jobs: run: npm install -g snyk - name: Authenticate with Snyk - run: snyk auth ${{ secrets.SNYK_TOKEN }} + run: snyk auth $SNYK_TOKEN --debug env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From e8f0544f055e4a1ef2c4eb93a107327c3ce1e1e8 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 11 Mar 2025 01:08:27 -0400 Subject: [PATCH 028/109] testing the new test --- .github/workflows/unit-sec-test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 7566377..c3df39b 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -27,9 +27,9 @@ jobs: actions: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Set up Python - uses: actions/setup-python@v4 + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/python-3.10@master with: python-version: "3.12.5" From fef50a03925cd5663ed0230c35d677b20b84ab52 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 01:13:23 -0400 Subject: [PATCH 029/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index c3df39b..51ec07e 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -29,13 +29,13 @@ jobs: steps: - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/python-3.10@master + uses: snyk/actions/python@master with: python-version: "3.12.5" - name: Install dependencies run: pip install -r requirements.txt - + - name: Install Snyk CLI run: npm install -g snyk From 4e6d6e479cb40f24ab329912fa9441ff56a2cee0 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 01:20:51 -0400 Subject: [PATCH 030/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 51ec07e..f499188 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -27,14 +27,16 @@ jobs: actions: read runs-on: ubuntu-latest steps: + + - name: Install dependencies + run: pip install -r requirements.txt + - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities uses: snyk/actions/python@master with: python-version: "3.12.5" - - - name: Install dependencies - run: pip install -r requirements.txt + - name: Install Snyk CLI run: npm install -g snyk From 048e4288d3a49f899b5d0ffb2d0436db72700d19 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 01:24:52 -0400 Subject: [PATCH 031/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index f499188..5905a30 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -30,8 +30,8 @@ jobs: - name: Install dependencies run: pip install -r requirements.txt - - - uses: actions/checkout@master + + - uses: actions/checkout@v4 - name: Run Snyk to check for vulnerabilities uses: snyk/actions/python@master with: From c1455b383467d87628075fdb5a690a9451335b7b Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 01:28:59 -0400 Subject: [PATCH 032/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 5905a30..6f1aa7e 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Install dependencies - run: pip install -r requirements.txt + run: pip install -r python-fastapi/requirements.txt - uses: actions/checkout@v4 - name: Run Snyk to check for vulnerabilities From b2c38ec7934b17f23f812704b9f0452d544485a4 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 01:32:07 -0400 Subject: [PATCH 033/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 6f1aa7e..1cbbb4b 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Install dependencies - run: pip install -r python-fastapi/requirements.txt + run: pip install -r ./requirements.txt - uses: actions/checkout@v4 - name: Run Snyk to check for vulnerabilities From e216f8963d31eda0ac11dd28523e998befd68474 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 01:35:54 -0400 Subject: [PATCH 034/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 1cbbb4b..919b0f8 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -13,7 +13,10 @@ jobs: uses: actions/checkout@v4 - name: Install dependencies - run: pip install -r requirements.txt + run: | + pwd + pip install -r requirements.txt + - name: Run tests run: pytest tests/ From f69e8e267126e59bed258e53a12dcb194d5e9514 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 01:40:29 -0400 Subject: [PATCH 035/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 919b0f8..e7b16d7 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -14,7 +14,6 @@ jobs: - name: Install dependencies run: | - pwd pip install -r requirements.txt @@ -31,14 +30,17 @@ jobs: runs-on: ubuntu-latest steps: - - name: Install dependencies - run: pip install -r ./requirements.txt - uses: actions/checkout@v4 - name: Run Snyk to check for vulnerabilities uses: snyk/actions/python@master with: python-version: "3.12.5" + + - name: Install dependencies + run: | + pwd + pip install -r ./requirements.txt - name: Install Snyk CLI From a8cc83ddeae5ceee2047c6bd862481cb012b7a00 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 01:45:43 -0400 Subject: [PATCH 036/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index e7b16d7..1207369 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -39,7 +39,7 @@ jobs: - name: Install dependencies run: | - pwd + pip install --upgrade pip pip install -r ./requirements.txt From e8c0282243d608f4a5cc108aae9377fc5b51d5f6 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 01:49:51 -0400 Subject: [PATCH 037/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 1207369..f2538b7 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -40,7 +40,7 @@ jobs: - name: Install dependencies run: | pip install --upgrade pip - pip install -r ./requirements.txt + pip install -r requirements.txt - name: Install Snyk CLI From 05f77c3022fe2b1aff511f83ba0c524b30cc741c Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 01:50:05 -0400 Subject: [PATCH 038/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index f2538b7..cfcf332 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -39,7 +39,6 @@ jobs: - name: Install dependencies run: | - pip install --upgrade pip pip install -r requirements.txt From ad9562ec402e77ca5e92e5e7c2f1b6e9b416677f Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 01:54:28 -0400 Subject: [PATCH 039/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index cfcf332..34e9f55 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -31,7 +31,7 @@ jobs: steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities uses: snyk/actions/python@master with: From a55d5adefc194311dc284d424885f031f782b036 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 02:01:24 -0400 Subject: [PATCH 040/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 34e9f55..ba93f28 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -31,7 +31,7 @@ jobs: steps: - - uses: actions/checkout@master + - uses: actions/checkout@v3 - name: Run Snyk to check for vulnerabilities uses: snyk/actions/python@master with: From 4b38b0a1397c43b27b03117c9b028526541c5a84 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 02:10:10 -0400 Subject: [PATCH 041/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index ba93f28..99b0145 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -31,15 +31,11 @@ jobs: steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities uses: snyk/actions/python@master with: python-version: "3.12.5" - - - name: Install dependencies - run: | - pip install -r requirements.txt - name: Install Snyk CLI From e36e67c0ffa2f16fcadcdd753c902259088e23a8 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 02:12:47 -0400 Subject: [PATCH 042/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 99b0145..bc72b34 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -34,10 +34,8 @@ jobs: - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities uses: snyk/actions/python@master - with: - python-version: "3.12.5" - - + + - name: Install Snyk CLI run: npm install -g snyk From 61219c660392a04da652d5736f218c6dcc1730f9 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 13 Mar 2025 02:15:45 -0400 Subject: [PATCH 043/109] i re added the requirements.txt even though they are already there --- .github/workflows/unit-sec-test.