Secops workflow and docker removal
This commit is contained in:
parent
be13e9e71f
commit
c2099e2133
19
.gitea/workflows/sec-lint-s3.yaml
Normal file
19
.gitea/workflows/sec-lint-s3.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
name: Secops Linting and Safety Checks
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
|
||||
|
||||
|
||||
jobs:
|
||||
checkov-scan-s3:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repo code
|
||||
uses: actions/checkout@v4
|
||||
- name: Scan S3 Terraform with Checkov
|
||||
uses: bridgecrewio/checkov-action@master
|
||||
with:
|
||||
directory: infra/s3/
|
||||
framework: terraform
|
@ -1,5 +0,0 @@
|
||||
FROM nginx:latest
|
||||
|
||||
COPY nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
|
@ -1,31 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
# Build the image locally first
|
||||
docker build . -t reverse-proxy:latest
|
||||
|
||||
# Tag as required
|
||||
docker tag reverse-proxy:latest 805875567437.dkr.ecr.us-west-1.amazonaws.com/reverse-proxy:latest
|
||||
|
||||
if [ "$1" = "dev" ]; then
|
||||
###########################
|
||||
# Development build steps
|
||||
###########################
|
||||
echo "Building local dev image"
|
||||
echo "Skipping docker push because this is a local build"
|
||||
elif [ "$1" = "prod" ]; then
|
||||
###########################
|
||||
# Production build steps
|
||||
###########################
|
||||
echo "Building production image"
|
||||
echo "Authenticating to push to production registry"
|
||||
# ECR Authentication
|
||||
aws ecr get-login-password --region us-west-1 | docker login --username AWS --password-stdin 805875567437.dkr.ecr.us-west-1.amazonaws.com
|
||||
# Pushing tagged image
|
||||
docker push 805875567437.dkr.ecr.us-west-1.amazonaws.com/reverse-proxy:latest
|
||||
else
|
||||
echo "Unknown option given to build.sh"
|
||||
exit 1
|
||||
fi
|
||||
|
@ -1,52 +0,0 @@
|
||||
events {
|
||||
worker_connections 768;
|
||||
}
|
||||
|
||||
http {
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=60m;
|
||||
proxy_cache_valid 200 60m;
|
||||
proxy_cache_valid 404 1m;
|
||||
proxy_cache my_cache;
|
||||
proxy_cache_key "$scheme$request$request_method$host$request_uri";
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name shockrah.xyz;
|
||||
location / {
|
||||
proxy_pass http://shockrah.xyz.s3-website-us-west-1.amazonaws.com;
|
||||
}
|
||||
location /health {
|
||||
access_log off;
|
||||
add_header 'Content-Type' 'text/plain';
|
||||
return 200 "healthy";
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name resume.shockrah.xyz;
|
||||
location / {
|
||||
proxy_pass http://resume.shockrah.xyz.s3-website-us-west-1.amazonaws.com;
|
||||
}
|
||||
location /health {
|
||||
access_log off;
|
||||
add_header 'Content-Type' 'text/plain';
|
||||
return 200 "healthy";
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name temper.tv;
|
||||
location / {
|
||||
proxy_pass http://temper.tv.s3-website-us-west-1.amazonaws.com;
|
||||
}
|
||||
location /health {
|
||||
access_log off;
|
||||
add_header 'Content-Type' 'text/plain';
|
||||
return 200 "healthy";
|
||||
}
|
||||
}
|
||||
}
|
@ -1,8 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
# This script is used for running the image locally for testing purposes
|
||||
|
||||
docker run --publish 80:80 --name gateway --rm \
|
||||
805875567437.dkr.ecr.us-west-1.amazonaws.com/reverse-proxy:latest
|
@ -1,9 +0,0 @@
|
||||
# What is this
|
||||
|
||||
This folder contains docker images that live in ECR
|
||||
|
||||
## `beta`
|
||||
|
||||
Reverse proxy for all things relating to static content under Project Athens.
|
||||
|
||||
All static site content lives in S3 and thus this proxies that content.
|
Loading…
Reference in New Issue
Block a user