diff --git a/.github/workflows/deploy-etablert-tilsyn.yml b/.github/workflows/deploy-etablert-tilsyn.yml index 65791779..8ca6b94d 100644 --- a/.github/workflows/deploy-etablert-tilsyn.yml +++ b/.github/workflows/deploy-etablert-tilsyn.yml @@ -24,6 +24,8 @@ jobs: permissions: packages: write contents: write + outputs: + image: ${{ steps.docker-push.outputs.image }} steps: - name: Hente kode uses: actions/checkout@v4 @@ -90,6 +92,9 @@ jobs: echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV + - name: Set image output + id: docker-push + run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT - uses: docker/login-action@v3 with: registry: ghcr.io @@ -152,3 +157,14 @@ jobs: ``` draft: false prerelease: false + trivy: + needs: [ deploy-docker-image ] + uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main + if: (github.ref == 'refs/heads/main') + permissions: + contents: write + security-events: write + actions: read + secrets: inherit + with: + image: ${{ needs.deploy-docker-image.outputs.image }} \ No newline at end of file diff --git a/.github/workflows/deploy-inntektsmelding.yml b/.github/workflows/deploy-inntektsmelding.yml index 17196ad6..79d217cf 100644 --- a/.github/workflows/deploy-inntektsmelding.yml +++ b/.github/workflows/deploy-inntektsmelding.yml @@ -24,6 +24,8 @@ jobs: permissions: packages: write contents: write + outputs: + image: ${{ steps.docker-push.outputs.image }} steps: - name: Hente kode uses: actions/checkout@v4 @@ -63,6 +65,9 @@ jobs: echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV + - name: Set image output + id: docker-push + run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT - uses: docker/login-action@v3 with: registry: ghcr.io @@ -125,3 +130,14 @@ jobs: ``` draft: false prerelease: false + trivy: + needs: [ deploy-docker-image ] + uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main + if: (github.ref == 'refs/heads/main') + permissions: + contents: write + security-events: write + actions: read + secrets: inherit + with: + image: ${{ needs.deploy-docker-image.outputs.image }} \ No newline at end of file diff --git "a/.github/workflows/deploy-medisinsk-vilk\303\245r.yml" "b/.github/workflows/deploy-medisinsk-vilk\303\245r.yml" index 7ed90593..3509e714 100644 --- "a/.github/workflows/deploy-medisinsk-vilk\303\245r.yml" +++ "b/.github/workflows/deploy-medisinsk-vilk\303\245r.yml" @@ -24,6 +24,8 @@ jobs: permissions: packages: write contents: write + outputs: + image: ${{ steps.docker-push.outputs.image }} steps: - name: Hente kode uses: actions/checkout@v4 @@ -90,6 +92,9 @@ jobs: echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV + - name: Set image output + id: docker-push + run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT - uses: docker/login-action@v3 with: registry: ghcr.io @@ -152,3 +157,14 @@ jobs: ``` draft: false prerelease: false + trivy: + needs: [ deploy-docker-image ] + uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main + if: (github.ref == 'refs/heads/main') + permissions: + contents: write + security-events: write + actions: read + secrets: inherit + with: + image: ${{ needs.deploy-docker-image.outputs.image }} \ No newline at end of file diff --git a/.github/workflows/deploy-om-barnet.yml b/.github/workflows/deploy-om-barnet.yml index a97ec838..211fddbf 100644 --- a/.github/workflows/deploy-om-barnet.yml +++ b/.github/workflows/deploy-om-barnet.yml @@ -24,6 +24,8 @@ jobs: permissions: packages: write contents: write + outputs: + image: ${{ steps.docker-push.outputs.image }} steps: - name: Hente kode uses: actions/checkout@v4 @@ -63,6 +65,9 @@ jobs: echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV + - name: Set image output + id: docker-push + run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT - uses: docker/login-action@v3 with: registry: ghcr.io @@ -125,3 +130,14 @@ jobs: ``` draft: false prerelease: false + trivy: + needs: [ deploy-docker-image ] + uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main + if: (github.ref == 'refs/heads/main') + permissions: + contents: write + security-events: write + actions: read + secrets: inherit + with: + image: ${{ needs.deploy-docker-image.outputs.image }} \ No newline at end of file diff --git a/.github/workflows/deploy-omsorgen-for.yml b/.github/workflows/deploy-omsorgen-for.yml index 7dd75981..bb0914bf 100644 --- a/.github/workflows/deploy-omsorgen-for.yml +++ b/.github/workflows/deploy-omsorgen-for.yml @@ -24,6 +24,8 @@ jobs: permissions: packages: write contents: write + outputs: + image: ${{ steps.docker-push.outputs.image }} steps: - name: Hente kode uses: actions/checkout@v4 @@ -63,6 +65,9 @@ jobs: echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV + - name: Set image output + id: docker-push + run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT - uses: docker/login-action@v3 with: registry: ghcr.io @@ -125,3 +130,14 @@ jobs: ``` draft: false prerelease: false + trivy: + needs: [ deploy-docker-image ] + uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main + if: (github.ref == 'refs/heads/main') + permissions: + contents: write + security-events: write + actions: read + secrets: inherit + with: + image: ${{ needs.deploy-docker-image.outputs.image }} \ No newline at end of file diff --git a/.github/workflows/deploy-omsorgsdager.yml b/.github/workflows/deploy-omsorgsdager.yml index 4aaf4489..ca817ea2 100644 --- a/.github/workflows/deploy-omsorgsdager.yml +++ b/.github/workflows/deploy-omsorgsdager.yml @@ -23,6 +23,8 @@ jobs: permissions: packages: write contents: write + outputs: + image: ${{ steps.docker-push.outputs.image }} steps: - name: Hente kode uses: actions/checkout@v4 @@ -54,7 +56,9 @@ jobs: echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV - + - name: Set image output + id: docker-push + run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT - uses: docker/login-action@v3 with: registry: ghcr.io @@ -120,3 +124,14 @@ jobs: ``` draft: false prerelease: false + trivy: + needs: [ deploy-docker-image ] + uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main + if: (github.ref == 'refs/heads/main') + permissions: + contents: write + security-events: write + actions: read + secrets: inherit + with: + image: ${{ needs.deploy-docker-image.outputs.image }} \ No newline at end of file diff --git a/.github/workflows/deploy-uttak.yml b/.github/workflows/deploy-uttak.yml index 4df19099..08ae0385 100644 --- a/.github/workflows/deploy-uttak.yml +++ b/.github/workflows/deploy-uttak.yml @@ -24,6 +24,8 @@ jobs: permissions: packages: write contents: write + outputs: + image: ${{ steps.docker-push.outputs.image }} steps: - name: Hente kode uses: actions/checkout@v4 @@ -63,6 +65,9 @@ jobs: echo "LATEST=${IMAGE_BASE}:latest" >> $GITHUB_ENV echo "CSS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/styles.css | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV echo "JS_HASH=$(shasum -b -a 384 build/${MAJOR_VERSION}/app.js | awk '{ print $1 }' | xxd -r -p | base64)" >> $GITHUB_ENV + - name: Set image output + id: docker-push + run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT - uses: docker/login-action@v3 with: registry: ghcr.io @@ -125,3 +130,14 @@ jobs: ``` draft: false prerelease: false + trivy: + needs: [ deploy-docker-image ] + uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main + if: (github.ref == 'refs/heads/main') + permissions: + contents: write + security-events: write + actions: read + secrets: inherit + with: + image: ${{ needs.deploy-docker-image.outputs.image }} \ No newline at end of file diff --git a/packages/etablert-tilsyn/Dockerfile b/packages/etablert-tilsyn/Dockerfile index 1adb9e45..4075bc54 100644 --- a/packages/etablert-tilsyn/Dockerfile +++ b/packages/etablert-tilsyn/Dockerfile @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.23.1-alpine +FROM nginxinc/nginx-unprivileged:stable-alpine-slim ADD server.nginx /etc/nginx/conf.d/app.conf.template COPY build /usr/share/nginx/html diff --git a/packages/inntektsmelding/Dockerfile b/packages/inntektsmelding/Dockerfile index fbbabec3..47dca01c 100644 --- a/packages/inntektsmelding/Dockerfile +++ b/packages/inntektsmelding/Dockerfile @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.23.1-alpine +FROM nginxinc/nginx-unprivileged:stable-alpine-slim ADD server.nginx /etc/nginx/conf.d/app.conf.template COPY build /usr/share/nginx/html diff --git "a/packages/medisinsk-vilk\303\245r/Dockerfile" "b/packages/medisinsk-vilk\303\245r/Dockerfile" index d1eb6218..50c84566 100644 --- "a/packages/medisinsk-vilk\303\245r/Dockerfile" +++ "b/packages/medisinsk-vilk\303\245r/Dockerfile" @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.23.1-alpine +FROM nginxinc/nginx-unprivileged:stable-alpine-slim ADD server.nginx /etc/nginx/conf.d/app.conf.template COPY build /usr/share/nginx/html diff --git a/packages/om-barnet/Dockerfile b/packages/om-barnet/Dockerfile index f23ba5f0..f71cc814 100644 --- a/packages/om-barnet/Dockerfile +++ b/packages/om-barnet/Dockerfile @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.23.3-alpine +FROM nginxinc/nginx-unprivileged:stable-alpine-slim RUN rm /etc/nginx/conf.d/default.conf ADD server.nginx /etc/nginx/conf.d/app.conf.template diff --git a/packages/omsorgen-for/Dockerfile b/packages/omsorgen-for/Dockerfile index 0b68a2f8..a7e267eb 100644 --- a/packages/omsorgen-for/Dockerfile +++ b/packages/omsorgen-for/Dockerfile @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.23.1-alpine +FROM nginxinc/nginx-unprivileged:stable-alpine-slim ADD server.nginx /etc/nginx/conf.d/app.conf.template COPY build /usr/share/nginx/html diff --git a/packages/omsorgsdager/Dockerfile b/packages/omsorgsdager/Dockerfile index 43ac10d8..28987c48 100644 --- a/packages/omsorgsdager/Dockerfile +++ b/packages/omsorgsdager/Dockerfile @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.23.3-alpine +FROM nginxinc/nginx-unprivileged:stable-alpine-slim ADD server.nginx /etc/nginx/conf.d/app.conf.template COPY build /usr/share/nginx/html diff --git a/packages/omsorgsdager/src/app.ts b/packages/omsorgsdager/src/app.ts index a1252125..b508e8d3 100644 --- a/packages/omsorgsdager/src/app.ts +++ b/packages/omsorgsdager/src/app.ts @@ -1,6 +1,6 @@ import renderers from './util/renderers'; import ContainerContract from './types/ContainerContract'; - +// test (window as any).renderMicrofrontendOmsorgsdagerApp = async (appId, data: ContainerContract) => { const { renderAppInSuccessfulState } = renderers; renderAppInSuccessfulState(appId, data); diff --git a/packages/uttak/Dockerfile b/packages/uttak/Dockerfile index 0b68a2f8..a7e267eb 100644 --- a/packages/uttak/Dockerfile +++ b/packages/uttak/Dockerfile @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:1.23.1-alpine +FROM nginxinc/nginx-unprivileged:stable-alpine-slim ADD server.nginx /etc/nginx/conf.d/app.conf.template COPY build /usr/share/nginx/html