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index bc72b34..c608fd8 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -30,14 +30,13 @@ jobs: runs-on: ubuntu-latest steps: - + - name: Install Snyk CLI + run: npm install -g snyk + - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities uses: snyk/actions/python@master - - - name: Install Snyk CLI - run: npm install -g snyk - name: Authenticate with Snyk run: snyk auth $SNYK_TOKEN --debug From 906e128ab36626befbbce752f16a2d0cea8af67b Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Tue, 18 Mar 2025 11:45:20 -0500 Subject: [PATCH 044/109] fixing pylint issues --- .github/workflows/lint-format.yml | 2 +- .pylintrc | 6 +- main.py | 4 +- tests/test_main.py-e | 119 ------------------------------ 4 files changed, 6 insertions(+), 125 deletions(-) delete mode 100644 tests/test_main.py-e diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index 78ade06..df38eca 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -24,7 +24,7 @@ jobs: python -m pip install --upgrade pip - name: Run pylint - run: pylint $(git ls-files '*.py') + run: pylint . - name: Run black run: black --check . \ No newline at end of file diff --git a/.pylintrc b/.pylintrc index dd5bcef..09e705b 100644 --- a/.pylintrc +++ b/.pylintrc @@ -1,3 +1,3 @@ -[main] - -ignore=tests,.env \ No newline at end of file +[MASTER] +ignore=tests,.env +disable=import-error,line-too-long \ No newline at end of file diff --git a/main.py b/main.py index 41710e2..bc89a99 100644 --- a/main.py +++ b/main.py @@ -2,8 +2,8 @@ Module containing examples of common vulnerabilities in web applications. This FastAPI app demonstrates insecure coding practices such as SQL injection, -directory traversal, improper exception handling, insecure file uploads, and -weak authentication mechanisms. The purpose is to highlight vulnerabilities +directory traversal, improper exception handling, insecure file uploads, and +weak authentication mechanisms. The purpose is to highlight vulnerabilities for educational purposes. """ diff --git a/tests/test_main.py-e b/tests/test_main.py-e deleted file mode 100644 index e1df2a4..0000000 --- a/tests/test_main.py-e +++ /dev/null @@ -1,119 +0,0 @@ -""" -Module containing test cases for a FastAPI application. - -This module uses the FastAPI TestClient to perform unit tests on endpoints -defined in the `main` FastAPI app. The tests include checking responses for -various endpoints under normal and edge-case scenarios. -""" - -# pylint: disable=wrong-import-position - -import sys -import os -from fastapi.testclient import TestClient - -# Add the parent directory to the system path for imports -sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), ".."))) - -from main import app # Adjust the import if your file is named differently - -client = TestClient(app) - - -def test_index(): - """ - Test the index route (`/`). - - Ensures the endpoint returns a 200 status code and the correct JSON response. - """ - response = client.get("/") - assert response.status_code == 200 - assert response.json() == {"message": "Hello World!"} - - -def test_get_user_sql_injection(): - """ - Test the `/users` endpoint for SQL injection vulnerability. - - Sends a malicious input to ensure the query is logged or handled securely. - """ - response = client.get("/users", params={"username": "admin'; DROP TABLE users; --"}) - assert response.status_code == 200 - # Ensure the query is built with the vulnerable input - assert "DROP TABLE users" in response.json()["query"] - - -def test_read_file_valid_path(tmp_path): - """ - Test the `/read_file` endpoint with a valid file path. - - Creates a temporary file, sends its path to the endpoint, and verifies the - content is returned correctly. - """ - temp_file = tmp_path / "test.txt" - temp_file.write_text("This is a test file.") - response = client.get("/read_file", params={"file_path": str(temp_file)}) - assert response.status_code == 200 - assert response.json() == {"content": "This is a test file."} - - -def test_read_file_invalid_path(): - """ - Test the `/read_file` endpoint with an invalid file path. - - Sends a non-existent file path and ensures the response contains an error. - """ - response = client.get("/read_file", params={"file_path": "/non/existent/file.txt"}) - assert response.status_code == 500 - assert "detail" in response.json() - - -def test_error_endpoint(): - """ - Test the `/error` endpoint. - - Ensures the endpoint raises a 500 Internal Server Error as expected and - verifies the error type. - """ - try: - response = client.get("/error") - assert response.status_code == 500 # Should raise a 500 Internal Server Error - except ZeroDivisionError as err: - assert "division by zero" in str(err) - - -def test_upload_file(): - """ - Test the `/upload` endpoint with a dummy file. - - Verifies that a file can be uploaded successfully and the correct response - is returned. - """ - file_content = b"dummy content" - files = {"file": ("test.txt", file_content, "text/plain")} - response = client.post("/upload", files=files) - assert response.status_code == 200 - assert response.json() == {"message": "File uploaded successfully"} - - -def test_secure_data_with_valid_token(): - """ - Test the `/secure-data` endpoint with a valid token. - - Sends a valid token and ensures the secure data is returned. - """ - response = client.get("/secure-data", params={"token": "1234567890"}) - assert response.status_code == 200 - assert response.json() == {"data": "Sensitive Data"} - - -def test_secure_data_with_invalid_token(): - """ - Test the `/secure-data` endpoint with an invalid token. - - Sends an invalid token and ensures a 403 Forbidden status code is returned. - """ - response = client.get("/secure-data", params={"token": "wrong_token"}) - assert response.status_code == 403 - assert response.json() == {"message": "Forbidden"} - \ No newline at end of file From 61ef2455e16f90780e955786ec749ba43916de9d Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 21 Mar 2025 18:17:57 -0400 Subject: [PATCH 045/109] edit --- .github/workflows/unit-sec-test.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index c608fd8..bfadd50 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -30,6 +30,9 @@ jobs: runs-on: ubuntu-latest steps: + - name: Checkout github repo + uses: actions/checkout@v4 + - name: Install Snyk CLI run: npm install -g snyk From 6c72e0148771ed2200cf9fee01b132b08b870720 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 21 Mar 2025 18:26:17 -0400 Subject: [PATCH 046/109] edit --- .github/workflows/unit-sec-test.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index bfadd50..357c583 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -30,9 +30,18 @@ jobs: runs-on: ubuntu-latest steps: - - name: Checkout github repo - uses: actions/checkout@v4 - + - uses: actions/checkout@v4 + - name: 'Setup Python ${{ matrix.python-version}}' + uses: actions/setup-python@v3 + with: + python-version: '${{ matrix.python-version}}' + + - name: Install dependencies + run: | + pip install -r requirements.txt + python -m pip install --upgrade pip + + - name: Install Snyk CLI run: npm install -g snyk From c2f9a77d3f8a96e01e7749a0ca880524c6cfe328 Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Fri, 21 Mar 2025 17:33:13 -0500 Subject: [PATCH 047/109] updating snyk --- .github/workflows/unit-sec-test.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 357c583..037acea 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -40,28 +40,12 @@ jobs: run: | pip install -r requirements.txt python -m pip install --upgrade pip - - - - name: Install Snyk CLI - run: npm install -g snyk - - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities uses: snyk/actions/python@master - - - - name: Authenticate with Snyk - run: snyk auth $SNYK_TOKEN --debug env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - name: Snyk Code test - run: snyk code test --sarif > snyk-cide.sarif - - - name: Snyk Test Dependencies - run: snyk test - - # Scan the contianer and lists all security vulnerabilities trivy_scans: name: Run Trivy security scanner against the image From cce49adb39746141b5d673586aff62246cbc4478 Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Fri, 21 Mar 2025 17:38:58 -0500 Subject: [PATCH 048/109] updating pr workflow by changing from target to just regular PR --- .github/workflows/pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index e71754b..8b5a2e0 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -1,6 +1,6 @@ name: PR Workflow on: - pull_request_target: + pull_request: types: - opened - edited From b766cbef0a84a81637385ab4a00464d8b0eb2d0d Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Fri, 21 Mar 2025 17:49:03 -0500 Subject: [PATCH 049/109] fixing snyk because teh action doesn't work --- .github/workflows/unit-sec-test.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 037acea..5105651 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -16,7 +16,6 @@ jobs: run: | pip install -r requirements.txt - - name: Run tests run: pytest tests/ @@ -29,22 +28,23 @@ jobs: actions: read runs-on: ubuntu-latest steps: + - name: Checkout code + uses: actions/checkout@v4 - - uses: actions/checkout@v4 - - name: 'Setup Python ${{ matrix.python-version}}' - uses: actions/setup-python@v3 - with: - python-version: '${{ matrix.python-version}}' - + - name: Installing Snyk + run: | + npm install -g snyk + snyk auth ${SNYK_TOKEN} + - name: Install dependencies run: | pip install -r requirements.txt python -m pip install --upgrade pip - - - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/python@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + + - name: Snyk Code test + run: | + snyk code test --sarif > snyk-cide.sarif + synk test --sarif > snyk-test.sarif # Scan the contianer and lists all security vulnerabilities trivy_scans: From e6da00927ad918abb8cb8eb6b67ea0da32a9936f Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Fri, 21 Mar 2025 17:56:42 -0500 Subject: [PATCH 050/109] testing hoping that it actually works... --- .github/workflows/unit-sec-test.yml | 54 +++++++++++++++++------------ 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 5105651..1faf426 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -18,33 +18,43 @@ jobs: - name: Run tests run: pytest tests/ - - - # Run snyk code scanning for vulnerabilities - snyk_scan: - permissions: - contents: read - security-events: write - actions: read + + stupid_snyk: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v4 + - uses: actions/checkout@master + - uses: snyk/actions/setup@master + - uses: actions/setup-python@master + - name: Snyk test + run: snyk test + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - name: Installing Snyk - run: | - npm install -g snyk - snyk auth ${SNYK_TOKEN} + # Run snyk code scanning for vulnerabilities + # snyk_scan: + # permissions: + # contents: read + # security-events: write + # actions: read + # runs-on: ubuntu-latest + # steps: + # - name: Checkout code + # uses: actions/checkout@v4 + + # - name: Installing Snyk + # run: | + # npm install -g snyk + # snyk auth ${SNYK_TOKEN} - - name: Install dependencies - run: | - pip install -r requirements.txt - python -m pip install --upgrade pip + # - name: Install dependencies + # run: | + # pip install -r requirements.txt + # python -m pip install --upgrade pip - - name: Snyk Code test - run: | - snyk code test --sarif > snyk-cide.sarif - synk test --sarif > snyk-test.sarif + # - name: Snyk Code test + # run: | + # snyk code test --sarif > snyk-cide.sarif + # synk test --sarif > snyk-test.sarif # Scan the contianer and lists all security vulnerabilities trivy_scans: From 87b2d7638264b0e53d1c98857249ef3852a0e892 Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Fri, 21 Mar 2025 18:16:24 -0500 Subject: [PATCH 051/109] commenting out sec scans --- .github/workflows/pr.yml | 12 ++++++------ .github/workflows/unit-sec-test.yml | 26 ++++++++++++-------------- 2 files changed, 18 insertions(+), 20 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 8b5a2e0..a9b4493 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -13,13 +13,13 @@ permissions: actions: read jobs: - build-image: - uses: ./.github/workflows/build-image.yml + # build-image: + # uses: ./.github/workflows/build-image.yml - lint-format: - uses: ./.github/workflows/lint-format.yml - needs: build-image + # lint-format: + # uses: ./.github/workflows/lint-format.yml + # needs: build-image unit-sec-scan: uses: ./.github/workflows/unit-sec-test.yml - needs: lint-format \ No newline at end of file + #needs: lint-format \ No newline at end of file diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 1faf426..d79d517 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -85,17 +85,15 @@ jobs: runs-on: ubuntu-latest name: app scan steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: master - - - name: zap scan - uses: zaproxy/action-api-scan@v0.9.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - docker_name: 'ghcr.io/zaproxy/zaproxy:stable' - format: openapi - target: '' - rules_file_name: '.zap/rules.tsv' - cmd_options: '-a' + - name: Checkout + uses: actions/checkout@v4 + + - name: zap scan + uses: zaproxy/action-api-scan@v0.9.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + docker_name: 'ghcr.io/zaproxy/zaproxy:stable' + format: openapi + target: '' + rules_file_name: '.zap/rules.tsv' + cmd_options: '-a' From 6c892dcb87bb94d39747354a36e070e603a38f9d Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Fri, 21 Mar 2025 18:18:06 -0500 Subject: [PATCH 052/109] updating snyk again - we're CLOSE --- .github/workflows/unit-sec-test.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index d79d517..c81a316 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -25,6 +25,15 @@ jobs: - uses: actions/checkout@master - uses: snyk/actions/setup@master - uses: actions/setup-python@master + + - name: Install dependencies + run: | + pip install -r requirements.txt + python -m pip install --upgrade pip + + - name: Authenticate with Snyk + run: snyk auth ${{ secrets.SNYK_TOKEN }} + - name: Snyk test run: snyk test env: From 3f31375efb56cb8318e50464a01b0f77d84322e2 Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Fri, 21 Mar 2025 18:26:39 -0500 Subject: [PATCH 053/109] help us --- .github/workflows/unit-sec-test.yml | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index c81a316..c6b147d 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -22,20 +22,17 @@ jobs: stupid_snyk: runs-on: ubuntu-latest steps: - - uses: actions/checkout@master - - uses: snyk/actions/setup@master - - uses: actions/setup-python@master - + - uses: actions/checkout@main + - name: Install dependencies run: | pip install -r requirements.txt python -m pip install --upgrade pip - - - name: Authenticate with Snyk - run: snyk auth ${{ secrets.SNYK_TOKEN }} - - - name: Snyk test - run: snyk test + + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/python@master + with: + args: --file=requirements.txt env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} @@ -97,12 +94,20 @@ jobs: - name: Checkout uses: actions/checkout@v4 + # Build and Tag Image + # Run Docker Image in detached mode + - name: Build Docker Image + run: | + docker build -t awesome-fastapi:${{ github.sha }} . + docker run -d -p 8000:8000 awesome-fastapi:${{ github.sha }} + + # Run OWASP ZAP scan - name: zap scan uses: zaproxy/action-api-scan@v0.9.0 with: token: ${{ secrets.GITHUB_TOKEN }} docker_name: 'ghcr.io/zaproxy/zaproxy:stable' format: openapi - target: '' + target: 'http://localhost:8000' rules_file_name: '.zap/rules.tsv' cmd_options: '-a' From fdd0b99b39b3b87b1450d2c6e3c2fb48e117d2cb Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Fri, 21 Mar 2025 21:35:28 -0500 Subject: [PATCH 054/109] removing snyk scans --- .github/workflows/unit-sec-test.yml | 43 ----------------------------- 1 file changed, 43 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index c6b147d..9fab5d4 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -19,49 +19,6 @@ jobs: - name: Run tests run: pytest tests/ - stupid_snyk: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@main - - - name: Install dependencies - run: | - pip install -r requirements.txt - python -m pip install --upgrade pip - - - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/python@master - with: - args: --file=requirements.txt - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - # Run snyk code scanning for vulnerabilities - # snyk_scan: - # permissions: - # contents: read - # security-events: write - # actions: read - # runs-on: ubuntu-latest - # steps: - # - name: Checkout code - # uses: actions/checkout@v4 - - # - name: Installing Snyk - # run: | - # npm install -g snyk - # snyk auth ${SNYK_TOKEN} - - # - name: Install dependencies - # run: | - # pip install -r requirements.txt - # python -m pip install --upgrade pip - - # - name: Snyk Code test - # run: | - # snyk code test --sarif > snyk-cide.sarif - # synk test --sarif > snyk-test.sarif - # Scan the contianer and lists all security vulnerabilities trivy_scans: name: Run Trivy security scanner against the image From 9dfcae2bc3044387df62e9213f6664bec119d3bd Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Fri, 21 Mar 2025 21:37:31 -0500 Subject: [PATCH 055/109] adding sleep command for container --- .github/workflows/unit-sec-test.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 9fab5d4..40631f9 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -56,7 +56,13 @@ jobs: - name: Build Docker Image run: | docker build -t awesome-fastapi:${{ github.sha }} . - docker run -d -p 8000:8000 awesome-fastapi:${{ github.sha }} + docker run -d -p 8080:8080 awesome-fastapi:${{ github.sha }} + + - name: Wait for Docker container to be ready + run: sleep 30 + + - name: Confirm Docker container is running + run: docker ps # Run OWASP ZAP scan - name: zap scan @@ -65,6 +71,6 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} docker_name: 'ghcr.io/zaproxy/zaproxy:stable' format: openapi - target: 'http://localhost:8000' + target: 'http://0.0.0.0:8080' rules_file_name: '.zap/rules.tsv' cmd_options: '-a' From 2c5fbce88ece4993578bd628883a78383d950398 Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Fri, 21 Mar 2025 21:56:28 -0500 Subject: [PATCH 056/109] disabling issue writing --- .github/workflows/unit-sec-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/unit-sec-test.yml b/.github/workflows/unit-sec-test.yml index 40631f9..4bbf447 100644 --- a/.github/workflows/unit-sec-test.yml +++ b/.github/workflows/unit-sec-test.yml @@ -74,3 +74,4 @@ jobs: target: 'http://0.0.0.0:8080' rules_file_name: '.zap/rules.tsv' cmd_options: '-a' + allow_issue_writing: false From 4465d00e4da9d58d68a55f046c64abafa718b603 Mon Sep 17 00:00:00 2001 From: Damien Burks Date: Sat, 22 Mar 2025 01:09:34 -0500 Subject: [PATCH 057/109] uncommenting lines for PR workflow --- .github/workflows/pr.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index a9b4493..8b5a2e0 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -13,13 +13,13 @@ permissions: actions: read jobs: - # build-image: - # uses: ./.github/workflows/build-image.yml + build-image: + uses: ./.github/workflows/build-image.yml - # lint-format: - # uses: ./.github/workflows/lint-format.yml - # needs: build-image + lint-format: + uses: ./.github/workflows/lint-format.yml + needs: build-image unit-sec-scan: uses: ./.github/workflows/unit-sec-test.yml - #needs: lint-format \ No newline at end of file + needs: lint-format \ No newline at end of file From acef22a08cf066ee4077654c4bdc28e5def62bda Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Mar 2025 01:00:57 -0400 Subject: [PATCH 058/109] added image push to ghcr --- .github/.DS_Store | Bin 6148 -> 6148 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.github/.DS_Store b/.github/.DS_Store index 680ba76de5cf49b1778dddfa7d255ff6a2a885bc..f469b76adcb9c845a58c81ef225d153dbd5e6eb6 100644 GIT binary patch delta 41 scmZoMXffDez{n(YZE_5w#AGi Date: Fri, 28 Mar 2025 01:03:12 -0400 Subject: [PATCH 059/109] added image push to ghcr --- .github/.DS_Store | Bin 6148 -> 6148 bytes .github/workflows/main.yml | 6 +++++- .github/workflows/push-docker-image.yml | 0 3 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/push-docker-image.yml diff --git a/.github/.DS_Store b/.github/.DS_Store index f469b76adcb9c845a58c81ef225d153dbd5e6eb6..9ae167162d17bdd7937fd5f7542f710ea9c72b73 100644 GIT binary patch delta 28 kcmZoMXffDez{n)*J~@U_VzL(_7t8yQo!Ofs7}tma0C>d+&j0`b delta 27 jcmZoMXffDez{n(YZE_5w#AGi Date: Fri, 28 Mar 2025 01:07:09 -0400 Subject: [PATCH 060/109] added image push to ghcr --- .github/.DS_Store | Bin 6148 -> 6148 bytes .github/workflows/push-docker-image.yml | 65 ++++++++++++++++++++++++ 2 files changed, 65 insertions(+) diff --git a/.github/.DS_Store b/.github/.DS_Store index 9ae167162d17bdd7937fd5f7542f710ea9c72b73..97aa9da6c4187fcbbc0ebbfa40131ca069785106 100644 GIT binary patch delta 41 xcmZoMXffDez{n*1VR8(k#AGi/ + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0 + with: + cosign-release: 'v2.2.4' + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max From 32a41ace63633726d94c4e8fa27b8ab385404455 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Fri, 28 Mar 2025 18:30:40 -0400 Subject: [PATCH 061/109] edited the permissions --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 31a4090..5d5b8a4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -8,6 +8,7 @@ permissions: contents: read security-events: write actions: read + id-token: write jobs: From 101b9e9ca594cac83a96cae09d48f85f3021c1c5 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 10:57:23 -0400 Subject: [PATCH 062/109] added ghcr token and took out useless stuff --- .github/workflows/push-docker-image.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 1792bcf..98c00b3 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -27,12 +27,6 @@ jobs: with: cosign-release: 'v2.2.4' - # Set up BuildKit Docker container builder to be able to build - # multi-platform images and export cache - # https://github.com/docker/setup-buildx-action - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} @@ -41,7 +35,7 @@ jobs: with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + password: ${{ secrets.GHCR_TOKEN }} # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action From 16e4366e7d55c28056127a44d63dcfb32d626b16 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 11:11:47 -0400 Subject: [PATCH 063/109] added ghcr token and took out useless stuff --- .github/workflows/push-docker-image.yml | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 98c00b3..55593eb 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -34,8 +34,9 @@ jobs: uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GHCR_TOKEN }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.PASSOWRD }} + token: ${{ secrets.GITHUB_TOKEN }} # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action @@ -45,15 +46,9 @@ jobs: with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - # Build and push Docker image with Buildx (don't push on PR) + # Push the Docker image to the registry # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max + - name: Push Docker Image to GHCR + run: | + docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tags }} + \ No newline at end of file From a37b4396701b4bb0920861a3a44c16f95d727316 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 11:18:45 -0400 Subject: [PATCH 064/109] added ghcr token and took out useless stuff --- .github/workflows/push-docker-image.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 55593eb..fd4054d 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -28,7 +28,6 @@ jobs: cosign-release: 'v2.2.4' # Login against a Docker registry except on PR - # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 @@ -36,7 +35,7 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ secrets.USERNAME }} password: ${{ secrets.PASSOWRD }} - token: ${{ secrets.GITHUB_TOKEN }} + # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action From 1642f4a420973e5efeaf15dbfc746bfdcb35db91 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 11:23:38 -0400 Subject: [PATCH 065/109] added ghcr token and took out useless stuff --- .github/workflows/push-docker-image.