clemo/valtrix-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: clemo:d0292ac192a643310491a0a3f14d3f5909cadbe1
Branches Tags
clemo:develop
..
compare: clemo:develop
Branches Tags
clemo:develop

9 Commits
d0292ac192 ... develop

Author SHA1 Message Date
Clemens Hering
a0d1e10c78 Added pipeline image scan
All checks were successful
Build and Deploy Container / build_and_deploy (push) Successful in 35s
Details
Scan Image for CVEs / scan_image (push) Successful in 20s
Details
2025-11-15 08:31:55 +01:00
Clemens Hering
88892ac425 Added pipeline image scan
Some checks failed
Build and Deploy Container / build_and_deploy (push) Successful in 35s
Details
Scan Image for CVEs / scan_image (push) Failing after 16s
Details
2025-11-15 08:28:09 +01:00
Clemens Hering
b7d091c84a Added pipeline image scan
Some checks failed
Build and Deploy Container / build_and_deploy (push) Successful in 36s
Details
Scan Image for CVEs / build_and_deploy (push) Failing after 15s
Details
2025-11-15 08:24:31 +01:00
Clemens Hering
93ba03f619 Added pipeline image scan
Some checks failed
Build and Deploy Container / build_and_deploy (push) Successful in 36s
Details
Scan Image for CVEs / build_and_deploy (push) Failing after 15s
Details
2025-11-15 08:22:15 +01:00
Clemens Hering
92d7e04154 Added package-lock.json
All checks were successful
Build and Deploy Container / build_and_deploy (push) Successful in 50s
Details
2025-11-14 17:40:16 +01:00
Clemens Hering
51834e732e Removed package-lock,json
All checks were successful
Build and Deploy Container / build_and_deploy (push) Successful in 1m24s
Details
2025-11-14 17:36:14 +01:00
Clemens Hering
3498a23ee1 Fixed enum. Chanded DevOps to DevSecOps
Some checks failed
Build and Deploy Container / build_and_deploy (push) Failing after 1s
Details
2025-11-14 17:34:21 +01:00
Clemens Hering
c5b66c4298 back to alpine image
All checks were successful
Build and Deploy Container / build_and_deploy (push) Successful in 1m23s
Details
2025-11-11 06:33:37 +01:00
Clemens Hering
f3984f8b57 fixup
Some checks failed
Build and Deploy Container / build_and_deploy (push) Failing after 1m28s
Details
2025-11-11 06:29:14 +01:00
6 changed files with 6382 additions and 30 deletions
Expand all files Collapse all files

41
.gitea/workflows/image-scan.yaml Normal file
View File

@@ -0,0 +1,41 @@
name: Scan Image for CVEs
on:
push:
branches:
- main
- develop
env: # global: unkritische, strukturgebende Variablen
TARGET_HOST: host.containers.internal
TARGET_USER: traefik
CONTAINER_NAME: localhost/valtrix-website
jobs:
scan_image:
runs-on: ubuntu-latest
env: # Job-spezifisch: Secrets und sensible Werte
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
steps:
- name: Setup SSH for git/scp
shell: bash
run: |
install -m 700 -d ~/.ssh
printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
printf "%s\n" "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts || true
chmod 644 ~/.ssh/known_hosts
# Ensure host keys exist
(ssh-keygen -F "$TARGET_HOST" >/dev/null || ssh-keyscan -H "$TARGET_HOST" >> ~/.ssh/known_hosts) || true
(ssh-keygen -F gitea.smb-corp.de >/dev/null || ssh-keyscan -H gitea.smb-corp.de >> ~/.ssh/known_hosts) || true
- name: Scan container image with Trivy
shell: bash
run: |
ssh -i ~/.ssh/id_ed25519 $TARGET_USER@$TARGET_HOST "
set -euo pipefail
export CONTAINER_NAME='$CONTAINER_NAME'
trivy image localhost/valtrix-website:latest
"

1
.gitignore vendored
View File

@@ -1,5 +1,4 @@
node_modules node_modules
package-lock.json
dist dist
.env .env
.DS_Store .DS_Store

