From c2099e21335d43c5626d9222243df3240760c631 Mon Sep 17 00:00:00 2001 From: shockrah Date: Fri, 6 Sep 2024 18:46:28 -0700 Subject: [PATCH] Secops workflow and docker removal --- .gitea/workflows/sec-lint-s3.yaml | 19 +++++++++++ docker/beta/Dockerfile | 5 --- docker/beta/build.sh | 31 ------------------ docker/beta/nginx.conf | 52 ------------------------------- docker/beta/run.sh | 8 ----- docker/readme.md | 9 ------ 6 files changed, 19 insertions(+), 105 deletions(-) create mode 100644 .gitea/workflows/sec-lint-s3.yaml delete mode 100644 docker/beta/Dockerfile delete mode 100644 docker/beta/build.sh delete mode 100644 docker/beta/nginx.conf delete mode 100644 docker/beta/run.sh delete mode 100644 docker/readme.md diff --git a/.gitea/workflows/sec-lint-s3.yaml b/.gitea/workflows/sec-lint-s3.yaml new file mode 100644 index 0000000..2a87bc2 --- /dev/null +++ b/.gitea/workflows/sec-lint-s3.yaml @@ -0,0 +1,19 @@ +name: Secops Linting and Safety Checks +on: + push: + branches: + - master + + + +jobs: + checkov-scan-s3: + runs-on: ubuntu-latest + steps: + - name: Checkout repo code + uses: actions/checkout@v4 + - name: Scan S3 Terraform with Checkov + uses: bridgecrewio/checkov-action@master + with: + directory: infra/s3/ + framework: terraform \ No newline at end of file diff --git a/docker/beta/Dockerfile b/docker/beta/Dockerfile deleted file mode 100644 index 00b4971..0000000 --- a/docker/beta/Dockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM nginx:latest - -COPY nginx.conf /etc/nginx/nginx.conf - - diff --git a/docker/beta/build.sh b/docker/beta/build.sh deleted file mode 100644 index 6fd9747..0000000 --- a/docker/beta/build.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -set -e - -# Build the image locally first -docker build . -t reverse-proxy:latest - -# Tag as required -docker tag reverse-proxy:latest 805875567437.dkr.ecr.us-west-1.amazonaws.com/reverse-proxy:latest - -if [ "$1" = "dev" ]; then - ########################### - # Development build steps - ########################### - echo "Building local dev image" - echo "Skipping docker push because this is a local build" -elif [ "$1" = "prod" ]; then - ########################### - # Production build steps - ########################### - echo "Building production image" - echo "Authenticating to push to production registry" - # ECR Authentication - aws ecr get-login-password --region us-west-1 | docker login --username AWS --password-stdin 805875567437.dkr.ecr.us-west-1.amazonaws.com - # Pushing tagged image - docker push 805875567437.dkr.ecr.us-west-1.amazonaws.com/reverse-proxy:latest -else - echo "Unknown option given to build.sh" - exit 1 -fi - diff --git a/docker/beta/nginx.conf b/docker/beta/nginx.conf deleted file mode 100644 index 087daa8..0000000 --- a/docker/beta/nginx.conf +++ /dev/null @@ -1,52 +0,0 @@ -events { - worker_connections 768; -} - -http { - proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=60m; - proxy_cache_valid 200 60m; - proxy_cache_valid 404 1m; - proxy_cache my_cache; - proxy_cache_key "$scheme$request$request_method$host$request_uri"; - server { - listen 80; - listen [::]:80; - server_name shockrah.xyz; - location / { - proxy_pass http://shockrah.xyz.s3-website-us-west-1.amazonaws.com; - } - location /health { - access_log off; - add_header 'Content-Type' 'text/plain'; - return 200 "healthy"; - } - } - - server { - listen 80; - listen [::]:80; - server_name resume.shockrah.xyz; - location / { - proxy_pass http://resume.shockrah.xyz.s3-website-us-west-1.amazonaws.com; - } - location /health { - access_log off; - add_header 'Content-Type' 'text/plain'; - return 200 "healthy"; - } - } - - server { - listen 80; - listen [::]:80; - server_name temper.tv; - location / { - proxy_pass http://temper.tv.s3-website-us-west-1.amazonaws.com; - } - location /health { - access_log off; - add_header 'Content-Type' 'text/plain'; - return 200 "healthy"; - } - } -} diff --git a/docker/beta/run.sh b/docker/beta/run.sh deleted file mode 100644 index 7b447e5..0000000 --- a/docker/beta/run.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -e - -# This script is used for running the image locally for testing purposes - -docker run --publish 80:80 --name gateway --rm \ - 805875567437.dkr.ecr.us-west-1.amazonaws.com/reverse-proxy:latest diff --git a/docker/readme.md b/docker/readme.md deleted file mode 100644 index 88d33ca..0000000 --- a/docker/readme.md +++ /dev/null @@ -1,9 +0,0 @@ -# What is this - -This folder contains docker images that live in ECR - -## `beta` - -Reverse proxy for all things relating to static content under Project Athens. - -All static site content lives in S3 and thus this proxies that content.