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index fd4054d..7559135 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -19,13 +19,6 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0 - with: - cosign-release: 'v2.2.4' # Login against a Docker registry except on PR - name: Log into registry ${{ env.REGISTRY }} From 60adc439b174ff83f0e3ec643e115007a3eebcd6 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 11:34:47 -0400 Subject: [PATCH 066/109] added ghcr token and took out useless stuff --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 7559135..167b772 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -27,7 +27,7 @@ jobs: with: registry: ${{ env.REGISTRY }} username: ${{ secrets.USERNAME }} - password: ${{ secrets.PASSOWRD }} + password: ${{ secrets.GHCR_TOKEN }} # Extract metadata (tags, labels) for Docker From 640269e082bb48b408a65a8e22d29680ed5a6ac1 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 11:41:07 -0400 Subject: [PATCH 067/109] added ghcr token and took out useless stuff --- .github/workflows/push-docker-image.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 167b772..4810dec 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -9,6 +9,8 @@ env: REGISTRY: ghcr.io # github.repository as / IMAGE_NAME: ${{ github.repository }} + username: ${{ secrets.USERNAME }} + password: ${{ secrets.GHCR_TOKEN }} jobs: @@ -20,7 +22,7 @@ jobs: uses: actions/checkout@v4 - # Login against a Docker registry except on PR + # Login against a Docker registry - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 From 06f992c5375bc22e8fd88dd3e884a6bc1712687c Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 11:51:00 -0400 Subject: [PATCH 068/109] added ghcr token and took out useless stuff --- .github/workflows/push-docker-image.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 4810dec..af72b5b 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -9,8 +9,6 @@ env: REGISTRY: ghcr.io # github.repository as / IMAGE_NAME: ${{ github.repository }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.GHCR_TOKEN }} jobs: @@ -25,18 +23,16 @@ jobs: # Login against a Docker registry - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@3 with: registry: ${{ env.REGISTRY }} username: ${{ secrets.USERNAME }} password: ${{ secrets.GHCR_TOKEN }} - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + uses: docker/metadata-action@5 # v5.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} From 529144b365ab7f65169d4e57a637313ebd3bc6c1 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 11:55:36 -0400 Subject: [PATCH 069/109] added ghcr token and took out useless stuff --- .github/workflows/push-docker-image.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index af72b5b..3a5f8e7 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -23,16 +23,17 @@ jobs: # Login against a Docker registry - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' - uses: docker/login-action@3 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ${{ env.REGISTRY }} username: ${{ secrets.USERNAME }} password: ${{ secrets.GHCR_TOKEN }} + - name: Extract Docker metadata id: meta - uses: docker/metadata-action@5 # v5.0.0 + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} From 2a2c83da8354b2741cdd8a1fa73cc7c743476322 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 15:03:49 -0400 Subject: [PATCH 070/109] added ghcr token and took out useless stuff --- .github/workflows/push-docker-image.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 3a5f8e7..fa6d226 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -29,7 +29,9 @@ jobs: username: ${{ secrets.USERNAME }} password: ${{ secrets.GHCR_TOKEN }} - + - name: Debug Secrets + run: | + echo "GHCR_TOKEN is set to ${{ secrets.GHCR_TOKEN != ''}}" - name: Extract Docker metadata id: meta From d61e15a520696dc7939d038447dd00bc3ef2578a Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 15:18:48 -0400 Subject: [PATCH 071/109] added ghcr token and took out useless stuff --- .github/workflows/push-docker-image.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index fa6d226..3de2b70 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -10,7 +10,6 @@ env: # github.repository as / IMAGE_NAME: ${{ github.repository }} - jobs: build: @@ -26,7 +25,7 @@ jobs: uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ${{ env.REGISTRY }} - username: ${{ secrets.USERNAME }} + username: ${{ github.actor }} password: ${{ secrets.GHCR_TOKEN }} - name: Debug Secrets From 1541982575e9116aa12d1f4acc2f497d4c34c4a2 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 15:26:21 -0400 Subject: [PATCH 072/109] cahnged how the username is called --- .github/workflows/push-docker-image.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 3de2b70..aec3e20 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -9,7 +9,7 @@ env: REGISTRY: ghcr.io # github.repository as / IMAGE_NAME: ${{ github.repository }} - + username: ${{ github.actor }} jobs: build: @@ -28,9 +28,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GHCR_TOKEN }} - - name: Debug Secrets - run: | - echo "GHCR_TOKEN is set to ${{ secrets.GHCR_TOKEN != ''}}" + - name: Extract Docker metadata id: meta From cd5ed5a04d286e773f7a86cc0361a594bab07d55 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 15:47:14 -0400 Subject: [PATCH 073/109] cahnged how the username is called --- .github/workflows/push-docker-image.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index aec3e20..d6172d8 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -3,13 +3,16 @@ name: Push Docker Image on: workflow_call: - +secrets: + # GitHub Container Registry token + GHCR_TOKEN: + required: true env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io - # github.repository as / IMAGE_NAME: ${{ github.repository }} username: ${{ github.actor }} + jobs: build: From 3003112e5337590c93f870b8d7db2b5109e21ee4 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 15:50:57 -0400 Subject: [PATCH 074/109] cahnged how the username is called --- .github/workflows/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5d5b8a4..a7fe088 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -25,4 +25,7 @@ jobs: push-docker-image: uses: ./.github/workflows/push-docker-image.yml - needs: unit-sec-scan \ No newline at end of file + needs: unit-sec-scan + secrets: + password: ${{ secrets.GHCR_TOKEN }} + username: ${{ github.actor }} \ No newline at end of file From 34b3a2f48ab6a508b211e57fadd1cecf1ef8b2b9 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 20:33:21 -0400 Subject: [PATCH 075/109] cahnged how the username is called --- .github/workflows/main.yml | 5 +---- .github/workflows/push-docker-image.yml | 15 ++++++++------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a7fe088..4cef4ed 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -25,7 +25,4 @@ jobs: push-docker-image: uses: ./.github/workflows/push-docker-image.yml - needs: unit-sec-scan - secrets: - password: ${{ secrets.GHCR_TOKEN }} - username: ${{ github.actor }} \ No newline at end of file + needs: build-image diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index d6172d8..b7687a8 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -3,10 +3,7 @@ name: Push Docker Image on: workflow_call: -secrets: - # GitHub Container Registry token - GHCR_TOKEN: - required: true + env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io @@ -14,8 +11,12 @@ env: username: ${{ github.actor }} jobs: - build: - + Push_Image: + permissions: + security-events: write + contents: read + id-token: write + actions: read runs-on: ubuntu-latest steps: - name: Checkout repository @@ -29,7 +30,7 @@ jobs: with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} - password: ${{ secrets.GHCR_TOKEN }} + password: ${{ secrets.GIT_TOKEN }} From c408f00e05aa0c0628e91057a6852d54bca4bd51 