Merge branch 'main' into dependency-upgrades

navikt · Oct 13, 2023 · 3d2dab9 · 3d2dab9
2 parents 5e05a28 + 8bdf092
commit 3d2dab9
Show file tree

Hide file tree

Showing 15 changed files with 120 additions and 9 deletions.
diff --git a/.github/workflows/deploy-etablert-tilsyn.yml b/.github/workflows/deploy-etablert-tilsyn.yml
@@ -24,6 +24,8 @@ jobs:
     permissions:
       packages: write
       contents: write
+    outputs:
+      image: ${{ steps.docker-push.outputs.image }}
     steps:
       - name: Hente kode
         uses: actions/checkout@v4
@@ -90,6 +92,9 @@ jobs:
           echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV
           echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
           echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
+      - name: Set image output
+        id: docker-push
+        run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT
       - uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -152,3 +157,14 @@ jobs:
             ```
           draft: false
           prerelease: false
+  trivy:
+    needs: [ deploy-docker-image ]
+    uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main
+    if: (github.ref == 'refs/heads/main')
+    permissions:
+      contents: write
+      security-events: write
+      actions: read
+    secrets: inherit
+    with:
+      image: ${{ needs.deploy-docker-image.outputs.image }}
diff --git a/.github/workflows/deploy-inntektsmelding.yml b/.github/workflows/deploy-inntektsmelding.yml
@@ -24,6 +24,8 @@ jobs:
     permissions:
       packages: write
       contents: write
+    outputs:
+      image: ${{ steps.docker-push.outputs.image }}
     steps:
       - name: Hente kode
         uses: actions/checkout@v4
@@ -63,6 +65,9 @@ jobs:
           echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV
           echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
           echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
+      - name: Set image output
+        id: docker-push
+        run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT
       - uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -125,3 +130,14 @@ jobs:
             ```
           draft: false
           prerelease: false
+  trivy:
+    needs: [ deploy-docker-image ]
+    uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main
+    if: (github.ref == 'refs/heads/main')
+    permissions:
+      contents: write
+      security-events: write
+      actions: read
+    secrets: inherit
+    with:
+      image: ${{ needs.deploy-docker-image.outputs.image }}
diff --git a/.github/workflows/deploy-medisinsk-vilkår.yml b/.github/workflows/deploy-medisinsk-vilkår.yml
@@ -24,6 +24,8 @@ jobs:
     permissions:
       packages: write
       contents: write
+    outputs:
+      image: ${{ steps.docker-push.outputs.image }}
     steps:
       - name: Hente kode
         uses: actions/checkout@v4
@@ -90,6 +92,9 @@ jobs:
           echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV
           echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
           echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
+      - name: Set image output
+        id: docker-push
+        run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT
       - uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -152,3 +157,14 @@ jobs:
             ```
           draft: false
           prerelease: false
+  trivy:
+    needs: [ deploy-docker-image ]
+    uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main
+    if: (github.ref == 'refs/heads/main')
+    permissions:
+      contents: write
+      security-events: write
+      actions: read
+    secrets: inherit
+    with:
+      image: ${{ needs.deploy-docker-image.outputs.image }}
diff --git a/.github/workflows/deploy-om-barnet.yml b/.github/workflows/deploy-om-barnet.yml
@@ -24,6 +24,8 @@ jobs:
     permissions:
       packages: write
       contents: write
+    outputs:
+      image: ${{ steps.docker-push.outputs.image }}
     steps:
       - name: Hente kode
         uses: actions/checkout@v4
@@ -63,6 +65,9 @@ jobs:
           echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV
           echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
           echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
+      - name: Set image output
+        id: docker-push
+        run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT
       - uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -125,3 +130,14 @@ jobs:
             ```
           draft: false
           prerelease: false
+  trivy:
+    needs: [ deploy-docker-image ]
+    uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main
+    if: (github.ref == 'refs/heads/main')
+    permissions:
+      contents: write
+      security-events: write
+      actions: read
+    secrets: inherit
+    with:
+      image: ${{ needs.deploy-docker-image.outputs.image }}
diff --git a/.github/workflows/deploy-omsorgen-for.yml b/.github/workflows/deploy-omsorgen-for.yml
@@ -24,6 +24,8 @@ jobs:
     permissions:
       packages: write
       contents: write
+    outputs:
+      image: ${{ steps.docker-push.outputs.image }}
     steps:
       - name: Hente kode
         uses: actions/checkout@v4
@@ -63,6 +65,9 @@ jobs:
           echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV
           echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
           echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
+      - name: Set image output
+        id: docker-push
+        run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT
       - uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -125,3 +130,14 @@ jobs:
             ```
           draft: false
           prerelease: false
+  trivy:
+    needs: [ deploy-docker-image ]
+    uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main
+    if: (github.ref == 'refs/heads/main')
+    permissions:
+      contents: write
+      security-events: write
+      actions: read
+    secrets: inherit
+    with:
+      image: ${{ needs.deploy-docker-image.outputs.image }}
diff --git a/.github/workflows/deploy-omsorgsdager.yml b/.github/workflows/deploy-omsorgsdager.yml
@@ -23,6 +23,8 @@ jobs:
     permissions:
       packages: write
       contents: write
+    outputs:
+      image: ${{ steps.docker-push.outputs.image }}
     steps:
       - name: Hente kode
         uses: actions/checkout@v4
@@ -54,7 +56,9 @@ jobs:
           echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV
           echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
           echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
-
+      - name: Set image output
+        id: docker-push
+        run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT
       - uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -120,3 +124,14 @@ jobs:
             ```
           draft: false
           prerelease: false
+  trivy:
+    needs: [ deploy-docker-image ]
+    uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main
+    if: (github.ref == 'refs/heads/main')
+    permissions:
+      contents: write
+      security-events: write
+      actions: read
+    secrets: inherit
+    with:
+      image: ${{ needs.deploy-docker-image.outputs.image }}
diff --git a/.github/workflows/deploy-uttak.yml b/.github/workflows/deploy-uttak.yml
@@ -24,6 +24,8 @@ jobs:
     permissions:
       packages: write
       contents: write
+    outputs:
+      image: ${{ steps.docker-push.outputs.image }}
     steps:
       - name: Hente kode
         uses: actions/checkout@v4
@@ -63,6 +65,9 @@ jobs:
           echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV
           echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
           echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV
+      - name: Set image output
+        id: docker-push
+        run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT
       - uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -125,3 +130,14 @@ jobs:
             ```
           draft: false
           prerelease: false
+  trivy:
+    needs: [ deploy-docker-image ]
+    uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main
+    if: (github.ref == 'refs/heads/main')
+    permissions:
+      contents: write
+      security-events: write
+      actions: read
+    secrets: inherit
+    with:
+      image: ${{ needs.deploy-docker-image.outputs.image }}
diff --git a/packages/etablert-tilsyn/Dockerfile b/packages/etablert-tilsyn/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginxinc/nginx-unprivileged:1.23.1-alpine
+FROM nginxinc/nginx-unprivileged:stable-alpine-slim
 
