From 2edd401298fbf40535d12362adbfda7443589189 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 18:10:18 +0900 Subject: [PATCH 01/38] =?UTF-8?q?chore:=20=ED=8A=B8=EB=9D=BC=EC=9D=B4?= =?UTF-8?q?=EB=B9=84=20=ED=85=8C=EC=8A=A4=ED=8A=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 44 ++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 14 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index a852ff0..eeabbba 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -1,7 +1,8 @@ name: PR Test & Analysis on: - push: + pull_request: + types: [ opened, reopened, synchronize ] branches: - main - dev @@ -16,6 +17,8 @@ concurrency: jobs: fetch-and-diff: runs-on: ubuntu-latest + env: + MODULES: demo demo1 outputs: modified_modules: ${{ steps.determine_modules.outputs.modules }} @@ -26,10 +29,6 @@ jobs: with: fetch-depth: 0 - - name: Set Modules - run: | - echo "MODULES=demo demo1" >> $GITHUB_ENV - - name: Fetch Base Branch run: git fetch origin +refs/heads/${{ github.ref_name }}:refs/remotes/origin/${{ github.ref_name }} @@ -91,23 +90,40 @@ jobs: scan: # needs: fetch-and-diff runs-on: ubuntu-latest + env: + MODULES: demo demo1 steps: - - name: Set Modules - run: | - echo "MODULES=demo demo1" >> $GITHUB_ENV + - name: Install Trivy run: | curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin - name: Run Trivy vulnerability scanner run: | + echo ${{ env.MODULES }} for module in ${{ env.MODULES }}; do - echo ${module} - trivy image \ - --ignore-unfixed \ - --severity CRITICAL,HIGH \ - --format sarif --output trivy-results_${module}.sarif \ - jerryworld/${module}-${{ github.ref_name }}:${{ github.sha }} + trivy image \ + --format table \ + --exit-code 1 \ + --ignore-unfixed \ + --vuln-type os,library \ + --severity CRITICAL,HIGH \ + --output ${module}_trivy-results.sarif \ + jerryworld/demo-main:7e0b47f95cf20ea9d9e11b55350975e1a349cc53 done + - name: check sarif + id: save_sarif + run: | + for module in ${{ env.MODULES }}; do + cat ${module}_trivy-results.sarif + echo "trivy-results=$(cat ${module}_trivy-results.sarif})" >>> $GITHUB_OUTPUT + done + - name: Comment CVE + uses: thollander/actions-comment-pull-request@v2 + with: + message: | + ${{ steps.save_sarif.outputs.trivy-results }} + + push-manifest: From 1c987f1a16cbb0ee14ec65cc50a9cfbf816c4aff Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 18:11:54 +0900 Subject: [PATCH 02/38] chore: wt... --- .github/workflows/gradle.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index eeabbba..6e421ca 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -30,7 +30,9 @@ jobs: fetch-depth: 0 - name: Fetch Base Branch - run: git fetch origin +refs/heads/${{ github.ref_name }}:refs/remotes/origin/${{ github.ref_name }} + run: | + echo ${{ toJson(github) }} + git fetch origin +refs/heads/${{ github.ref_name }}:refs/remotes/origin/${{ github.ref_name }} - name: Get Modified Files run: | From fcf128e0a80d2af2bbc8a9c3ce955f10d7869dac Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 18:13:55 +0900 Subject: [PATCH 03/38] chore: wt...(2) --- .github/workflows/gradle.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 6e421ca..0b09bf0 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -32,7 +32,7 @@ jobs: - name: Fetch Base Branch run: | echo ${{ toJson(github) }} - git fetch origin +refs/heads/${{ github.ref_name }}:refs/remotes/origin/${{ github.ref_name }} + git fetch origin +refs/heads/${{ github.head_ref }}:refs/remotes/origin/${{ github.base_ref }} - name: Get Modified Files run: | @@ -86,8 +86,8 @@ jobs: MODULES=$(echo "$RAW_MODULES" | sed 's/\[//g; s/\]//g') IFS=',' read -ra MODIFIED_MODULES <<< "$MODULES" for MODULE in "${MODIFIED_MODULES[@]}"; do - docker build -f ${MODULE}/Dockerfile -t jerryworld/${MODULE}-${{ github.ref_name }}:${{ github.sha }} . - docker push jerryworld/${MODULE}-${{ github.ref_name }}:${{ github.sha }} + docker build -f ${MODULE}/Dockerfile -t jerryworld/${MODULE}-${{ github.base_ref }}:${{ github.sha }} . + docker push jerryworld/${MODULE}-${{ github.base_ref }}:${{ github.sha }} done scan: # needs: fetch-and-diff @@ -151,7 +151,7 @@ jobs: echo "UPDATE Target : ${{ matrix.module }}" IFS=' ' read -r -a MODIFIED_MODULES <<< "${{ matrix.module }}" for MODULE in "${MODIFIED_MODULES[@]}"; do - cd apps/${MODULE}/overlay/${{ github.ref_name }} + cd apps/${MODULE}/overlay/${{ github.base_ref }} after_sha="${{ github.sha }}" echo "this revision : ${after_sha}" sed -i "s|\(image:[[:space:]]*[^:]*:\)[^[:space:]]*$|\1${after_sha}|g" ${MODULE}-deployment-patch.yaml From e8bb05fd9aee1cce45ed19f297763dd250dda6d3 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 18:14:40 +0900 Subject: [PATCH 04/38] chore: wt...(3) --- .github/workflows/gradle.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 0b09bf0..bbbfd04 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -31,7 +31,6 @@ jobs: - name: Fetch Base Branch run: | - echo ${{ toJson(github) }} git fetch origin +refs/heads/${{ github.head_ref }}:refs/remotes/origin/${{ github.base_ref }} - name: Get Modified Files From 62ea53757987285e2b6831b5bdc821dfbd5c189d Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 18:18:02 +0900 Subject: [PATCH 05/38] chore: wt...(4) --- .github/workflows/gradle.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index bbbfd04..d0c4a50 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -114,10 +114,14 @@ jobs: - name: check sarif id: save_sarif run: | + combined="" for module in ${{ env.MODULES }}; do cat ${module}_trivy-results.sarif - echo "trivy-results=$(cat ${module}_trivy-results.sarif})" >>> $GITHUB_OUTPUT + combined="${combined}$(cat ${module}_trivy-results.sarif)\n\n" done + echo -e "trivy-results<> $GITHUB_OUTPUT + echo -e "$combined" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT - name: Comment CVE uses: thollander/actions-comment-pull-request@v2 with: From 8bdb45680686afce4d2d93e4e8b515dc78c76e70 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 18:38:56 +0900 Subject: [PATCH 06/38] chore: wt...(5) --- .github/workflows/gradle.yml | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index d0c4a50..b5bb04d 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -6,9 +6,6 @@ on: branches: - main - dev -#env: -# SLACK_VULNERABILITY_WEBHOOK_URL: ${{secrets.SLACK_VULNERABILITY_WEBHOOK_URL}} -# SLACK_PR_NOTIFICATION_WEBHOOK_URL: ${{secret.SLACK_PR_NOTIFICATION_WEBHOOK_URL}} concurrency: group: ci-pr-${{ github.head_ref }} @@ -94,7 +91,6 @@ jobs: env: MODULES: demo demo1 steps: - - name: Install Trivy run: | curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin @@ -109,7 +105,7 @@ jobs: --vuln-type os,library \ --severity CRITICAL,HIGH \ --output ${module}_trivy-results.sarif \ - jerryworld/demo-main:7e0b47f95cf20ea9d9e11b55350975e1a349cc53 + jerryworld/${module}-${{ github.base_ref }}:${{ github.sha }} done - name: check sarif id: save_sarif @@ -122,15 +118,19 @@ jobs: echo -e "trivy-results<> $GITHUB_OUTPUT echo -e "$combined" >> $GITHUB_OUTPUT echo "EOF" >> $GITHUB_OUTPUT - - name: Comment CVE - uses: thollander/actions-comment-pull-request@v2 + - name: Add comment + uses: actions/github-script@v6 with: - message: | - ${{ steps.save_sarif.outputs.trivy-results }} + script: | + const { owner, repo } = context.repo; + const pr_number = context.payload.pull_request.number; - - - + github.rest.issues.createComment({ + owner: owner, + repo: repo, + issue_number: pr_number, + body: "${{ steps.save_sarif.outputs.trivy-results }}" + }); push-manifest: name: Push Manifest needs: fetch-and-diff @@ -161,4 +161,9 @@ jobs: git add -A git commit -m "update manifest demo" done - git push \ No newline at end of file + git push + + +#env: +# SLACK_VULNERABILITY_WEBHOOK_URL: ${{secrets.SLACK_VULNERABILITY_WEBHOOK_URL}} +# SLACK_PR_NOTIFICATION_WEBHOOK_URL: ${{secret.SLACK_PR_NOTIFICATION_WEBHOOK_URL}} \ No newline at end of file From 7723b0ba21c3e3808d8283b51c779783e97c2dca Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 18:39:54 +0900 Subject: [PATCH 07/38] chore: wt...(5) --- .github/workflows/gradle.yml | 2 +- demo/src/main/java/com/example/demo/DemoApplication.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index b5bb04d..4adff64 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -86,7 +86,7 @@ jobs: docker push jerryworld/${MODULE}-${{ github.base_ref }}:${{ github.sha }} done scan: -# needs: fetch-and-diff + needs: fetch-and-diff runs-on: ubuntu-latest env: MODULES: demo demo1 diff --git a/demo/src/main/java/com/example/demo/DemoApplication.java b/demo/src/main/java/com/example/demo/DemoApplication.java index 1ef4920..30673ec 100644 --- a/demo/src/main/java/com/example/demo/DemoApplication.java +++ b/demo/src/main/java/com/example/demo/DemoApplication.java @@ -9,5 +9,5 @@ public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } - //수정테스트3 - DIFF + //수정테스트3 - DIFF1 } From 2bb9259a51d24efe70e6c598732c0bbbe6e66089 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 18:45:54 +0900 Subject: [PATCH 08/38] chore: wt...(6) --- .github/workflows/gradle.yml | 15 +++++++++------ .../java/com/example/demo/DemoApplication.java | 2 +- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 4adff64..ff7af1b 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -88,16 +88,18 @@ jobs: scan: needs: fetch-and-diff runs-on: ubuntu-latest - env: - MODULES: demo demo1 + strategy: + matrix: + module: ${{ fromJSON(needs.fetch-and-diff.outputs.modified_modules) }} steps: - name: Install Trivy run: | curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin - name: Run Trivy vulnerability scanner run: | - echo ${{ env.MODULES }} - for module in ${{ env.MODULES }}; do + echo "CHECK Target : ${{ matrix.module }}" + IFS=' ' read -r -a MODIFIED_MODULES <<< "${{ matrix.module }}" + for MODULE in "${MODIFIED_MODULES[@]}"; do trivy image \ --format table \ --exit-code 1 \ @@ -111,9 +113,10 @@ jobs: id: save_sarif run: | combined="" - for module in ${{ env.MODULES }}; do + IFS=' ' read -r -a MODIFIED_MODULES <<< "${{ matrix.module }}" + for MODULE in "${MODIFIED_MODULES[@]}"; do cat ${module}_trivy-results.sarif - combined="${combined}$(cat ${module}_trivy-results.sarif)\n\n" + combined="${combined}$(cat ${module}_trivy-results.sarif)\n\n" done echo -e "trivy-results<> $GITHUB_OUTPUT echo -e "$combined" >> $GITHUB_OUTPUT diff --git a/demo/src/main/java/com/example/demo/DemoApplication.java b/demo/src/main/java/com/example/demo/DemoApplication.java index 30673ec..676ede0 100644 --- a/demo/src/main/java/com/example/demo/DemoApplication.java +++ b/demo/src/main/java/com/example/demo/DemoApplication.java @@ -9,5 +9,5 @@ public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } - //수정테스트3 - DIFF1 + //수정테스트3 - DIFF2 } From 3a978982b0916c45e81dda405e24c82aec095c1a Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 18:48:51 +0900 Subject: [PATCH 09/38] chore: wt...(7) --- .github/workflows/gradle.yml | 2 +- demo/src/main/java/com/example/demo/DemoApplication.