paspo/docker-glpi
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: paspo:10.0.17
Branches Tags
paspo:master
paspo:10.0.18
paspo:10.0.17
paspo:10.0.16
paspo:10.0.15
paspo:10.0.14
paspo:10.0.13
paspo:10.0.12
...
compare: paspo:master
Branches Tags
paspo:master
paspo:10.0.18
paspo:10.0.17
paspo:10.0.16
paspo:10.0.15
paspo:10.0.14
paspo:10.0.13
paspo:10.0.12

8 Commits
10.0.17 ... master

Author SHA1 Message Date
paspo
2cb032520a
back to php 8.3
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/tag Build is passing
Details
Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 14s
Details
2025-04-19 09:17:14 +02:00
paspo
604863c39c
fix php84
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-04-19 09:03:30 +02:00
paspo
4218c4fac3
fix warning
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-04-19 09:01:40 +02:00
paspo
990ac9e0a8
php update
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-04-19 08:50:31 +02:00
paspo
4fd2ca42dd
updated glpi
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/tag Build is passing
Details
2025-04-19 08:36:02 +02:00
paspo
46ef5a68a2
update alpine 2025-04-19 08:35:49 +02:00
paspo
e6c28c3b15
fix trivy
All checks were successful
continuous-integration/drone/push Build is passing
Details
Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 2m22s
Details
2025-01-17 08:01:20 +01:00
paspo
d2824d0831
cached trivy db
All checks were successful
continuous-integration/drone/push Build is passing
Details
Vulnerability Scan / Daily Vulnerability Scan (push) Successful in 10m43s
Details
2024-12-02 16:41:18 +01:00
4 changed files with 37 additions and 9 deletions
Show Stats Expand all files Collapse all files

4
.drone.star
View File

@ -1,7 +1,7 @@
def main(ctx): def main(ctx):
archs = ["amd64", "arm64"] ## arm archs = ["amd64", "arm64"] ## arm
glpi_version = "10.0.17" glpi_version = "10.0.18"
alpine_version = "3.20" alpine_version = "3.21"
out = [] out = []
for arch in archs: for arch in archs:

35
.gitea/workflows/vulnscan.yaml
View File

@ -1,3 +1,4 @@
---
name: Vulnerability Scan name: Vulnerability Scan
on: on:
@ -16,14 +17,36 @@ jobs:
- name: Pull docker image - name: Pull docker image
run: docker pull docker.asperti.com/paspo/glpi:latest run: docker pull docker.asperti.com/paspo/glpi:latest
- name: Setup trivy
run: |
echo "Installing Trivy for arch: $(uname -m)"
case $(uname -m) in
x86_64)
wget -O /tmp/trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.2/trivy_0.58.2_Linux-64bit.deb ;;
aarch64)
wget -O /tmp/trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.2/trivy_0.58.2_Linux-ARM64.deb ;;
*) exit 1 ;;
esac
dpkg -i /tmp/trivy.deb
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
id: scan id: scan
uses: aquasecurity/trivy-action@master run: |
with: trivy --server ${{ secrets.TRIVY_SERVER }} --token ${{ secrets.TRIVY_TOKEN }} image --format json docker.asperti.com/paspo/glpi:latest > trivy-results.json
image-ref: "docker.asperti.com/paspo/glpi:latest"
format: "json"
output: "trivy-results.json"
# if some vulnerability is found, we fail # if some vulnerability is found, we fail
- name: check output - name: check output
run: if [ $(jq '.Results[0].Vulnerabilities|length' trivy-results.json) -ne "0" ] ; then exit 1 ; fi id: vulncount
run: |
echo "VULNCOUNT=$(jq '.Results[0].Vulnerabilities|length' trivy-results.json)" >> ${GITHUB_OUTPUT}
if [ $(jq '.Results[0].Vulnerabilities|length' trivy-results.json) -ne "0" ] ; then exit 1 ; fi
- name: send telegram notification
if: failure()
uses: appleboy/telegram-action@master
with:
to: ${{ secrets.TELEGRAM_TO }}
token: ${{ secrets.TELEGRAM_TOKEN }}
format: markdown
message: |
Found **${{ steps.vulncount.outputs.VULNCOUNT }}** vulnerabilities in `${{ github.repository }}`

3
src/Dockerfile
View File

@ -13,6 +13,9 @@ RUN \
chmod +x /usr/local/bin/composer && \ chmod +x /usr/local/bin/composer && \
wget -O - https://github.com/glpi-project/glpi/releases/download/${GLPI_VERSION}/glpi-${GLPI_VERSION}.tgz | tar xz -C /var/www wget -O - https://github.com/glpi-project/glpi/releases/download/${GLPI_VERSION}/glpi-${GLPI_VERSION}.tgz | tar xz -C /var/www
# GLPI 10.x will work only with PHP up to 8.3.
# do not trust README.md from glpi github (it says it works with 8.4, but it dies if >=8.4.0)
# this are needed if you want to manually install GLPI from git # this are needed if you want to manually install GLPI from git
# RUN \ # RUN \
# apk add patch npm gettext # apk add patch npm gettext

4
src/rootfs/start.sh
View File

@ -1,9 +1,11 @@
#!/bin/sh #!/bin/sh
INSTALL_OK=${INSTALL_OK:-0}
chown -R nginx:www-data /logs /config /files /marketplace chown -R nginx:www-data /logs /config /files /marketplace
chmod -R a-x,a=rX,ug+w /logs /config /files /marketplace chmod -R a-x,a=rX,ug+w /logs /config /files /marketplace
if [ "$INSTALL_OK" = "1" ] ; then if [ "${INSTALL_OK}" = "1" ] ; then
if [ -f /var/www/glpi/install/install.php ] ; then if [ -f /var/www/glpi/install/install.php ] ; then
rm /var/www/glpi/install/install.php rm /var/www/glpi/install/install.php
fi fi