-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Init with documentation and source images
- Loading branch information
Showing
14 changed files
with
606 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
name: build | ||
|
||
on: | ||
push: | ||
branches: | ||
- "dev" | ||
tags: | ||
- "v*.*.*" | ||
|
||
jobs: | ||
lint-redcap-fastcgi-client: | ||
name: lint-redcap-fastcgi-client | ||
runs-on: ubuntu-20.04 | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
- name: Lint Dockerfile with Hadolint | ||
uses: hadolint/hadolint-action@v3.1.0 | ||
with: | ||
dockerfile: ./fastcgi-client/Dockerfile | ||
override-info: DL3008,DL3018,DL3041,SC2046 | ||
failure-threshold: warning | ||
|
||
scan-redcap-fastcgi-client: | ||
name: scan-redcap-fastcgi-client | ||
needs: lint-redcap-fastcgi-client | ||
runs-on: ubuntu-20.04 | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
- name: Build container from Dockerfile | ||
run: docker build -t ghcr.io/aphp/redcap-fastcgi-client:${{ github.sha }} ./fastcgi-client | ||
- name: Run Dockle | ||
uses: erzz/dockle-action@v1.4.0 | ||
with: | ||
image: ghcr.io/aphp/redcap-fastcgi-client:${{ github.sha }} | ||
report-format: json | ||
failure-threshold: fatal | ||
exit-code: 1 | ||
- name: Scan container for vulnerabilities with Trivy | ||
uses: aquasecurity/trivy-action@0.28.0 | ||
with: | ||
image-ref: 'ghcr.io/aphp/redcap-fastcgi-client:${{ github.sha }}' | ||
format: 'table' | ||
exit-code: '1' | ||
ignore-unfixed: true | ||
scanners: 'vuln,secret,license' | ||
vuln-type: 'os,library' | ||
severity: 'CRITICAL' | ||
|
||
push-redcap-fastcgi-client: | ||
name: push-redcap-fastcgi-client | ||
needs: scan-redcap-fastcgi-client | ||
runs-on: ubuntu-24.04 | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Docker meta | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
# list of Docker images to use as base name for tags | ||
images: | | ||
ghcr.io/aphp/redcap-fastcgi-client | ||
# generate Docker tags based on the following events/attributes | ||
tags: | | ||
type=schedule | ||
type=ref,event=branch | ||
type=ref,event=pr | ||
type=semver,pattern={{version}} | ||
type=semver,pattern={{major}}.{{minor}} | ||
type=semver,pattern={{major}} | ||
type=sha | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: 'Login to GitHub Container Registry' | ||
uses: docker/login-action@v3.3.0 | ||
with: | ||
registry: ghcr.io | ||
username: ${{github.actor}} | ||
password: ${{secrets.GITHUB_TOKEN}} | ||
|
||
- name: Build and push | ||
uses: docker/build-push-action@v6 | ||
with: | ||
context: "{{defaultContext}}:fastcgi-client" | ||
push: ${{ github.event_name != 'pull_request' }} | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
name: build | ||
on: | ||
push: | ||
branches: | ||
- main | ||
- dev | ||
pull_request: | ||
|
||
jobs: | ||
lint-redcap-httpd-shibd: | ||
name: lint-redcap-httpd-shibd | ||
runs-on: ubuntu-20.04 | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
- name: Lint Dockerfile with Hadolint | ||
uses: hadolint/hadolint-action@v3.1.0 | ||
with: | ||
dockerfile: ./httpd-shibd/Dockerfile | ||
override-info: DL3008,DL3018,DL3041,SC2046 | ||
failure-threshold: warning | ||
|
||
scan-redcap-httpd-shibd: | ||
name: scan-redcap-httpd-shibd | ||
needs: lint-redcap-httpd-shibd | ||
runs-on: ubuntu-20.04 | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
- name: Build container from Dockerfile | ||
run: docker build -t ghcr.io/aphp/redcap-httpd-shibd:${{ github.sha }} ./httpd-shibd | ||
- name: Run Dockle | ||
uses: erzz/dockle-action@v1.4.0 | ||
with: | ||
image: ghcr.io/aphp/redcap-httpd-shibd:${{ github.sha }} | ||
report-format: json | ||
failure-threshold: fatal | ||
exit-code: 1 | ||
- name: Scan container for vulnerabilities with Trivy | ||
uses: aquasecurity/trivy-action@0.28.0 | ||
with: | ||