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 20:34:49 -0400 Subject: [PATCH 076/109] cahnged how the username is called --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4cef4ed..1f61d4e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -25,4 +25,4 @@ jobs: push-docker-image: uses: ./.github/workflows/push-docker-image.yml - needs: build-image + needs: unit-sec-scan From fe50a622d8cd205b78c33218da7b1c0848c8b207 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 20:41:53 -0400 Subject: [PATCH 077/109] cahnged how the username is called --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index b7687a8..cc850d2 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -30,7 +30,7 @@ jobs: with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} - password: ${{ secrets.GIT_TOKEN }} + password: ${{ secrets.GITHUB_TOKEN }} From 1c54b0d5cb8cdac1c4576a45744d22846976b614 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 20:52:16 -0400 Subject: [PATCH 078/109] cahnged how the username is called --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index cc850d2..7ab161a 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -44,5 +44,5 @@ jobs: # https://github.com/docker/build-push-action - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tags }} + docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest}} \ No newline at end of file From 6e10bba4a7c201600693df78569cc28fddda368a Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 20:59:40 -0400 Subject: [PATCH 079/109] cahnged how the username is called --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 7ab161a..965e1ba 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -44,5 +44,5 @@ jobs: # https://github.com/docker/build-push-action - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest}} + docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest \ No newline at end of file From 287a471da0934b9f4d19b958e5f5ea49d6e7af8e Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 21:09:22 -0400 Subject: [PATCH 080/109] cahnged how the username is called --- .github/workflows/push-docker-image.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 965e1ba..7e1b68d 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -12,11 +12,11 @@ env: jobs: Push_Image: - permissions: - security-events: write - contents: read - id-token: write - actions: read + # permissions: + # security-events: write + # contents: read + # id-token: write + # actions: read runs-on: ubuntu-latest steps: - name: Checkout repository From 71fe13948a93d4dc5fa38c9810834c7dd1cdd49b Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 21:13:14 -0400 Subject: [PATCH 081/109] changed the username, password, and included docker build job --- .github/workflows/push-docker-image.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 7e1b68d..4204bd0 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -39,9 +39,14 @@ jobs: uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build Docker Image + - name: Build Docker Image + run: | + docker build -t awesome-fastapi:${{ github.sha }} . + docker run -d -p 8080:8080 awesome-fastapi:${{ github.sha }} # Push the Docker image to the registry - # https://github.com/docker/build-push-action - name: Push Docker Image to GHCR run: | docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest From 67a9023f4496872b20124f12d37073e1eb5b14e4 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 21:19:41 -0400 Subject: [PATCH 082/109] changed the username, password, and included docker build job --- .github/workflows/push-docker-image.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 4204bd0..da6f14a 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -8,15 +8,10 @@ env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} - username: ${{ github.actor }} + jobs: Push_Image: - # permissions: - # security-events: write - # contents: read - # id-token: write - # actions: read runs-on: ubuntu-latest steps: - name: Checkout repository @@ -33,7 +28,6 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract Docker metadata id: meta uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 From 454106083dc76c94109b5c35e268bc25845df49d Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 21:20:18 -0400 Subject: [PATCH 083/109] changed the username, password, and included docker build job --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index da6f14a..ac70e55 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -43,5 +43,5 @@ jobs: # Push the Docker image to the registry - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest + docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:testing \ No newline at end of file From 47360f89ec800be9f5e53594254b2adfb01c07d7 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 21:21:01 -0400 Subject: [PATCH 084/109] changed the username, password, and included docker build job --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index ac70e55..633f6ee 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -43,5 +43,5 @@ jobs: # Push the Docker image to the registry - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:testing + docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \ No newline at end of file From dd3e4e93a3f342b59fa8f3d3b2a90b60e91a91be Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 21:33:00 -0400 Subject: [PATCH 085/109] changed the username, password, and included docker build job --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 633f6ee..4445820 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -43,5 +43,5 @@ jobs: # Push the Docker image to the registry - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }} + docker push ghcr.io/${{ env.IMAGE_NAME }} \ No newline at end of file From 4d6d7853b417c0efa3c1fd96a2d4d5e21160ebbe Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 21:33:26 -0400 Subject: [PATCH 086/109] changed the username, password, and included docker build job, also added the github.sha --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 4445820..0d0c78e 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -43,5 +43,5 @@ jobs: # Push the Docker image to the registry - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ env.IMAGE_NAME }} + docker push ghcr.io/${{ env.IMAGE_NAME }}:${{ github.sha }} \ No newline at end of file From ce9083311fdf2ffe884c2ed8c4d5c0ddc7d9bda1 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 21:39:26 -0400 Subject: [PATCH 087/109] changed the username, password, and included docker build job, also added the github.sha --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 0d0c78e..b244878 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -43,5 +43,5 @@ jobs: # Push the Docker image to the registry - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ env.IMAGE_NAME }}:${{ github.sha }} + docker push ghcr.io/${{ env.IMAGE_NAME }}:testing \ No newline at end of file From d9be750edf5c607fbdf2f99c386716179707d7a0 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 21:41:42 -0400 Subject: [PATCH 088/109] changed the username, password, and included docker build job, also added the github.sha --- .github/workflows/push-docker-image.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index b244878..8f4980d 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -40,8 +40,12 @@ jobs: docker build -t awesome-fastapi:${{ github.sha }} . docker run -d -p 8080:8080 awesome-fastapi:${{ github.sha }} + - name: Docker inspect + run: | + docker inspect ghcr.io/${{ env.IMAGE_NAME }} + # Push the Docker image to the registry - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ env.IMAGE_NAME }}:testing + docker push ghcr.io/${{ env.IMAGE_NAME }} \ No newline at end of file From 6c0f28687a1dcb7dc392bd9d161ae1d91b2b4399 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 22:51:09 -0400 Subject: [PATCH 089/109] added a timeout feature to ensure the container was running before pushing --- .github/workflows/push-docker-image.