From b5453887b9ac89af741b9fa3f0d85135a3e42717 Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 11:04:03 +0200 Subject: [PATCH 01/15] deploy/added CI/CD Pipeline --- .github/workflows/pipeline.yml | 42 ++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/pipeline.yml diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml new file mode 100644 index 0000000..38f704a --- /dev/null +++ b/.github/workflows/pipeline.yml @@ -0,0 +1,42 @@ +name: CI/CD Pipeline + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +permissions: + contents: read + packages: write + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository_owner }}/ecommerce-app + tags: | + type=raw,value=latest + type=sha,prefix=sha-,format=short + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: ./back + push: true + tags: ${{ id.meta.outputs.tags }} + labels: ${{ id.meta.outputs.labels }} From 82f778c9f5bda1886b315e95a23bffd85285586f Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 11:09:03 +0200 Subject: [PATCH 02/15] deploy/added test for lab 2 --- .github/workflows/pipeline.yml | 6 +----- tests/lab2_test.sh | 38 ++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 5 deletions(-) create mode 100644 tests/lab2_test.sh diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 38f704a..1b43069 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -1,10 +1,6 @@ name: CI/CD Pipeline -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] +on: [push] permissions: contents: read diff --git a/tests/lab2_test.sh b/tests/lab2_test.sh new file mode 100644 index 0000000..0f7ebb8 --- /dev/null +++ b/tests/lab2_test.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# Lecturer's Master Validation Script for Lab 2 +set -e + +OWNER_LC=$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]') +PACKAGE_NAME="ecommerce-app" + +echo "--- Starting Lab 2 Grading (GHCR Check) ---" + +# 1. Checking package presence via GitHub API +echo "Step 1: Requesting package metadata from GHCR..." +RESPONSE=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" \ + "https://api.github.com/users/${GITHUB_REPOSITORY_OWNER}/packages/container/${PACKAGE_NAME}") + +if echo "$RESPONSE" | grep -q "Not Found"; then + echo "❌ Error: Package '${PACKAGE_NAME}' not found in GHCR." + echo "Make sure your image name is: ghcr.io/${OWNER_LC}/${PACKAGE_NAME}" + exit 1 +fi + +# 2. Verifying Tags (latest + SHA) +echo "Step 2: Verifying tags..." +VERSIONS=$(curl -s -H "Authorization: Bearer $GITHUB_TOKEN" \ + "https://api.github.com/users/${GITHUB_REPOSITORY_OWNER}/packages/container/${PACKAGE_NAME}/versions") + +TAGS=$(echo "$VERSIONS" | jq -r '.[0].metadata.container.tags[]') + +if [[ ! "$TAGS" =~ "latest" ]]; then + echo "❌ Error: 'latest' tag is missing." + exit 1 +fi + +if [[ ! "$TAGS" =~ "sha-" ]]; then + echo "❌ Error: Git SHA tag (sha-xxxxxxx) is missing." + exit 1 +fi + +echo "✅ SUCCESS: Lab 2 is passed!" \ No newline at end of file From 9eca252a8baec120b03b1188aa593b7875d774fc Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 11:13:35 +0200 Subject: [PATCH 03/15] deploy/added running test step to pipeline --- .github/workflows/pipeline.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 1b43069..ea37ecc 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -1,4 +1,4 @@ -name: CI/CD Pipeline +name: Lab 2 Container Registry on: [push] @@ -36,3 +36,10 @@ jobs: push: true tags: ${{ id.meta.outputs.tags }} labels: ${{ id.meta.outputs.labels }} + + - name: Run Master Validation Script + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + chmod +x ./tests/lab2_test.sh + ./tests/lab2_test.sh \ No newline at end of file From c8a77b033c22dff9894decad69bc7d3b87d103a7 Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 11:15:56 +0200 Subject: [PATCH 04/15] deploy/changed id to steps --- .github/workflows/pipeline.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index ea37ecc..d9c4d58 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -34,8 +34,8 @@ jobs: with: context: ./back push: true - tags: ${{ id.meta.outputs.tags }} - labels: ${{ id.meta.outputs.labels }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} - name: Run Master Validation Script env: From ff3831e144931fff85c5e35cfbebb62e8ac54885 Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 11:22:40 +0200 Subject: [PATCH 05/15] deploy/added trivy usege to pipeline --- .github/workflows/pipeline.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index d9c4d58..97ae340 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -37,6 +37,16 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@v0.33.1 + with: + image-ref: ghcr.io/${{ github.repository_owner }}/ecommerce-app:latest + format: table + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Run Master Validation Script env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From f1eb8c8071b5f91397cac7c3a74df70357dfae19 Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 11:25:53 +0200 Subject: [PATCH 06/15] deploy/changed trivy version --- .github/workflows/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 97ae340..f723fc7 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -38,7 +38,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@v0.33.1 + uses: aquasecurity/trivy-action@v0 with: image-ref: ghcr.io/${{ github.repository_owner }}/ecommerce-app:latest format: table From e58833115825480929f8176b291fe3143a43ecd4 Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 11:27:24 +0200 Subject: [PATCH 07/15] deploy/changed trivy version to 0.28 --- .github/workflows/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index f723fc7..5e41b00 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -38,7 +38,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@v0 + uses: aquasecurity/trivy-action@0.28.0 with: image-ref: ghcr.io/${{ github.repository_owner }}/ecommerce-app:latest format: table From