image-ref: 'ghcr.io/aphp/redcap-httpd-shibd:${{ github.sha }}' | ||
format: 'table' | ||
exit-code: '1' | ||
ignore-unfixed: true | ||
scanners: 'vuln,secret,license' | ||
vuln-type: 'os,library' | ||
severity: 'CRITICAL' | ||
|
||
push-redcap-httpd-shibd: | ||
name: push-redcap-httpd-shibd | ||
needs: scan-redcap-httpd-shibd | ||
runs-on: ubuntu-24.04 | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Docker meta | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
# list of Docker images to use as base name for tags | ||
images: | | ||
ghcr.io/aphp/redcap-httpd-shibd | ||
# generate Docker tags based on the following events/attributes | ||
tags: | | ||
type=schedule | ||
type=ref,event=branch | ||
type=ref,event=pr | ||
type=semver,pattern={{version}} | ||
type=semver,pattern={{major}}.{{minor}} | ||
type=semver,pattern={{major}} | ||
type=sha | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: 'Login to GitHub Container Registry' | ||
uses: docker/login-action@v3.3.0 | ||
with: | ||
registry: ghcr.io | ||
username: ${{github.actor}} | ||
password: ${{secrets.GITHUB_TOKEN}} | ||
|
||
- name: Build and push | ||
uses: docker/build-push-action@v6 | ||
with: | ||
context: "{{defaultContext}}:httpd-shibd" | ||
push: ${{ github.event_name != 'pull_request' }} | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
name: build | ||
on: | ||
push: | ||
branches: | ||
- main | ||
- dev | ||
pull_request: | ||
|
||
jobs: | ||
lint-redcap-php-fpm: | ||
name: lint-redcap-php-fpm | ||
runs-on: ubuntu-24.04 | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
- name: Lint Dockerfile with Hadolint | ||
uses: hadolint/hadolint-action@v3.1.0 | ||
with: | ||
dockerfile: ./php-fpm/Dockerfile | ||
override-info: DL3008,DL3018,DL3041,SC2046 | ||
failure-threshold: warning | ||
|
||
scan-redcap-php-fpm: | ||
name: scan-redcap-php-fpm | ||
needs: lint-redcap-php-fpm | ||
runs-on: ubuntu-20.04 | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
- name: Build container from Dockerfile | ||
run: docker build -t ghcr.io/aphp/redcap-php-fpm:${{ github.sha }} ./php-fpm | ||
- name: Run Dockle | ||
uses: erzz/dockle-action@v1.4.0 | ||
with: | ||
image: ghcr.io/aphp/redcap-php-fpm:${{ github.sha }} | ||
report-format: json | ||
failure-threshold: fatal | ||
exit-code: 1 | ||
- name: Scan container for vulnerabilities with Trivy | ||
uses: aquasecurity/trivy-action@0.28.0 | ||
with: | ||
image-ref: 'ghcr.io/aphp/redcap-php-fpm:${{ github.sha }}' | ||
format: 'table' | ||
exit-code: '1' | ||
ignore-unfixed: true | ||
scanners: 'vuln,secret,license' | ||
vuln-type: 'os,library' | ||
severity: 'CRITICAL' | ||
|
||
push-redcap-php-fpm: | ||
name: push-redcap-php-fpm | ||
needs: scan-redcap-php-fpm | ||
runs-on: ubuntu-24.04 | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Docker meta | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
# list of Docker images to use as base name for tags | ||
images: | | ||
ghcr.io/aphp/redcap-php-fpm | ||
# generate Docker tags based on the following events/attributes | ||
tags: | | ||
type=schedule | ||
type=ref,event=branch | ||
type=ref,event=pr | ||
type=semver,pattern={{version}} | ||
type=semver,pattern={{major}}.{{minor}} | ||
type=semver,pattern={{major}} | ||
type=sha | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: 'Login to GitHub Container Registry' | ||
uses: docker/login-action@v3.3.0 | ||
with: | ||
registry: ghcr.io | ||
username: ${{github.actor}} | ||
password: ${{secrets.GITHUB_TOKEN}} | ||
|
||
- name: Build and push | ||
uses: docker/build-push-action@v6 | ||
with: | ||
context: "{{defaultContext}}:php-fpm" | ||
push: ${{ github.event_name != 'pull_request' }} | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
|
||
## How to contribute to the `aphp/redcap-containers` project | ||
|
||
#### **Did you find a bug?** | ||
|
||