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 8f4980d..f61a263 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -38,11 +38,13 @@ jobs: - name: Build Docker Image run: | docker build -t awesome-fastapi:${{ github.sha }} . - docker run -d -p 8080:8080 awesome-fastapi:${{ github.sha }} + - - name: Docker inspect - run: | - docker inspect ghcr.io/${{ env.IMAGE_NAME }} + - name: Wait for Docker container to be ready + run: sleep 30 + + - name: Confirm Docker container is running + run: docker ps # Push the Docker image to the registry - name: Push Docker Image to GHCR From 5a2b551cda797f2c7e6f481add29680ca47744c0 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 22:57:23 -0400 Subject: [PATCH 090/109] added a timeout feature to ensure the container was running before pushing, added the tag: testing --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index f61a263..6e2dde2 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -49,5 +49,5 @@ jobs: # Push the Docker image to the registry - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ env.IMAGE_NAME }} + docker push ghcr.io/${{ env.IMAGE_NAME }}:testing \ No newline at end of file From 90c75ea8eb6c0c6a21b23d91cec76a8e42ed2897 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 23:06:53 -0400 Subject: [PATCH 091/109] added a timeout feature to ensure the container was running before pushing, added the tag: testing --- .github/workflows/push-docker-image.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 6e2dde2..a7819e3 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -28,11 +28,11 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # - name: Extract Docker metadata + # id: meta + # uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + # with: + # images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} # Build Docker Image - name: Build Docker Image From e9e652bcade1105daa170b0ac2b8763418a02678 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 23:09:55 -0400 Subject: [PATCH 092/109] edit --- .github/workflows/push-docker-image.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index a7819e3..da0333b 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -28,11 +28,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - # - name: Extract Docker metadata - # id: meta - # uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 - # with: - # images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # Build Docker Image - name: Build Docker Image @@ -49,5 +45,5 @@ jobs: # Push the Docker image to the registry - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ env.IMAGE_NAME }}:testing + docker push ghcr.io/${{ env.IMAGE_NAME }} \ No newline at end of file From 798981f854fa93a20ee8271105ce5fd5dff45fd4 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 23:11:10 -0400 Subject: [PATCH 093/109] used the image name from earlier jobs --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index da0333b..33f3b30 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -7,7 +7,7 @@ on: env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} + IMAGE_NAME: 'awesome-fastapi:${{ github.sha }}' jobs: From 74b85b75926511d0849f5d03f97db6f0df45789d Mon Sep 17 00:00:00 2001 From: thogue12 Date: Tue, 1 Apr 2025 23:27:43 -0400 Subject: [PATCH 094/109] used the image name from earlier jobs --- .github/workflows/push-docker-image.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 33f3b30..1aeefd3 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -7,7 +7,7 @@ on: env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io - IMAGE_NAME: 'awesome-fastapi:${{ github.sha }}' + IMAGE_NAME: 'awesome-fastapi' jobs: @@ -37,7 +37,7 @@ jobs: - name: Wait for Docker container to be ready - run: sleep 30 + run: sleep 10 - name: Confirm Docker container is running run: docker ps From 533dcadf485de107c315c7eabd33823224304167 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 20:56:28 -0400 Subject: [PATCH 095/109] used the image name from earlier jobs --- .github/workflows/push-docker-image.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 1aeefd3..bef49d4 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -33,11 +33,11 @@ jobs: # Build Docker Image - name: Build Docker Image run: | - docker build -t awesome-fastapi:${{ github.sha }} . + docker build -t ghcr.io/${{ env.IMAGE_NAME }}:${{ github.sha }} . - name: Wait for Docker container to be ready - run: sleep 10 + run: sleep 30 - name: Confirm Docker container is running run: docker ps From f61665184dd72c2654921b6eb2f80d080ef04257 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 21:03:18 -0400 Subject: [PATCH 096/109] used the image name from earlier jobs --- .github/workflows/push-docker-image.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index bef49d4..1a52b59 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -33,7 +33,9 @@ jobs: # Build Docker Image - name: Build Docker Image run: | - docker build -t ghcr.io/${{ env.IMAGE_NAME }}:${{ github.sha }} . + docker build -t ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tags }} . + docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tags }} ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest + - name: Wait for Docker container to be ready @@ -45,5 +47,5 @@ jobs: # Push the Docker image to the registry - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ env.IMAGE_NAME }} - \ No newline at end of file + docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tags }} + docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest From c9951ebf4448bb42bac0f3af09fef8e0d8d81746 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 21:12:12 -0400 Subject: [PATCH 097/109] used the image name from earlier jobs --- .github/workflows/push-docker-image.yml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 1a52b59..21ab663 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -17,6 +17,17 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + # Set up Docker Buildx + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + # Extract metadata (tags, labels) for Docker + - name: Extract metadata for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} # Login against a Docker registry - name: Log into registry ${{ env.REGISTRY }} @@ -28,8 +39,6 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - - # Build Docker Image - name: Build Docker Image run: | From 2d755d547de3cfce8aeae7f1a53a0fc475abef3c Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 21:25:18 -0400 Subject: [PATCH 098/109] used the image name from earlier jobs --- .github/workflows/push-docker-image.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 21ab663..954e313 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -20,7 +20,7 @@ jobs: # Set up Docker Buildx - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # Extract metadata (tags, labels) for Docker - name: Extract metadata for Docker @@ -42,8 +42,8 @@ jobs: # Build Docker Image - name: Build Docker Image run: | - docker build -t ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tags }} . - docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tags }} ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest + docker build -t ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} + docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest From 06ebafd05e81c507658ee8e852f4fe3314b56b7f Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 21:31:44 -0400 Subject: [PATCH 099/109] used the image name from earlier jobs --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 954e313..c2a05d5 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -42,7 +42,7 @@ jobs: # Build Docker Image - name: Build Docker Image run: | - docker build -t ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} + docker build -t ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} . docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest From 905587a740f084854bc215a6488bb5f2f76773d4 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 21:40:58 -0400 Subject: [PATCH 100/109] used the image name from earlier jobs --- .github/workflows/push-docker-image.