e7622fa50f8ef378f1d7dff2c44c4589e3853578 Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 11:27:24 +0200 Subject: [PATCH 08/15] deploy/changed trivy version to 0.28 --- .github/workflows/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 5e41b00..9374861 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -45,7 +45,7 @@ jobs: exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + severity: 'CRITICAL' - name: Run Master Validation Script env: From 83e4a877b443ec867b6bf5c540e2c795fc2c2690 Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 19:56:07 +0200 Subject: [PATCH 09/15] deploy/changed back/Dockerfile --- back/Dockerfile | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/back/Dockerfile b/back/Dockerfile index dd39415..906591f 100644 --- a/back/Dockerfile +++ b/back/Dockerfile @@ -1,11 +1,11 @@ -#Stage 1 +# Stage 1 FROM node:20-alpine AS builder WORKDIR /app COPY package*.json ./ COPY prisma ./prisma/ -RUN npm install +RUN npm ci COPY . . RUN npx prisma generate @@ -15,10 +15,13 @@ RUN npm run build FROM node:20-alpine WORKDIR /app -COPY --from=builder /app/node_modules ./node_modules +RUN apk update && apk upgrade +COPY package*.json ./ +RUN npm ci --omit=dev + COPY --from=builder /app/dist ./dist -COPY --from=builder /app/package*.json ./ COPY --from=builder /app/prisma ./prisma EXPOSE 8080 + CMD ["node", "dist/main.js"] \ No newline at end of file From 76ace0d269cb45cc8de6f9d4816a5245cfe0d8f8 Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 20:00:05 +0200 Subject: [PATCH 10/15] deploy/changed back/Dockerfile --- back/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/back/Dockerfile b/back/Dockerfile index 906591f..6cdfeca 100644 --- a/back/Dockerfile +++ b/back/Dockerfile @@ -5,7 +5,7 @@ WORKDIR /app COPY package*.json ./ COPY prisma ./prisma/ -RUN npm ci +RUN npm install COPY . . RUN npx prisma generate @@ -17,7 +17,7 @@ WORKDIR /app RUN apk update && apk upgrade COPY package*.json ./ -RUN npm ci --omit=dev +RUN npm install --omit=dev COPY --from=builder /app/dist ./dist COPY --from=builder /app/prisma ./prisma From 228b00f05729cf636b19d3872292061cac8f9f27 Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 20:03:22 +0200 Subject: [PATCH 11/15] deploy/changed back/Dockerfile --- back/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/back/Dockerfile b/back/Dockerfile index 6cdfeca..2fcc3c2 100644 --- a/back/Dockerfile +++ b/back/Dockerfile @@ -16,11 +16,11 @@ FROM node:20-alpine WORKDIR /app RUN apk update && apk upgrade + COPY package*.json ./ +COPY --from=builder /app/prisma ./prisma RUN npm install --omit=dev - COPY --from=builder /app/dist ./dist -COPY --from=builder /app/prisma ./prisma EXPOSE 8080 From f749d8dfe1b5aa2dbe5d6d7c97a1136d375fcfd3 Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 20:16:32 +0200 Subject: [PATCH 12/15] deploy/changed trivy-action to @master version --- .github/workflows/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 9374861..e67d9cd 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -38,7 +38,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@master with: image-ref: ghcr.io/${{ github.repository_owner }}/ecommerce-app:latest format: table From a5bb87767d55ee09520148bed316203aeaf4179a Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 20:26:37 +0200 Subject: [PATCH 13/15] deploy/added env to pipeline --- .github/workflows/pipeline.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index e67d9cd..82cf467 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -6,9 +6,13 @@ permissions: contents: read packages: write +env: + IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/ecommerce-app + jobs: build-and-push: runs-on: ubuntu-latest + steps: - name: Checkout code uses: actions/checkout@v4 @@ -24,13 +28,13 @@ jobs: id: meta uses: docker/metadata-action@v5 with: - images: ghcr.io/${{ github.repository_owner }}/ecommerce-app + images: ${{ env.IMAGE_NAME }} tags: | type=raw,value=latest type=sha,prefix=sha-,format=short - name: Build and push Docker image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: ./back push: true @@ -40,7 +44,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: ghcr.io/${{ github.repository_owner }}/ecommerce-app:latest + image-ref: ${{ env.IMAGE_NAME }}:latest format: table exit-code: '1' ignore-unfixed: true From e4402d68b1931b1230fd137b08bbe943c3d2393a Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 20:35:41 +0200 Subject: [PATCH 14/15] deploy/added lowering case to pipeline --- .github/workflows/pipeline.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 82cf467..e3e2ba0 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -7,7 +7,7 @@ permissions: packages: write env: - IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/ecommerce-app + APP_NAME: ecommerce-app jobs: build-and-push: @@ -17,6 +17,14 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Set lower case owner name + run: echo "OWNER_LC=${OWNER,,}" >> ${GITHUB_ENV} + env: + OWNER: '${{ github.repository_owner }}' + + - name: Set Image Name + run: echo "IMAGE_NAME=ghcr.io/${{ env.OWNER_LC }}/${{ env.APP_NAME }}" >> ${GITHUB_ENV} + - name: Login to GHCR uses: docker/login-action@v3 with: From e00640f4bb0b80f374e2619a8327e89dcd8735ed Mon Sep 17 00:00:00 2001 From: JessFreak Date: Fri, 13 Mar 2026 20:45:32 +0200 Subject: [PATCH 15/15] deploy/changed Dockerfile to previous state --- back/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/back/Dockerfile b/back/Dockerfile index 2fcc3c2..e32f30a 100644 --- a/back/Dockerfile +++ b/back/Dockerfile @@ -17,10 +17,10 @@ WORKDIR /app RUN apk update && apk upgrade -COPY package*.json ./ -COPY --from=builder /app/prisma ./prisma -RUN npm install --omit=dev +COPY --from=builder /app/node_modules ./node_modules COPY --from=builder /app/dist ./dist +COPY --from=builder /app/package*.json ./ +COPY --from=builder /app/prisma ./prisma EXPOSE 8080