* **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/aphp/redcap-containers/issues). | ||
|
||
* If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/aphp/redcap-containers/issues/new). Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the expected behavior that is not occurring. | ||
|
||
#### **Did you write a patch that fixes a bug?** | ||
|
||
* Open a new GitHub pull request with the patch. | ||
|
||
* Ensure the PR description clearly describes the problem and solution. Include the relevant issue number if applicable. | ||
|
||
#### **Do you intend to add a new feature or change an existing one?** | ||
|
||
* Suggest your change in a dedicated issue. | ||
|
||
* Do not submit a PR on GitHub until you have collected positive feedback about the change. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
This software contains the following dependencies developped by Broadcom : | ||
|
||
- Docker Images | ||
- alpinelinux : https://github.com/alpinelinux/docker-alpine | ||
- rockylinux : https://github.com/rocky-linux/sig-cloud-instance-images | ||
- docker/php: https://github.com/docker-library/php | ||
|
||
Those dependecies are present as source f the images presents in this repository. | ||
Indidual licence statements are presents in the following links : | ||
- alpinelinux : https://github.com/alpinelinux/docker-alpine/blob/master/LICENSE | ||
- rockylinux : https://rockylinux.org/fr-FR/legal/licensing | ||
- docker/php: https://github.com/docker-library/php/blob/master/LICENSE | ||
|
||
The build process of the images present in this repository includes a licence check - reports can be found in the Github Actions. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,36 @@ | ||
# redcap-containers | ||
# APHP - REDCap Helm Chart containers | ||
|
||
## Presentation | ||
|
||
This repository is hosting the container images that are needed to run the REDCap Helm Chart provided by the Greater Paris University Hospitals. | ||
|
||
Those images are as follow : | ||
- `httpd-shibd` : A custom container made to host an instance of Apache HTTPd and Shibboleth. | ||
- [see the `httpd-shibd` folder](./httpd-shibd/) | ||
- `fastcgi-client` : A simple FastCGI client. | ||
- [see the `fastcgi-client` folder](./fastcgi-client/) | ||
- `php-fpm` : A PHP 8.2 FPM server that contains all dependencies and configurations needed by REDCap. | ||
- [see the `php-fpm` folder](./php-fpm/) | ||
|
||
Each subfolder contains its own README file. | ||
|
||
All those containers are `rootless`, and **none of them is containing, or distributing REDCap binairies**. | ||
If you wish to use REDCap and are not sure where to start, you may visit the dedicated [REDCap Community Site](https://projectredcap.org/resources/community/). | ||
|
||
## Continous Integration / Continous Delivery | ||
|
||
This project uses 3 Github Workflows (presents under the .github/workflows directory), which will, for each image : | ||
- Lint the Dockerfile using `Hadolint` | ||
- Scan the container images using `Dockle` | ||
- Runs critical vulnerability, secrets and license checks on the container image using `Trivy` | ||
- Pushes the container images to this project's GHCR for it to be retrieved as a container image. | ||
|
||
## How can I contribute? | ||
|
||
You're welcome to read the [contribution guidelines](./CONTRIBUTING.md). | ||
|
||
## How is this project licensed? | ||
|
||
The informations about the licensing and the dependencies of this project can be found under : | ||
- The [project's license file](./LICENSE) | ||
- The [legal notice](./NOTICE) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
FROM alpine:3 | ||
|
||
LABEL maintainer=APHP | ||
|
||
RUN apk update &&\ | ||
apk add --no-cache fcgi | ||
|
||
RUN adduser -S cgi | ||
|
||
USER cgi | ||
|
||
ENTRYPOINT ["cgi-fcgi"] |
Oops, something went wrong.