 ADD server.nginx /etc/nginx/conf.d/app.conf.template
 COPY build /usr/share/nginx/html

diff --git a/packages/inntektsmelding/Dockerfile b/packages/inntektsmelding/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginxinc/nginx-unprivileged:1.23.1-alpine
+FROM nginxinc/nginx-unprivileged:stable-alpine-slim
 
 ADD server.nginx /etc/nginx/conf.d/app.conf.template
 COPY build /usr/share/nginx/html

diff --git a/packages/medisinsk-vilkår/Dockerfile b/packages/medisinsk-vilkår/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginxinc/nginx-unprivileged:1.23.1-alpine
+FROM nginxinc/nginx-unprivileged:stable-alpine-slim
 
 ADD server.nginx /etc/nginx/conf.d/app.conf.template
 COPY build /usr/share/nginx/html

diff --git a/packages/om-barnet/Dockerfile b/packages/om-barnet/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginxinc/nginx-unprivileged:1.23.3-alpine
+FROM nginxinc/nginx-unprivileged:stable-alpine-slim
 
 RUN rm /etc/nginx/conf.d/default.conf
 ADD server.nginx /etc/nginx/conf.d/app.conf.template

diff --git a/packages/omsorgen-for/Dockerfile b/packages/omsorgen-for/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginxinc/nginx-unprivileged:1.23.1-alpine
+FROM nginxinc/nginx-unprivileged:stable-alpine-slim
 
 ADD server.nginx /etc/nginx/conf.d/app.conf.template
 COPY build /usr/share/nginx/html

diff --git a/packages/omsorgsdager/Dockerfile b/packages/omsorgsdager/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginxinc/nginx-unprivileged:1.23.3-alpine
+FROM nginxinc/nginx-unprivileged:stable-alpine-slim
 
 ADD server.nginx /etc/nginx/conf.d/app.conf.template
 COPY build /usr/share/nginx/html

diff --git a/packages/omsorgsdager/src/app.ts b/packages/omsorgsdager/src/app.ts
@@ -1,6 +1,6 @@
 import renderers from './util/renderers';
 import ContainerContract from './types/ContainerContract';
-
+// test
 (window as any).renderMicrofrontendOmsorgsdagerApp = async (appId, data: ContainerContract) => {
     const { renderAppInSuccessfulState } = renderers;
     renderAppInSuccessfulState(appId, data);

diff --git a/packages/uttak/Dockerfile b/packages/uttak/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginxinc/nginx-unprivileged:1.23.1-alpine
+FROM nginxinc/nginx-unprivileged:stable-alpine-slim
 
 ADD server.nginx /etc/nginx/conf.d/app.conf.template
 COPY build /usr/share/nginx/html