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index ff7af1b..a279382 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -107,7 +107,7 @@ jobs: --vuln-type os,library \ --severity CRITICAL,HIGH \ --output ${module}_trivy-results.sarif \ - jerryworld/${module}-${{ github.base_ref }}:${{ github.sha }} + jerryworld/${MODULE}-${{ github.base_ref }}:${{ github.sha }} done - name: check sarif id: save_sarif diff --git a/demo/src/main/java/com/example/demo/DemoApplication.java b/demo/src/main/java/com/example/demo/DemoApplication.java index 676ede0..dc1f3c2 100644 --- a/demo/src/main/java/com/example/demo/DemoApplication.java +++ b/demo/src/main/java/com/example/demo/DemoApplication.java @@ -9,5 +9,5 @@ public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } - //수정테스트3 - DIFF2 + //수정테스트3 - DIFF3 } From f08da59e6b202cd0d83fdfc3145a6e38d92070d9 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 18:51:41 +0900 Subject: [PATCH 10/38] chore: wt...(8) --- .github/workflows/gradle.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index a279382..2c805f7 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -124,6 +124,7 @@ jobs: - name: Add comment uses: actions/github-script@v6 with: + github-token: '${{ github.token }}' script: | const { owner, repo } = context.repo; const pr_number = context.payload.pull_request.number; From dc7f82114e91ee76f12bb0e87168e1f645148741 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 18:54:12 +0900 Subject: [PATCH 11/38] chore: wt...(8) --- demo/src/main/java/com/example/demo/DemoApplication.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demo/src/main/java/com/example/demo/DemoApplication.java b/demo/src/main/java/com/example/demo/DemoApplication.java index dc1f3c2..984d5b4 100644 --- a/demo/src/main/java/com/example/demo/DemoApplication.java +++ b/demo/src/main/java/com/example/demo/DemoApplication.java @@ -9,5 +9,5 @@ public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } - //수정테스트3 - DIFF3 + //수정테스트3 - DIFF5 } From 996a87aede192cb0f1e360799d23492222c4a4bc Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 18:57:33 +0900 Subject: [PATCH 12/38] chore: wt...(9) --- .github/workflows/gradle.yml | 2 +- demo/src/main/java/com/example/demo/DemoApplication.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 2c805f7..9e63cac 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -124,7 +124,7 @@ jobs: - name: Add comment uses: actions/github-script@v6 with: - github-token: '${{ github.token }}' + github-token: ${{ secrets.GIT_TOKEN }} script: | const { owner, repo } = context.repo; const pr_number = context.payload.pull_request.number; diff --git a/demo/src/main/java/com/example/demo/DemoApplication.java b/demo/src/main/java/com/example/demo/DemoApplication.java index 984d5b4..5bc4409 100644 --- a/demo/src/main/java/com/example/demo/DemoApplication.java +++ b/demo/src/main/java/com/example/demo/DemoApplication.java @@ -9,5 +9,5 @@ public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } - //수정테스트3 - DIFF5 + //수정테스트3 - DIFF6 } From 8d80d18a191701f60e5af745ff3da29054f3d3c7 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 19:23:11 +0900 Subject: [PATCH 13/38] chore: wt...(10) --- .github/workflows/gradle.yml | 8 ++++---- demo/src/main/java/com/example/demo/DemoApplication.java | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 9e63cac..7b7aeaa 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -130,10 +130,10 @@ jobs: const pr_number = context.payload.pull_request.number; github.rest.issues.createComment({ - owner: owner, - repo: repo, - issue_number: pr_number, - body: "${{ steps.save_sarif.outputs.trivy-results }}" + owner: owner, + repo: repo, + issue_number: pr_number, + body: "${{ steps.save_sarif.outputs.trivy-results }}" }); push-manifest: name: Push Manifest diff --git a/demo/src/main/java/com/example/demo/DemoApplication.java b/demo/src/main/java/com/example/demo/DemoApplication.java index 5bc4409..07c1b49 100644 --- a/demo/src/main/java/com/example/demo/DemoApplication.java +++ b/demo/src/main/java/com/example/demo/DemoApplication.java @@ -9,5 +9,5 @@ public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } - //수정테스트3 - DIFF6 + //수정테스트3 - DIFF7 } From ef0f3bd81eab65c216a6b295bb5eaf52dd514e60 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 19:25:02 +0900 Subject: [PATCH 14/38] chore: wt...(11) --- .github/workflows/gradle.yml | 4 +++- demo/src/main/java/com/example/demo/DemoApplication.java | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 7b7aeaa..c4c8424 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -123,6 +123,8 @@ jobs: echo "EOF" >> $GITHUB_OUTPUT - name: Add comment uses: actions/github-script@v6 + env: + TRIVY_RESULTS: ${{ steps.save_sarif.outputs.trivy-results }} with: github-token: ${{ secrets.GIT_TOKEN }} script: | @@ -133,7 +135,7 @@ jobs: owner: owner, repo: repo, issue_number: pr_number, - body: "${{ steps.save_sarif.outputs.trivy-results }}" + body: process.env.TRIVY_RESULTS }); push-manifest: name: Push Manifest diff --git a/demo/src/main/java/com/example/demo/DemoApplication.java b/demo/src/main/java/com/example/demo/DemoApplication.java index 07c1b49..9f7bf45 100644 --- a/demo/src/main/java/com/example/demo/DemoApplication.java +++ b/demo/src/main/java/com/example/demo/DemoApplication.java @@ -9,5 +9,5 @@ public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } - //수정테스트3 - DIFF7 + //수정테스트3 - DIFF8 } From ea2dcc73b2911c7a500f820836de02e5c1715ebf Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 20:06:35 +0900 Subject: [PATCH 15/38] =?UTF-8?q?chore:=20json=20=ED=8F=AC=EB=A9=A7=20?= =?UTF-8?q?=EB=B3=80=ED=99=98=20=EB=B0=8F=20=EB=8D=B0=EC=9D=B4=ED=84=B0=20?= =?UTF-8?q?=ED=8F=AC=EB=A9=A7=ED=8C=85(1)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 6 +++--- demo/src/main/java/com/example/demo/DemoApplication.java | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index c4c8424..648ae93 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -100,13 +100,13 @@ jobs: echo "CHECK Target : ${{ matrix.module }}" IFS=' ' read -r -a MODIFIED_MODULES <<< "${{ matrix.module }}" for MODULE in "${MODIFIED_MODULES[@]}"; do - trivy image \ - --format table \ + trivy image -d \ + --format json \ --exit-code 1 \ --ignore-unfixed \ --vuln-type os,library \ --severity CRITICAL,HIGH \ - --output ${module}_trivy-results.sarif \ + --output ${module}_trivy-results.json \ jerryworld/${MODULE}-${{ github.base_ref }}:${{ github.sha }} done - name: check sarif diff --git a/demo/src/main/java/com/example/demo/DemoApplication.java b/demo/src/main/java/com/example/demo/DemoApplication.java index 9f7bf45..cb19c1a 100644 --- a/demo/src/main/java/com/example/demo/DemoApplication.java +++ b/demo/src/main/java/com/example/demo/DemoApplication.java @@ -9,5 +9,5 @@ public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } - //수정테스트3 - DIFF8 + //수정테스트3 - DIFF9 } From 8013a65418aeabcc059cb260fe80ef150e718ab8 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 20:09:24 +0900 Subject: [PATCH 16/38] =?UTF-8?q?chore:=20json=20=ED=8F=AC=EB=A9=A7=20?= =?UTF-8?q?=EB=B3=80=ED=99=98=20=EB=B0=8F=20=EB=8D=B0=EC=9D=B4=ED=84=B0=20?= =?UTF-8?q?=ED=8F=AC=EB=A9=A7=ED=8C=85(2)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 648ae93..7439279 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -115,7 +115,7 @@ jobs: combined="" IFS=' ' read -r -a MODIFIED_MODULES <<< "${{ matrix.module }}" for MODULE in "${MODIFIED_MODULES[@]}"; do - cat ${module}_trivy-results.sarif + cat ${MODULE}_trivy-results.json combined="${combined}$(cat ${module}_trivy-results.sarif)\n\n" done echo -e "trivy-results<> $GITHUB_OUTPUT From 7be5e591e12b1ee1b77f850ffe44e39e07f4e452 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 20:20:47 +0900 Subject: [PATCH 17/38] =?UTF-8?q?chore:=20json=20=ED=8F=AC=EB=A9=A7=20?