Add security policy for chrome

2022-06-18 14:15:42 +12:00 · 2022-06-18 14:15:42 +12:00 · ca04fd42f3
parent a9c051b743
commit ca04fd42f3
5 changed files with 1563 additions and 8 deletions
--- a/.github/workflows/build_images.yml
+++ b/.github/workflows/build_images.yml
@ -6,6 +6,7 @@ on:
  push:
    branches:
      - master
  workflow_dispatch:
 jobs:
  build-docker-images:
@ -20,5 +21,29 @@ jobs:
        uses: docker/setup-buildx-action@v1
      - name: Login to GitHub Package Registry
        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
-      - name: Build & Push Docker image
+      - name: Build & Push Docker image for web UI
-        run: docker buildx build -t ghcr.io/${{ github.repository_owner }}/myimage:${GITHUB_SHA} -f [path to Dockerfile] --push --platform=linux/arm64,linux/amd64 [path to build context]
+        run: docker buildx build -t ghcr.io/${{ github.repository_owner }}/linkwarden:${GITHUB_SHA} -f ./Dockerfile.prod --push --platform=linux/arm64,linux/amd64 .
      - name: Build & Push Docker image for API
        run: docker buildx build -t ghcr.io/${{ github.repository_owner }}/linkwarden-api:${GITHUB_SHA} -f ./api/Dockerfile --push --platform=linux/arm64,linux/amd64 ./api
      - name: Login to Docker Hub
        env:
          DH_TOKEN: ${{ secrets.DOCKER_HUB_PASSWORD }}
        run: docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} -p ${DH_TOKEN}
      - name: Re-tag & Push Docker Image to Docker Hub Web
        run: |
          # make config.json avaiable to regclient in docker container
          chmod +r $HOME/.docker/config.json
          # Run regclient in docker image
          docker container run --rm --net host \
            -v regctl-conf:/home/appuser/.regctl/ \
            -v $HOME/.docker/config.json:/home/appuser/.docker/config.json \
            regclient/regctl:v0.3.9 image copy ghcr.io/${{ github.repository_owner }}/linkwarden:${GITHUB_SHA} docker.io/${{ secrets.DOCKER_HUB_USERNAME }}/linkwarden:latest
      - name: Re-tag & Push Docker Image to Docker Hub API
        run: |
          # make config.json avaiable to regclient in docker container
          chmod +r $HOME/.docker/config.json
          # Run regclient in docker image
          docker container run --rm --net host \
            -v regctl-conf:/home/appuser/.regctl/ \
            -v $HOME/.docker/config.json:/home/appuser/.docker/config.json \
            regclient/regctl:v0.3.9 image copy ghcr.io/${{ github.repository_owner }}/linkwarden-api:${GITHUB_SHA} docker.io/${{ secrets.DOCKER_HUB_USERNAME }}/linkwarden-api:latest
--- a/3
+++ b/3
@ -8,5 +8,4 @@ VOLUME /home/node/node_modules
 COPY package*.json .
 RUN npm i -g npm@latest \
-    && npm ci --legacy-peer-deps \
+    && npm ci --legacy-peer-deps
--- a/api/modules/getData.js
+++ b/api/modules/getData.js
@ -16,8 +16,6 @@ module.exports = async (link, id) => {
  await page.goto(link, { waitUntil: "load", timeout: 0 });
  console.log(screenshotDirectory + "/" + id + ".png");
  await page.screenshot({
    path: screenshotDirectory + "/" + id + ".png",
    fullPage: true,
--- a/api/security/chrome.json
+++ b/api/security/chrome.json
--- a/api/server.js
+++ b/api/server.js
@ -32,7 +32,6 @@ app.get("/api", async (req, res) => {
 });
 app.get("/screenshots/:id", async (req, res) => {
  console.log(screenshotDirectory + "/" + sanitize(req.params.id));
  res.sendFile(
    screenshotDirectory + "/" + sanitize(req.params.id),
    (err) => {
@ -44,7 +43,6 @@ app.get("/screenshots/:id", async (req, res) => {
 });
 app.get("/pdfs/:id", async (req, res) => {
  console.log(pdfDirectory + "/" + sanitize(req.params.id));
  res.sendFile(
    pdfDirectory + "/" + sanitize(req.params.id),
    (err) => {