Nginx Demo #236
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Nginx Demo | |
| on: | |
| schedule: | |
| - cron: '0 5 * * *' | |
| workflow_dispatch: | |
| permissions: read-all | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| environment: actions-cicd | |
| steps: | |
| - name: install the RapidFort CLI tools | |
| run: curl https://frontrow.rapidfort.com/cli/ | bash | |
| - name: authenticate | |
| env: | |
| RF_ACCESS_ID: ${{ secrets.RF_ACCESS_ID }} | |
| RF_SECRET_ACCESS_KEY: ${{ secrets.RF_SECRET_ACCESS_KEY }} | |
| run: rflogin | |
| - name: pull the latest NGINX image | |
| run: docker pull nginx:latest | |
| - name: run rfstub to generate the stub. this creates a new image, nginx:latest-rfstub | |
| run: rfstub nginx:latest | |
| - name: run the stub. add the SYS_PTRACE capability so that RapidFort can trace the runtime behavior | |
| run: | | |
| docker run --rm -d -p9999:80 --name=my-rf-test --cap-add=SYS_PTRACE nginx:latest-rfstub | |
| sleep 15 | |
| - name: run some tests to exercise the application. you can also point your browser to localhost:9999 | |
| run: curl localhost:9999 | |
| - name: stop the container | |
| run: docker stop my-rf-test | |
| - name: run rfharden to optimize and secure the image. this creates a new image, nginx:latest-rfhardened | |
| run: rfharden nginx:latest-rfstub | |
| - name: check out the various images we created | |
| run: docker images | grep nginx | |
| - name: run the hardened image and test it again | |
| run: | | |
| docker run --rm -d -p9999:80 nginx:latest-rfhardened | |
| sleep 15 | |
| curl localhost:9999 | |
| - name: for more information, please view the Getting Started documentation | |
| run: echo "https://docs.rapidfort.com/getting-started/docker" |