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index c2a05d5..cb78a4c 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -42,10 +42,8 @@ jobs: # Build Docker Image - name: Build Docker Image run: | - docker build -t ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} . - docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest - - + docker build -t ghcr.io/${{ github.repository_owner }}:${{ steps.meta.outputs.tags }} . + docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tags }} ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest - name: Wait for Docker container to be ready run: sleep 30 From 46ba1d9e9b6500b25a24b37c19d6d56d1ba27dda Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 21:55:38 -0400 Subject: [PATCH 101/109] used the image name from earlier jobs --- .github/workflows/push-docker-image.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index cb78a4c..d64e067 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -39,11 +39,11 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - # Build Docker Image + # Build and tag Docker Image - name: Build Docker Image run: | - docker build -t ghcr.io/${{ github.repository_owner }}:${{ steps.meta.outputs.tags }} . - docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tags }} ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest + docker build -t ghcr.io/${{ steps.meta.outputs.tags }} . + docker tag ${{ env.IMAGE_NAME }} ghcr.io/$${{ steps.meta.outputs.tags }}:latest - name: Wait for Docker container to be ready run: sleep 30 @@ -54,5 +54,5 @@ jobs: # Push the Docker image to the registry - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tags }} + docker push ghcr.io/${{ steps.meta.outputs.tags }} docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest From 1304e1d242285069ce9a982ebc8363ae906b458d Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 22:03:15 -0400 Subject: [PATCH 102/109] Adjusted the tages syntax --- .github/workflows/push-docker-image.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index d64e067..ea7f60b 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -42,8 +42,8 @@ jobs: # Build and tag Docker Image - name: Build Docker Image run: | - docker build -t ghcr.io/${{ steps.meta.outputs.tags }} . - docker tag ${{ env.IMAGE_NAME }} ghcr.io/$${{ steps.meta.outputs.tags }}:latest + docker build -t ${{ steps.meta.outputs.tags }} . + docker tag ${{ env.IMAGE_NAME }}/${{ steps.meta.outputs.tags }}:testing - name: Wait for Docker container to be ready run: sleep 30 @@ -55,4 +55,4 @@ jobs: - name: Push Docker Image to GHCR run: | docker push ghcr.io/${{ steps.meta.outputs.tags }} - docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest + docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:testing From a1bd640710e32ff38766e5a16784ac9a6dfb753f Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 22:09:26 -0400 Subject: [PATCH 103/109] Adjusted the tags syntax --- .github/workflows/push-docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index ea7f60b..c7a5fff 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -42,7 +42,7 @@ jobs: # Build and tag Docker Image - name: Build Docker Image run: | - docker build -t ${{ steps.meta.outputs.tags }} . + docker build -t ${{ env.IMAGE_NAME }}/${{ steps.meta.outputs.tags }} . docker tag ${{ env.IMAGE_NAME }}/${{ steps.meta.outputs.tags }}:testing - name: Wait for Docker container to be ready From 5f0f0d975825cbf652547ef77c6f2f31e72bfa90 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 22:17:04 -0400 Subject: [PATCH 104/109] Adjusted the tags syntax --- .github/workflows/push-docker-image.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index c7a5fff..6982f70 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -42,8 +42,12 @@ jobs: # Build and tag Docker Image - name: Build Docker Image run: | - docker build -t ${{ env.IMAGE_NAME }}/${{ steps.meta.outputs.tags }} . - docker tag ${{ env.IMAGE_NAME }}/${{ steps.meta.outputs.tags }}:testing + docker build -t ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }} . + + - name: Tag Docker Image + run: | + docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }} ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest + docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }} ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:testing - name: Wait for Docker container to be ready run: sleep 30 @@ -54,5 +58,6 @@ jobs: # Push the Docker image to the registry - name: Push Docker Image to GHCR run: | - docker push ghcr.io/${{ steps.meta.outputs.tags }} + docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }} + docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest docker push ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:testing From b020f963b319be72101f068328aa0722636ab8e4 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 22:26:59 -0400 Subject: [PATCH 105/109] Adjusted the tags syntax --- .github/workflows/push-docker-image.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 6982f70..bd6ea63 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -4,6 +4,11 @@ name: Push Docker Image on: workflow_call: + +permissions: + contents: read + packages: write + id-token: write env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io From 0c50105d26662a14c6f74572dc70934b0de41b4a Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 22:28:09 -0400 Subject: [PATCH 106/109] Adjusted the tags syntax --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1f61d4e..2ed0c9e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,6 +9,7 @@ permissions: security-events: write actions: read id-token: write + packages: write jobs: From 9024962d9318b6b1979013e2ee4da93641541d65 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Wed, 2 Apr 2025 22:28:50 -0400 Subject: [PATCH 107/109] Adjusted the tags syntax --- .github/workflows/push-docker-image.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index bd6ea63..6982f70 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -4,11 +4,6 @@ name: Push Docker Image on: workflow_call: - -permissions: - contents: read - packages: write - id-token: write env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io From 99c5fdc651fe956b96db61d6aa0e05c79e366243 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 3 Apr 2025 19:24:30 -0400 Subject: [PATCH 108/109] Adjusted the tags syntax --- .github/workflows/push-docker-image.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/push-docker-image.yml b/.github/workflows/push-docker-image.yml index 6982f70..1319ed0 100644 --- a/.github/workflows/push-docker-image.yml +++ b/.github/workflows/push-docker-image.yml @@ -49,11 +49,6 @@ jobs: docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }} ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest docker tag ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }} ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:testing - - name: Wait for Docker container to be ready - run: sleep 30 - - - name: Confirm Docker container is running - run: docker ps # Push the Docker image to the registry - name: Push Docker Image to GHCR From f2911ba8f8db4c4b79efc249f3a536a247ca7812 Mon Sep 17 00:00:00 2001 From: thogue12 Date: Thu, 24 Apr 2025 18:09:35 -0400 Subject: [PATCH 109/109] removed the id-token: write permission --- .github/.DS_Store | Bin 6148 -> 6148 bytes .github/workflows/main.yml | 1 - 2 files changed, 1 deletion(-) diff --git a/.github/.DS_Store b/.github/.DS_Store index 97aa9da6c4187fcbbc0ebbfa40131ca069785106..b31f6e221ee88fae48887e33b09680c455bac436 100644 GIT binary patch delta 18 ZcmZoMXffDe$jIn6IfhYUvlrtoF#t7S1!w>O delta 18 ZcmZoMXffDe$jJC%atx!yW-rEFVgNh@1`+@O diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2ed0c9e..18e6d07 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -8,7 +8,6 @@ permissions: contents: read security-events: write actions: read - id-token: write packages: write