From 5ae9c662ff8afccda96bcf6c7353022b8c2de887 Mon Sep 17 00:00:00 2001 From: Dragos0000 Date: Wed, 14 Aug 2024 12:29:18 +0100 Subject: [PATCH] changed airflow image and added filters for security scanning --- Makefile | 1 + filters/fortify-exclusion.properties | 1 + filters/odc-exclusion.properties | 1 + infra/airflow-cluster/Dockerfile | 2 ++ infra/airflow/Dockerfile | 2 ++ infra/alpine/Dockerfile | 19 ------------------- 6 files changed, 7 insertions(+), 19 deletions(-) create mode 100644 filters/fortify-exclusion.properties create mode 100644 filters/odc-exclusion.properties delete mode 100644 infra/alpine/Dockerfile diff --git a/Makefile b/Makefile index 6a03d248..a902a3b6 100644 --- a/Makefile +++ b/Makefile @@ -95,6 +95,7 @@ create-env-airflow: @ cp requirements.txt ./infra/airflow/ @ cp -r ted_sws ./infra/airflow/ @ cp -r dags ./infra/airflow/ + @ cp -r libraries ./infra/airflow/ build-airflow: guard-ENVIRONMENT create-env-airflow build-externals diff --git a/filters/fortify-exclusion.properties b/filters/fortify-exclusion.properties new file mode 100644 index 00000000..78dadff6 --- /dev/null +++ b/filters/fortify-exclusion.properties @@ -0,0 +1 @@ +excludePatterns=**/src/docs/**/*,**/src/tests/**/* \ No newline at end of file diff --git a/filters/odc-exclusion.properties b/filters/odc-exclusion.properties new file mode 100644 index 00000000..78dadff6 --- /dev/null +++ b/filters/odc-exclusion.properties @@ -0,0 +1 @@ +excludePatterns=**/src/docs/**/*,**/src/tests/**/* \ No newline at end of file diff --git a/infra/airflow-cluster/Dockerfile b/infra/airflow-cluster/Dockerfile index 3ec9fbca..7bba0efb 100644 --- a/infra/airflow-cluster/Dockerfile +++ b/infra/airflow-cluster/Dockerfile @@ -15,6 +15,8 @@ RUN apt-get update && apt-get install -y \ # back to normal user USER airflow +COPY libraries /home/airflow + # requirements.txt shall be made availble from the **ted-sws** GitHub repository COPY requirements.txt /opt/airflow diff --git a/infra/airflow/Dockerfile b/infra/airflow/Dockerfile index 3ec9fbca..f91cf4c5 100644 --- a/infra/airflow/Dockerfile +++ b/infra/airflow/Dockerfile @@ -15,11 +15,13 @@ RUN apt-get update && apt-get install -y \ # back to normal user USER airflow +COPY libraries /home/airflow # requirements.txt shall be made availble from the **ted-sws** GitHub repository COPY requirements.txt /opt/airflow # working in the /opt/airflow WORKDIR /opt/airflow + RUN mkdir -p ./dags ./ted_sws diff --git a/infra/alpine/Dockerfile b/infra/alpine/Dockerfile deleted file mode 100644 index 4b971d86..00000000 --- a/infra/alpine/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -# Use the official Alpine Linux image -FROM alpine:3.20 - -# Update the package list and install sudo and shadow (which includes useradd) -RUN apk --no-cache add sudo=1.9.15_p5-r0 shadow=4.15.1-r0 - -# Create a new non-root user and set a home directory -RUN useradd -m newuser - -RUN echo "newuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers - -# Switch to the non-root user -USER newuser - -# Set the working directory to the new user's home directory -WORKDIR /home/newuser -COPY libraries . -# Default command to execute when running the container -CMD ["/bin/sh"] \ No newline at end of file