add securityContext to deployment (#163)

ravisingal · web-flow · commit 756bb11cb6f6 · 2023-04-14T01:33:38.000+05:30
* add securityContext to deployment

* add .trivyignore file

* add github output mode
diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml
@@ -4,7 +4,7 @@ on:
     branches:
       - main
   pull_request_target:
-    branches: 
+    branches:
       - main
 
 jobs:
@@ -24,16 +24,17 @@ jobs:
         with:
           username: ${{ secrets.DOCKERHUB_READ_USER }}
           password: ${{ secrets.DOCKERHUB_READ_TOKEN }}
-      
+
       - name: Build with Gradle
         uses: hypertrace/github-actions/gradle@main
-        with: 
+        with:
           args: assemble dockerBuildImages
 
       - name: Run Trivy vulnerability scanner
         uses: hypertrace/github-actions/trivy-image-scan@main
         with:
           image: hypertrace/attribute-service
+          output-mode: github
 
   validate-helm-charts:
     runs-on: ubuntu-22.04
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,2 @@
+# openssl
+CVE-2023-0464 exp:2023-05-01
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
@@ -57,6 +57,10 @@ spec:
     {{- with .Values.topologySpreadConstraints }}
       topologySpreadConstraints:
         {{- toYaml . | nindent 8}}
+    {{- end }}
+    {{- with .Values.securityContext }}
+      securityContext:
+      {{- toYaml . | nindent 8 }}
     {{- end }}
       containers:
         - name: {{ .Chart.Name }}
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -26,6 +26,8 @@ affinity: {}
 
 topologySpreadConstraints: []
 
+securityContext: {}
+
 javaOpts: "-XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0 -XX:MaxDirectMemorySize=128M -XX:+ExitOnOutOfMemoryError"
 
 livenessProbe:

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# openssl`
	`2`	`+CVE-2023-0464 exp:2023-05-01`