Commit f145ad32 authored by Morten Knutsen's avatar Morten Knutsen

Merge branch 'sec_fixes' into 'master'

Try to fix the worst security vulnerabilities

See merge request !1
parents 8d2fa0a4 d4a7e44d
Pipeline #18301 passed with stages
in 2 minutes and 45 seconds
image: registry.uninett.no/asm/kubernetes-deploy:v0.16
image: registry.uninett.no/asm/kubernetes-deploy:v0.19
variables:
KUBE_PROD_DOMAIN: saml2int.org # The main domain for your application.
......@@ -7,6 +7,7 @@ variables:
stages:
- build
# - test
- scan
- staging
- production
build:
......@@ -15,6 +16,16 @@ build:
- build
only:
- branches
imagescan:
stage: scan
image: registry.uninett.no/public/twistcli
script:
- gitlab-ci-scan
services:
- name: docker:dind
alias: docker-dind
only:
- branches
production:
stage: production
script:
......
FROM nginx
FROM nginx:alpine
RUN apk upgrade --no-cache
RUN apk add --no-cache curl gnupg git ruby nodejs
RUN apk add --no-cache build-base ruby-dev nodejs-npm
WORKDIR /srv/www
RUN apt-get update && apt-get install -y curl gnupg build-essential git zlib1g-dev ruby-full \
&& rm -rf /var/lib/apt/lists/*
RUN curl -sL https://deb.nodesource.com/setup_6.x -o nodesource_setup.sh
RUN chmod a+x ./nodesource_setup.sh
RUN ./nodesource_setup.sh
RUN apt-get install -y nodejs
RUN gem install jekyll --no-ri --no-rdoc
RUN gem install rouge --no-ri --no-rdoc
......@@ -20,6 +17,8 @@ COPY bower.json /srv/www/bower.json
RUN npm install
RUN node_modules/bower/bin/bower install --config.interactive=false -p --allow-root
RUN gem install json bigdecimal --no-ri --no-rdoc
RUN jekyll build
RUN rm -rf /srv/www/dist/bower_components/uninett-theme/
RUN cd /srv/www/dist/bower_components/ && git clone https://github.com/andreassolberg/uninett-bootstrap-theme.git uninett-theme && cd uninett-theme && /srv/www/node_modules/bower/bin/bower install --allow-root
......@@ -29,4 +28,6 @@ RUN curl -o /srv/www/dist/bower_components/uninett-theme/fonts/colfaxLight.woff
&& curl -o /srv/www/dist/bower_components/uninett-theme/fonts/colfaxThin.woff http://mal.uninett.no/uninett-theme/fonts/colfaxThin.woff \
&& curl -o /srv/www/dist/bower_components/uninett-theme/fonts/colfaxRegularItalic.woff http://mal.uninett.no/uninett-theme/fonts/colfaxRegularItalic.woff
RUN apk del build-base ruby-dev nodejs-npm curl
EXPOSE 80
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment