fix: fixed security concern

fix: fixed codacy recommendation
2024-11-24 17:24:05 +01:00 · 2024-11-24 17:22:34 +01:00 · 2024-11-24 17:21:08 +01:00 · 2024-11-24 16:14:54 +01:00 · 2024-11-24 16:07:01 +01:00 · 2024-11-24 16:06:49 +01:00
3 changed files with 22 additions and 7 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -7,11 +7,16 @@ on:
      - master
    paths-ignore:
      - "**/.gitignore"
+      - "**/.renovate.json"
      - "**/.vscode/**"
      - "**/README.md"
      - "**/CHANGELOG.md"
      - "**/docs/**"
  workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+      - dev

 env:
  REGISTRY: ghcr.io
@@ -51,6 +56,7 @@ jobs:

  tag:
    needs: test
+    if: github.event_name == 'push'
    runs-on: ubuntu-latest
    permissions:
      contents: write # for the tags
@@ -86,6 +92,7 @@ jobs:
        run: git push origin ${{ steps.git_version.outputs.version }}

  build_and_push:
+    if: github.event_name == 'push'
    runs-on: ubuntu-latest
    permissions: write-all
    needs: tag
--- a/14
+++ b/14
@@ -1,5 +1,8 @@
 FROM python:3.12-slim
-ARG VERSION=unkown
+ARG VERSION=unknown
+
+# Create a non-root user
+RUN useradd appuser

 WORKDIR /app
 COPY . .
@@ -11,15 +14,20 @@ ENV VERSION=${VERSION}

 # Install dependencies
 RUN pip install --no-cache-dir --upgrade -r requirements.txt
-RUN pip install 'uvicorn[standard]'

 ENV ENV=DEV

+# Switch to non-root user
+USER appuser
+
 EXPOSE 8000
 CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]

 # Install curl
-RUN apt-get update && apt-get install -y curl && apt-get clean
+USER root
+RUN apt-get update && apt-get install --no-install-recommends -y curl && apt-get clean

+# Switch back to non-root user for healthcheck
+USER appuser
 HEALTHCHECK --interval=30s --timeout=10s --retries=5 \
  CMD curl --fail http://localhost:8000/openapi.json || exit 1
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,12 +1,12 @@
-certifi==2024.7.4 # Testing
+certifi==2024.8.30 # Testing
 iniconfig==2.0.0 # PyTest Testing
 packaging==23.2 # PyTest Testing
-pluggy==1.3.0 # PyTest Testing
-pytest==7.4.3 # PyTest Testing
+pluggy==1.5.0 # PyTest Testing
+pytest==7.4.4 # PyTest Testing

 click==8.1.7 # Uvicorn
 httptools==0.6.4 # Uvicorn
-pyyaml==6.0.1 # Uvicorn
+pyyaml==6.0.2 # Uvicorn
 uvicorn==0.27.0.post1 # Uvicorn
 uvloop==0.19.0 # Uvicorn
 watchfiles==0.21.0 # Uvicorn
Author	SHA1	Message	Date
Conrad	35040f3c54	fix: fixed security concern	2024-11-24 17:24:05 +01:00
Conrad	63abb64b4f	fix: fixed codacy recommendation	2024-11-24 17:22:34 +01:00
Conrad	730b57e8e8	fix: fixed codacy recommendation	2024-11-24 17:21:08 +01:00
Conrad	3bb5bb6739	Update ci.yml	2024-11-24 16:14:54 +01:00
Conrad	a3da4ff7f0	Merge pull request #7 from ServerCrow/renovate/certifi-2024.x	2024-11-24 16:07:01 +01:00
Conrad	e11ddc277a	Merge pull request #8 from ServerCrow/renovate/pluggy-1.x	2024-11-24 16:06:49 +01:00
Conrad	fafc3f8a29	Merge pull request #6 from ServerCrow/renovate/pyyaml-6.x	2024-11-24 16:02:36 +01:00
renovate[bot]	c0c4c31815	feat(deps): update dependency pluggy to v1.5.0	2024-11-24 15:02:20 +00:00
renovate[bot]	49199bd776	feat(deps): update dependency certifi to v2024.8.30	2024-11-24 15:02:17 +00:00
Conrad	5e2a2cbe8c	fix: updated pipeline to also test prs against master	2024-11-24 16:01:56 +01:00
Conrad	81838054da	Merge pull request #5 from ServerCrow/renovate/pytest-7.x	2024-11-24 15:58:43 +01:00
renovate[bot]	fa75d26da8	feat(deps): update dependency pyyaml to v6.0.2	2024-11-24 14:53:48 +00:00
renovate[bot]	ecccb51625	feat(deps): update dependency pytest to v7.4.4	2024-11-24 14:53:44 +00:00
Conrad	2c7e0d8641	feat: fixed pipeline	2024-11-24 15:53:18 +01:00