= =?UTF-8?q?=EB=B3=80=ED=99=98=20=EB=B0=8F=20=EB=8D=B0=EC=9D=B4=ED=84=B0=20?= =?UTF-8?q?=ED=8F=AC=EB=A9=A7=ED=8C=85(2)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- demo/src/main/java/com/example/demo/DemoApplication.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demo/src/main/java/com/example/demo/DemoApplication.java b/demo/src/main/java/com/example/demo/DemoApplication.java index cb19c1a..0e67796 100644 --- a/demo/src/main/java/com/example/demo/DemoApplication.java +++ b/demo/src/main/java/com/example/demo/DemoApplication.java @@ -9,5 +9,5 @@ public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } - //수정테스트3 - DIFF9 + //수정테스트3 - DIFF10 } From fbf883fc5fe614af05ba66adcba649bfcb1a5ec2 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 20:24:40 +0900 Subject: [PATCH 18/38] =?UTF-8?q?chore:=20json=20=ED=8F=AC=EB=A9=A7=20?= =?UTF-8?q?=EB=B3=80=ED=99=98=20=EB=B0=8F=20=EB=8D=B0=EC=9D=B4=ED=84=B0=20?= =?UTF-8?q?=ED=8F=AC=EB=A9=A7=ED=8C=85(3)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 1 + demo/src/main/java/com/example/demo/DemoApplication.java | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 7439279..e29fa2f 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -112,6 +112,7 @@ jobs: - name: check sarif id: save_sarif run: | + ls -al combined="" IFS=' ' read -r -a MODIFIED_MODULES <<< "${{ matrix.module }}" for MODULE in "${MODIFIED_MODULES[@]}"; do diff --git a/demo/src/main/java/com/example/demo/DemoApplication.java b/demo/src/main/java/com/example/demo/DemoApplication.java index 0e67796..08452ef 100644 --- a/demo/src/main/java/com/example/demo/DemoApplication.java +++ b/demo/src/main/java/com/example/demo/DemoApplication.java @@ -9,5 +9,5 @@ public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } - //수정테스트3 - DIFF10 + //수정테스트3 - DIFF11 } From d8c6c72c6c362fb0b25d5815c051b235da7d6af1 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 20:28:03 +0900 Subject: [PATCH 19/38] =?UTF-8?q?chore:=20json=20=ED=8F=AC=EB=A9=A7=20?= =?UTF-8?q?=EB=B3=80=ED=99=98=20=EB=B0=8F=20=EB=8D=B0=EC=9D=B4=ED=84=B0=20?= =?UTF-8?q?=ED=8F=AC=EB=A9=A7=ED=8C=85(4)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 2 +- demo/src/main/java/com/example/demo/DemoApplication.java | 2 +- demo1/src/main/java/com/example/demo/home1/Home1Controller.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index e29fa2f..d9f29ab 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -106,7 +106,7 @@ jobs: --ignore-unfixed \ --vuln-type os,library \ --severity CRITICAL,HIGH \ - --output ${module}_trivy-results.json \ + --output ${MODULE}_trivy-results.json \ jerryworld/${MODULE}-${{ github.base_ref }}:${{ github.sha }} done - name: check sarif diff --git a/demo/src/main/java/com/example/demo/DemoApplication.java b/demo/src/main/java/com/example/demo/DemoApplication.java index 08452ef..1f9ab53 100644 --- a/demo/src/main/java/com/example/demo/DemoApplication.java +++ b/demo/src/main/java/com/example/demo/DemoApplication.java @@ -9,5 +9,5 @@ public class DemoApplication { public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); } - //수정테스트3 - DIFF11 + //수정테스트3 - DIFF12 } diff --git a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java index 05a4d33..60412fa 100644 --- a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java +++ b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java @@ -9,7 +9,7 @@ public class Home1Controller { @GetMapping public String home1(){ - System.out.println("home1"); + System.out.println("home1_"); return "home1"; } } From 1bc7f0914a5384b2567a4724e5da64a0c58a54a1 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 20:36:16 +0900 Subject: [PATCH 20/38] =?UTF-8?q?chore:=20json=20=ED=8F=AC=EB=A9=A7=20?