AmadeusITGroup · pull · Aug 4, 2023 · Jan 8, 2024 · Jan 8, 2024 · Jan 8, 2024
diff --git a/.env b/.env
@@ -0,0 +1 @@
+APP_PORT=8443
diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml
@@ -0,0 +1,72 @@
+name: Build & Push Docker Images to GHCR
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'  # Runs on version tags (e.g., v1.0.0)
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME_BACKEND: ghcr.io/${{ github.repository }}-backend
+  IMAGE_NAME_FRONTEND: ghcr.io/${{ github.repository }}-frontend
+
+jobs:
+  build-and-push-images:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    steps:
+      - name: Check if branch is main
+        run: |
+          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+            echo "This workflow only runs on main branch."
+            exit 1
+          fi
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Backend
+        id: meta-backend
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.IMAGE_NAME_BACKEND }}
+          tags: |
+            type=semver,pattern={{version}},prefix=
+            type=raw,value=latest
+
+      - name: Build & Push Backend Image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./backend
+          push: true
+          tags: ${{ steps.meta-backend.outputs.tags }}
+
+      - name: Extract metadata (tags, labels) for Frontend
+        id: meta-frontend
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.IMAGE_NAME_FRONTEND }}
+          tags: |
+            type=semver,pattern={{version}},prefix=
+            type=raw,value=latest
+
+
+      - name: Build & Push Frontend Image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./frontend
+          push: true
+          tags: ${{ steps.meta-frontend.outputs.tags }}
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -0,0 +1,38 @@
+# Name of this GitHub Actions workflow.
+name: Semgrep CE scan
+
+on:
+  # Scan changed files in PRs (diff-aware scanning):
+  pull_request: {}
+  # Scan on-demand through GitHub Actions interface:
+  workflow_dispatch: {}
+  # Scan mainline branches and report all findings:
+  push:
+    branches: ["master", "main"]
+  # Schedule the CI job (this method uses cron syntax):
+  schedule:
+    - cron: '20 17 * * *' # Sets Semgrep to scan every day at 17:20 UTC.
+    # It is recommended to change the schedule to a random time.
+
+permissions:
+  contents: read
+
+jobs:
+  semgrep:
+    # User definable name of this GitHub Actions job.
+    name: semgrep-oss/scan
+    # If you are self-hosting, change the following `runs-on` value: 
+    runs-on: ubuntu-latest
+
+    container:
+      # A Docker image with Semgrep installed. Do not change this.
+      image: semgrep/semgrep
+
+    # Skip any PR created by dependabot to avoid permission issues:
+    if: (github.actor != 'dependabot[bot]')
+
+    steps:
+      # Fetch project source with GitHub Actions Checkout. Use either v3 or v4.
+      - uses: actions/checkout@v4
+      # Run the "semgrep scan" command on the command line of the docker image.
+      - run: semgrep scan --config auto
diff --git a/.gitignore b/.gitignore
@@ -9,6 +9,10 @@ mongo-data*
 .quasar
 report-templates
 custom-generator.js
+report-filters-custom.js
+
+# Backups
+backend/backup
 
 # Configuration files
 config.json
@@ -25,4 +29,4 @@ app-settings.json
 *.sln
 
 # Version managers
-.tool-versions
+.tool-versions
diff --git a/backend/.dockerignore b/backend/.dockerignore
@@ -1,3 +1,4 @@
 node_modules
 mongo-data
 mongo-data-dev
+backup
diff --git a/backend/.env b/backend/.env
@@ -0,0 +1 @@
+DB_PORT_HOST=27017 # Port to access the database from the host (for dev container)
diff --git a/backend/Dockerfile b/backend/Dockerfile
@@ -6,7 +6,6 @@ COPY package*.json ./
 RUN apk --no-cache add --virtual builds-deps build-base python3 git
 RUN npm install
 COPY . .
-EXPOSE 4242
 ENV NODE_ENV prod
 ENV NODE_ICU_DATA=node_modules/full-icu
 ENTRYPOINT ["npm", "start"]
diff --git a/backend/docker-compose.dev.yml b/backend/docker-compose.dev.yml
@@ -4,31 +4,40 @@ services:
   mongodb:
     image: mongo:4.2.15
     container_name: mongo-pwndoc-dev
+    command: --wiredTigerCacheSizeGB 1 # 50% of (max RAM - 1GB) - minimum 0.25 (Modify it depending on defined RAM limits)
+    deploy:
+      resources:
+        limits:
+          memory: 3G # Maximum memory to allocate (Modify it depending on host ressources - leave at least 1GB free for host)
+        reservations:
+          memory: 1G # Minimum memory required
     volumes:
       - ./mongo-data-dev:/data/db
     restart: always
     ports:
-      - 127.0.0.1:27017:27017
+      - 127.0.0.1:${DB_PORT_HOST}:27017
     environment:
       - MONGO_DB:pwndoc
     networks:
       - backend
 
-  pwndoc-backend:
+  pwndoc-backend-dev:
     build: 
       context: .
       dockerfile:  Dockerfile.dev
     image: yeln4ts/pwndoc:backend-dev
     container_name: pwndoc-backend-dev
+    environment:
+      - DB_SERVER=mongo-pwndoc-dev
+      - DB_NAME=pwndoc
     volumes:
       - ./src:/app/src
       - ./ssl:/app/ssl
       - ./report-templates:/app/report-templates
+      - ./backup:/app/backup
     depends_on:
       - mongodb
     restart: always
-    ports:
-      - 5252:5252
     links:
       - mongodb
     networks: 

diff --git a/backend/docker-compose.test.yml b/backend/docker-compose.test.yml
@@ -3,28 +3,34 @@ services:
   mongodb-test:
     image: mongo:4.2.15
     container_name: mongo-pwndoc-test
+    command: --wiredTigerCacheSizeGB 1 # 50% of (max RAM - 1GB) - minimum 0.25 (Modify it depending on defined RAM limits)
+    deploy:
+      resources:
+        limits:
+          memory: 3G # Maximum memory to allocate (Modify it depending on host ressources - leave at least 1GB free for host)
+        reservations:
+          memory: 1G # Minimum memory required
     volumes:
       - ./mongo-data-test:/data/db
     restart: always
     environment:
       - MONGO_DB:pwndoc
-    network_mode: host
 
   backend-test:
     image: yeln4ts/pwndoc:backend-test
     build: 
       context: .
       dockerfile:  Dockerfile.test
     container_name: pwndoc-backend-test
+    environment:
+      - DB_SERVER=mongo-pwndoc-test
+      - DB_NAME=pwndoc
     volumes:
       - ./tests:/app/tests
       - ./src:/app/src
       - ./jest.config.js:/app/jest.config.js
-    environment:
-      API_URL: https://localhost:4242
     depends_on:
       - mongodb-test
-    network_mode: host
 
 volumes:
   mongo-data-test:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		DB_PORT_HOST=27017 # Port to access the database from the host (for dev container)