chore(ci): Create continuous integration and deployment pipelines #5
Conversation
hairmare
force-pushed
the
chore/ci-configuration
branch
5 times, most recently
from
e26e5a7 to
e2e6c8b
Compare
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
hairmare
force-pushed
the
chore/ci-configuration
branch
from
e2e6c8b to
161c52c
Compare
| # defaults for use during the container build phase on CI/CD | ||
| ARG IMAGES_PROTOCOL=https | ||
| ARG IMAGES_HOSTNAME=** | ||
| ARG IMAGES_PORT=433 |
There was a problem hiding this comment.
I want to revisit this change before considering this PR ready.
Setting the hostname to ** is most likely a security issue, but we do want to allow several hostnames so we can use the same CI built image without having it be rebuilt for each hostname. The patterm *.rabe.ch might fulfill this, or we add a regex that is more specific.
Potentially we could go even further and also add pathname to narrow down the allowed image URLs.
Note to self: the docs for the feature are here: https://nextjs.org/docs/pages/api-reference/components/image#remotepatterns (and the env vars are defined in next.config.js).
There was a problem hiding this comment.
I changed it to *.rabe.ch during build-time in the CI pipeline, but that pattern still allows sites like share.rabe.ch.
Preferably we would like for it to not be possible to optimize content from ownCloud via nextjs.
hairmare
force-pushed
the
chore/ci-configuration
branch
5 times, most recently
from
b3f2583 to
900db84
Compare
hairmare
force-pushed
the
chore/ci-configuration
branch
3 times, most recently
from
1f2268c to
ee61e96
Compare
hairmare
force-pushed
the
chore/ci-configuration
branch
2 times, most recently
from
84c4c0e to
f85708b
Compare
hairmare
force-pushed
the
chore/ci-configuration
branch
12 times, most recently
from
24800bc to
fc91cc3
Compare
hairmare
force-pushed
the
chore/ci-configuration
branch
2 times, most recently
from
9744e87 to
234a2b8
Compare
hairmare
changed the title
hairmare
force-pushed
the
chore/ci-configuration
branch
2 times, most recently
from
664be2f to
c00802b
Compare
* Run `next lint` on pull requests * Publish container images to ghcr.io
hairmare
force-pushed
the
chore/ci-configuration
branch
from
c00802b to
9bcc5cf
Compare
next linton pull requests