refactor: address initial review feedback

k3rnelpan1c-dev · k3rnelpan1c-dev · commit 2a61e12db1ca · 2022-04-29T17:39:53.000+02:00
Signed-off-by: K3rnelPan1c &lt;69395733+k3rnelpan1c-dev@users.noreply.github.com&gt;
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -7,7 +7,6 @@
     ":pinAllExceptPeerDependencies",
     ":semanticCommits",
     ":semanticCommitScope(deps)",
-    "docker:disableMajor",
     "docker:pinDigests",
     "group:monorepos"
   ],
diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml
@@ -34,8 +34,8 @@ jobs:
       - name: Setup Environment
         id: variables
         run: |-
-          git config user.name "dependency-track-bot"
-          git config user.email "dependency-track-bot@owasp.com"
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
 
           npm version ${{ github.event.inputs.version-to-bump }} -m "prepare-release: set version to %s"
 
diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine
@@ -1,4 +1,4 @@
-FROM nginxinc/nginx-unprivileged:1.20.2-alpine
+FROM nginxinc/nginx-unprivileged:1.21.6-alpine@sha256:c754b5ff17e6cd39e786855ee31d4eeac21276d26119bf37385cbb3dcc3a9d29
 
 # Arguments that can be passed at build time
 ARG COMMIT_SHA=unknown
@@ -20,7 +20,9 @@ COPY ./dist ${APP_DIR}
 # Ensure UID 101 & GID 0 own all the needed directories
 # Applying these changes allows the container to run via the OpenShift default SCC "Restricted" whereby arbitrary an UID and GID=0 are assigned
 RUN chown -R 101:0 ${APP_DIR} \
-    && chmod -R g=u ${APP_DIR}
+    && chmod -R g=u ${APP_DIR} \
+    # add jq to easily manipulate config.json in entrypoint script
+    && apk --no-cache add jq
 
 # Specify the user to run as (in numeric format for compatibility with Kubernetes/OpenShift's SCC)
 # Inherited from parent image
@@ -37,7 +39,7 @@ WORKDIR ${APP_DIR}
 # metadata labels
 LABEL \
     org.opencontainers.image.vendor="OWASP" \
-    org.opencontainers.image.title="Official Dependency-Track Container image" \
+    org.opencontainers.image.title="Official Dependency-Track Frontend Container image" \
     org.opencontainers.image.description="Dependency-Track is an intelligent Component Analysis platform" \
     org.opencontainers.image.version="${APP_VERSION}" \
     org.opencontainers.image.url="https://dependencytrack.org/" \
diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian
@@ -1,4 +1,4 @@
-FROM nginxinc/nginx-unprivileged:1.20.2
+FROM nginxinc/nginx-unprivileged:1.21.6@sha256:93bf6dcd6b4acbaf8b07a8b2fcdad73eeed54b74566ce5b4fc73b541445fb4e2
 
 # Arguments that can be passed at build time
 ARG COMMIT_SHA=unknown
@@ -20,7 +20,11 @@ COPY ./dist ${APP_DIR}
 # Ensure UID 101 & GID 0 own all the needed directories
 # Applying these changes allows the container to run via the OpenShift default SCC "Restricted" whereby arbitrary an UID and GID=0 are assigned
 RUN chown -R 101:0 ${APP_DIR} \
-    && chmod -R g=u ${APP_DIR}
+    && chmod -R g=u ${APP_DIR} \
+    # add jq to easily manipulate config.json in entrypoint script
+    && apt-get update -yqq \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -yqq --no-install-recommends jq \
+    && rm -rf /var/lib/apt/lists/*
 
 # Specify the user to run as (in numeric format for compatibility with Kubernetes/OpenShift's SCC)
 # Inherited from parent image
@@ -37,7 +41,7 @@ WORKDIR ${APP_DIR}
 # metadata labels
 LABEL \
     org.opencontainers.image.vendor="OWASP" \
-    org.opencontainers.image.title="Official Dependency-Track Container image" \
+    org.opencontainers.image.title="Official Dependency-Track Frontend Container image" \
     org.opencontainers.image.description="Dependency-Track is an intelligent Component Analysis platform" \
     org.opencontainers.image.version="${APP_VERSION}" \
     org.opencontainers.image.url="https://dependencytrack.org/" \
diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
@@ -6,13 +6,17 @@ set -e
 if mount | grep '/static/config.json'; then
   echo "config.json is mounted from host - ENV configuration will be ignored"
 else
-  sed -i ./static/config.json \
-    -e "s;\"API_BASE_URL\": \"\";\"API_BASE_URL\": \"${API_BASE_URL}\";" \
-    -e "s;\"OIDC_ISSUER\": \"\";\"OIDC_ISSUER\": \"${OIDC_ISSUER}\";" \
-    -e "s;\"OIDC_CLIENT_ID\": \"\";\"OIDC_CLIENT_ID\": \"${OIDC_CLIENT_ID}\";" \
-    -e "s;\"OIDC_SCOPE\": \"openid email profile\";\"OIDC_SCOPE\": \"${OIDC_SCOPE}\";" \
-    -e "s;\"OIDC_FLOW\": \"code\";\"OIDC_FLOW\": \"${OIDC_FLOW}\";" \
-    -e "s;\"OIDC_LOGIN_BUTTON_TEXT\" : \"\";\"OIDC_LOGIN_BUTTON_TEXT\" : \"${OIDC_LOGIN_BUTTON_TEXT}\";"
+  # Apply ENV vars to temporary config.json
+  jq '.API_BASE_URL = env.API_BASE_URL
+        | .OIDC_ISSUER = env.OIDC_ISSUER
+        | .OIDC_CLIENT_ID = env.OIDC_CLIENT_ID
+        | .OIDC_SCOPE = env.OIDC_SCOPE
+        | .OIDC_FLOW = env.OIDC_FLOW
+        | .OIDC_LOGIN_BUTTON_TEXT = env.OIDC_LOGIN_BUTTON_TEXT' \
+    ./static/config.json > /tmp/config.json
+
+  # Override default config file
+  mv -f /tmp/config.json ./static/config.json
 fi
 
 exec "$@"
