diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 850b18eb9a4064319d9397f419fb6eb80c8eefd6..bb952fb0d5f4227568659f20c6be7a09d17822bd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -30,7 +30,7 @@ stages:
- test-frontend
- build-docker
- scan-docker
- - release
+ - release-docker
build-metadata-db:
stage: build-backend
@@ -612,7 +612,7 @@ scan-user-service:
container_scanning: ./.trivy/trivy-user-service-report.json
release-latest:
- stage: release
+ stage: release-docker
needs:
- scan-analyse-service
- scan-authentication-service
@@ -639,7 +639,7 @@ release-latest:
- TAG=latest make release
release-version:
- stage: release
+ stage: release-docker
needs:
- scan-analyse-service
- scan-authentication-service
diff --git a/Makefile b/Makefile
index 6fa9004a4080e1ec98ad1bbd7dfbf2e0ecb07934..018c2bee7473e1b698d66de136d68ee322281d8c 100644
--- a/Makefile
+++ b/Makefile
@@ -2,6 +2,8 @@
TAG ?= latest
TRIVY_VERSION ?= v0.41.0
+ELASTIC_VERSION ?= 8.7.1
+NGINX_VERSION ?= 1.25.0-alpine-slim
all:
@@ -48,7 +50,7 @@ build-frontend:
build-clients:
bash ./.gitlab/swagger/generate.sh
-tag: tag-identifier tag-search tag-container tag-database tag-discovery tag-gateway tag-query tag-table tag-analyse tag-authentication tag-metadata-db tag-ui tag-units tag-broker tag-metadata tag-user
+tag: tag-identifier tag-container tag-database tag-query tag-table tag-analyse tag-authentication tag-metadata-db tag-ui tag-semantics tag-broker tag-metadata tag-user
tag-analyse:
docker tag dbrepo-analyse-service:latest "dbrepo/analyse-service:${TAG}"
@@ -74,12 +76,6 @@ tag-container:
tag-database:
docker tag dbrepo-database-service:latest "dbrepo/database-service:${TAG}"
-tag-discovery:
- docker tag dbrepo-discovery-service:latest "dbrepo/discovery-service:${TAG}"
-
-tag-gateway:
- docker tag dbrepo-gateway-service:latest "dbrepo/gateway-service:${TAG}"
-
tag-query:
docker tag dbrepo-query-service:latest "dbrepo/query-service:${TAG}"
@@ -89,16 +85,13 @@ tag-user:
tag-table:
docker tag dbrepo-table-service:latest "dbrepo/table-service:${TAG}"
-tag-units:
+tag-semantics:
docker tag dbrepo-semantics-service:latest "dbrepo/semantics-service:${TAG}"
tag-broker:
docker tag dbrepo-broker-service:latest "dbrepo/broker-service:${TAG}"
-tag-search:
- docker tag dbrepo-search-service:latest "dbrepo/search-service:${TAG}"
-
-release: build-docker tag release-identifier release-search release-container release-database release-discovery release-gateway release-query release-table release-analyse release-authentication release-metadata-db release-ui release-units release-broker release-metadata release-user
+release: build-docker tag release-identifier release-container release-database release-query release-table release-analyse release-authentication release-metadata-db release-ui release-units release-broker release-metadata release-user
release-analyse: tag-analyse
docker push "dbrepo/analyse-service:${TAG}"
@@ -121,12 +114,6 @@ release-container: tag-container
release-database: tag-database
docker push "dbrepo/database-service:${TAG}"
-release-discovery: tag-discovery
- docker push "dbrepo/discovery-service:${TAG}"
-
-release-gateway: tag-gateway
- docker push "dbrepo/gateway-service:${TAG}"
-
release-query: tag-query
docker push "dbrepo/query-service:${TAG}"
@@ -142,9 +129,6 @@ release-units: tag-units
release-broker: tag-broker
docker push "dbrepo/broker-service:${TAG}"
-release-search: tag-search
- docker push "dbrepo/search-service:${TAG}"
-
release-metadata: tag-metadata
docker push "dbrepo/metadata-service:${TAG}"
@@ -179,7 +163,7 @@ test-semantics-service: clean build-metadata-db build-semantics-service
test-analyse-service: build-analyse-service
bash ./dbrepo-analyse-service/test.sh
-scan: scan-analyse-service scan-authentication-service scan-broker-service scan-container-service scan-database-service scan-discovery-service scan-gateway-service scan-identifier-service scan-metadata-db scan-metadata-service scan-proxy scan-query-service scan-search-service scan-semantics-service scan-table-service scan-ui scan-user-service
+scan: scan-analyse-service scan-authentication-service scan-broker-service scan-container-service scan-database-service scan-gateway-service scan-identifier-service scan-metadata-db scan-metadata-service scan-query-service scan-search-service scan-semantics-service scan-table-service scan-ui scan-user-service
scan-analyse-service:
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json dbrepo-analyse-service:latest
@@ -206,15 +190,10 @@ scan-database-service:
trivy image --insecure --exit-code 0 dbrepo-database-service:latest
trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-database-service:latest
-scan-discovery-service:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-discovery-service-report.json dbrepo-discovery-service:latest
- trivy image --insecure --exit-code 0 dbrepo-discovery-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-discovery-service:latest
-
scan-gateway-service:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json dbrepo-gateway-service:latest
- trivy image --insecure --exit-code 0 dbrepo-gateway-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-gateway-service:latest
+ trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json "nginx:${NGINX_VERSION}"
+ trivy image --insecure --exit-code 0 "nginx:${NGINX_VERSION}"
+ trivy image --insecure --exit-code 1 --severity CRITICAL "nginx:${NGINX_VERSION}"
scan-identifier-service:
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-identifier-service-report.json dbrepo-identifier-service:latest
@@ -231,20 +210,16 @@ scan-metadata-service:
trivy image --insecure --exit-code 0 dbrepo-metadata-service:latest
trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-metadata-service:latest
-scan-proxy:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-proxy-report.json dbrepo-proxy:latest
- trivy image --insecure --exit-code 0 dbrepo-proxy:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-proxy:latest
-
scan-query-service:
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-query-service-report.json dbrepo-query-service:latest
trivy image --insecure --exit-code 0 dbrepo-query-service:latest
trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-query-service:latest
scan-search-service:
- trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-service-report.json dbrepo-search-service:latest
- trivy image --insecure --exit-code 0 dbrepo-search-service:latest
- trivy image --insecure --exit-code 1 --severity CRITICAL dbrepo-search-service:latest
+ docker pull "elasticsearch:${ELASTIC_VERSION}"
+ trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-service-report.json "elasticsearch:${ELASTIC_VERSION}"
+ trivy image --insecure --exit-code 0 "elasticsearch:${ELASTIC_VERSION}"
+ trivy image --insecure --exit-code 1 --severity CRITICAL "elasticsearch:${ELASTIC_VERSION}"
scan-semantics-service:
trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-semantics-service-report.json dbrepo-semantics-service:latest
diff --git a/docker-compose.yml b/docker-compose.yml
index cf57ec7e7434d5e091fa834e139491c6631f0fc5..c3a776b09e398d3921ff7fc4d7eb6cee1a083a6b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -339,7 +339,7 @@ services:
restart: "no"
container_name: dbrepo-gateway-service
hostname: gateway-service
- image: nginx:alpine
+ image: nginx:1.25.0-alpine-slim
networks:
core:
public: