shockrah/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Secops workflow and docker removal
Some checks failed
Secops Linting and Safety Checks / checkov-scan-s3 (push) Failing after 35s
Details
Actions demo / simple-echo (push) Has been cancelled
Details

Browse Source
This commit is contained in:
shockrah 2024-09-06 18:46:28 -07:00
parent be13e9e71f
commit c2099e2133
6 changed files with 19 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.gitea/workflows/sec-lint-s3.yaml Normal file
View File

@ -0,0 +1,19 @@
name: Secops Linting and Safety Checks
on:
push:
branches:
- master
jobs:
checkov-scan-s3:
runs-on: ubuntu-latest
steps:
- name: Checkout repo code
uses: actions/checkout@v4
- name: Scan S3 Terraform with Checkov
uses: bridgecrewio/checkov-action@master
with:
directory: infra/s3/
framework: terraform

5
docker/beta/Dockerfile
View File

@ -1,5 +0,0 @@
FROM nginx:latest
COPY nginx.conf /etc/nginx/nginx.conf

31
docker/beta/build.sh
View File

@ -1,31 +0,0 @@
#!/bin/bash
set -e
# Build the image locally first
docker build . -t reverse-proxy:latest
# Tag as required
docker tag reverse-proxy:latest 805875567437.dkr.ecr.us-west-1.amazonaws.com/reverse-proxy:latest
if [ "$1" = "dev" ]; then
###########################
# Development build steps
###########################
echo "Building local dev image"
echo "Skipping docker push because this is a local build"
elif [ "$1" = "prod" ]; then
###########################
# Production build steps
###########################
echo "Building production image"
echo "Authenticating to push to production registry"
# ECR Authentication
aws ecr get-login-password --region us-west-1 | docker login --username AWS --password-stdin 805875567437.dkr.ecr.us-west-1.amazonaws.com
# Pushing tagged image
docker push 805875567437.dkr.ecr.us-west-1.amazonaws.com/reverse-proxy:latest
else
echo "Unknown option given to build.sh"
exit 1
fi

52
docker/beta/nginx.conf
View File

@ -1,52 +0,0 @@
events {
worker_connections 768;
}
http {
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=60m;
proxy_cache_valid 200 60m;
proxy_cache_valid 404 1m;
proxy_cache my_cache;
proxy_cache_key "$scheme$request$request_method$host$request_uri";
server {
listen 80;
listen [::]:80;
server_name shockrah.xyz;
location / {
proxy_pass http://shockrah.xyz.s3-website-us-west-1.amazonaws.com;
}
location /health {
access_log off;
add_header 'Content-Type' 'text/plain';
return 200 "healthy";
}
}
server {
listen 80;
listen [::]:80;
server_name resume.shockrah.xyz;
location / {
proxy_pass http://resume.shockrah.xyz.s3-website-us-west-1.amazonaws.com;
}
location /health {
access_log off;
add_header 'Content-Type' 'text/plain';
return 200 "healthy";
}
}
server {
listen 80;
listen [::]:80;
server_name temper.tv;
location / {
proxy_pass http://temper.tv.s3-website-us-west-1.amazonaws.com;
}
location /health {
access_log off;
add_header 'Content-Type' 'text/plain';
return 200 "healthy";
}
}
}

8
docker/beta/run.sh
View File

@ -1,8 +0,0 @@
#!/bin/bash
set -e
# This script is used for running the image locally for testing purposes
docker run --publish 80:80 --name gateway --rm \
805875567437.dkr.ecr.us-west-1.amazonaws.com/reverse-proxy:latest

9
docker/readme.md
View File

@ -1,9 +0,0 @@
# What is this
This folder contains docker images that live in ECR
## `beta`
Reverse proxy for all things relating to static content under Project Athens.
All static site content lives in S3 and thus this proxies that content.