42
Containerfile
View File

@@ -1,34 +1,26 @@
########### # Multi-stage build for Astro static site
# BUILD STAGE FROM node:22-alpine AS builder
###########
FROM cgr.dev/chainguard/node:latest-dev AS build
WORKDIR /app WORKDIR /app
# Copy dependency manifests # Install deps
COPY package*.json ./ COPY package*.json ./
RUN npm ci || npm install
# Install all deps (inkl. dev) # Copy sources and build static output
RUN --mount=type=cache,target=/root/.npm npm ci
# Copy app source and build
COPY . . COPY . .
RUN npm run build RUN npm run build
########### # ---- Runtime stage ----
# RUNTIME STAGE FROM node:22-alpine AS runtime
###########
FROM cgr.dev/chainguard/node:latest
ENV NODE_ENV=production
WORKDIR /app WORKDIR /app
ENV NODE_ENV=production
# Copy only whats needed to run ENV PORT=3000
COPY --from=build /app/package*.json ./ ENV WEB_ROOT=/app/dist
COPY --from=build /app/node_modules ./node_modules ENV TZ=Europe/Berlin
COPY --from=build /app/dist ./dist ENV ASTRO_TELEMETRY_DISABLED=1
COPY --from=build /app/server.mjs ./server.mjs COPY --from=builder /app/dist /app/dist
COPY server.mjs /app/server.mjs
# Chainguard runs as nonroot by default (user `nonroot`) # Drop root: use the pre-created node user
USER nonroot USER node
#EXPOSE 3000 #EXPOSE 3000
CMD ["node", "/app/server.mjs"]
CMD ["node", "./server.mjs"]

6320
package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

4
src/pages/de/index.astro
View File

@@ -3,7 +3,7 @@ import Base from "../../layouts/Base.astro";
const benefits = [ const benefits = [
{ title: "Zero-Trust & Härtung", text: "Security-by-Design, CIS/BSI-Richtlinien, automatisierte Policies." }, { title: "Zero-Trust & Härtung", text: "Security-by-Design, CIS/BSI-Richtlinien, automatisierte Policies." },
{ title: "Cloud Foundations", text: "Landing Zones, Identity, Observability sauber & skalierbar." }, { title: "Cloud Foundations", text: "Landing Zones, Identity, Observability sauber & skalierbar." },
{ title: "Automatisierung", text: "IaC/CI/CD, GitOps, wiederholbar & auditfähig." } { title: "Automatisierung", text: "IaC, CI/CD, GitOps, wiederholbar & auditfähig." }
]; ];
const approach = [ const approach = [
{ title: 'Assess', text: 'Risiko- und Reifegradanalyse: schneller Quick-Scan, klare Prioritäten.' }, { title: 'Assess', text: 'Risiko- und Reifegradanalyse: schneller Quick-Scan, klare Prioritäten.' },
@@ -46,7 +46,7 @@ const approach = [
<h2 class="text-2xl font-bold mb-6">Leistungen</h2> <h2 class="text-2xl font-bold mb-6">Leistungen</h2>
<div class="grid md:grid-cols-3 gap-6"> <div class="grid md:grid-cols-3 gap-6">
<div class="p-6 border rounded-brand card"> <div class="p-6 border rounded-brand card">
<h3 class="font-semibold text-lg">Cloud & DevOps</h3> <h3 class="font-semibold text-lg">Cloud & DevSecOps</h3>
<p class="mt-2 text-textMuted">Plan, Build & Run effizient, sicher, skalierbar.</p> <p class="mt-2 text-textMuted">Plan, Build & Run effizient, sicher, skalierbar.</p>
<a href="/de/leistungen" class="mt-3 inline-block text-primary underline">Mehr erfahren</a> <a href="/de/leistungen" class="mt-3 inline-block text-primary underline">Mehr erfahren</a>
</div> </div>

4
src/pages/en/index.astro
View File

@@ -3,10 +3,10 @@ import Base from "../../layouts/Base.astro";
const benefits = [ const benefits = [
{ title: "Zero-Trust & Hardening", text: "Security-by-Design, CIS/BSI guidelines, automated policies." }, { title: "Zero-Trust & Hardening", text: "Security-by-Design, CIS/BSI guidelines, automated policies." },
{ title: "Cloud Foundations", text: "Landing zones, identity, observability clean & scalable." }, { title: "Cloud Foundations", text: "Landing zones, identity, observability clean & scalable." },
{ title: "Automation", text: "IaC/CI/CD, GitOps, reproducible & auditable." } { title: "Automation", text: "IaC, CI/CD, GitOps, reproducible & auditable." }
]; ];
const features = [ const features = [
{ title: "Cloud & DevOps", text: "Plan, Build & Run efficient, secure, scalable." }, { title: "Cloud & SecOps", text: "Plan, Build & Run efficient, secure, scalable." },
{ title: "Security & Compliance", text: "BSI/ISO-aligned, Zero-Trust, audits, policies-as-code." }, { title: "Security & Compliance", text: "BSI/ISO-aligned, Zero-Trust, audits, policies-as-code." },
{ title: "AI & Automation", text: "RAG, agents & process automation with measurable outcome." } { title: "AI & Automation", text: "RAG, agents & process automation with measurable outcome." }
]; ];