= =?UTF-8?q?=EB=B3=80=ED=99=98=20=EB=B0=8F=20=EB=8D=B0=EC=9D=B4=ED=84=B0=20?= =?UTF-8?q?=ED=8F=AC=EB=A9=A7=ED=8C=85(5)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 27 +++++++------------ .../com/example/demo/home/HomeController.java | 2 +- .../example/demo/home1/Home1Controller.java | 2 +- 3 files changed, 11 insertions(+), 20 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index d9f29ab..99f9428 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -113,15 +113,8 @@ jobs: id: save_sarif run: | ls -al - combined="" - IFS=' ' read -r -a MODIFIED_MODULES <<< "${{ matrix.module }}" - for MODULE in "${MODIFIED_MODULES[@]}"; do - cat ${MODULE}_trivy-results.json - combined="${combined}$(cat ${module}_trivy-results.sarif)\n\n" - done - echo -e "trivy-results<> $GITHUB_OUTPUT - echo -e "$combined" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT + MODULE=${{ matrix.module }} + cat ${MODULE}_trivy-results.json >> $GITHUB_OUTPUT - name: Add comment uses: actions/github-script@v6 env: @@ -159,15 +152,13 @@ jobs: git config --global user.name "jerry-world" echo "UPDATE Target : ${{ matrix.module }}" - IFS=' ' read -r -a MODIFIED_MODULES <<< "${{ matrix.module }}" - for MODULE in "${MODIFIED_MODULES[@]}"; do - cd apps/${MODULE}/overlay/${{ github.base_ref }} - after_sha="${{ github.sha }}" - echo "this revision : ${after_sha}" - sed -i "s|\(image:[[:space:]]*[^:]*:\)[^[:space:]]*$|\1${after_sha}|g" ${MODULE}-deployment-patch.yaml - git add -A - git commit -m "update manifest demo" - done + MODULE=${{ matrix.module }} + cd apps/${MODULE}/overlay/${{ github.base_ref }} + after_sha="${{ github.sha }}" + echo "this revision : ${after_sha}" + sed -i "s|\(image:[[:space:]]*[^:]*:\)[^[:space:]]*$|\1${after_sha}|g" ${MODULE}-deployment-patch.yaml + git add -A + git commit -m "update manifest demo" git push diff --git a/demo/src/main/java/com/example/demo/home/HomeController.java b/demo/src/main/java/com/example/demo/home/HomeController.java index 9735acb..eb5ada1 100644 --- a/demo/src/main/java/com/example/demo/home/HomeController.java +++ b/demo/src/main/java/com/example/demo/home/HomeController.java @@ -11,7 +11,7 @@ public class HomeController { @RequestMapping(value = "/home") public String home() { System.out.println("home Check"); - System.out.println("Trivy 테스트"); + System.out.println("Trivy 테스트1"); return "Welcome home"; } } diff --git a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java index 60412fa..c0f9cb2 100644 --- a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java +++ b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java @@ -9,7 +9,7 @@ public class Home1Controller { @GetMapping public String home1(){ - System.out.println("home1_"); + System.out.println("home1_1"); return "home1"; } } From e79f60e917e5ba981b4396b36e9dc7ae9585a783 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 20:44:18 +0900 Subject: [PATCH 21/38] =?UTF-8?q?chore:=20json=20=ED=8F=AC=EB=A9=A7=20?= =?UTF-8?q?=EB=B3=80=ED=99=98=20=EB=B0=8F=20=EB=8D=B0=EC=9D=B4=ED=84=B0=20?= =?UTF-8?q?=ED=8F=AC=EB=A9=A7=ED=8C=85(6)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 6 +++--- .../src/main/java/com/example/demo/home/HomeController.java | 2 +- .../main/java/com/example/demo/home1/Home1Controller.java | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 99f9428..805ef81 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -101,12 +101,12 @@ jobs: IFS=' ' read -r -a MODIFIED_MODULES <<< "${{ matrix.module }}" for MODULE in "${MODIFIED_MODULES[@]}"; do trivy image -d \ - --format json \ + --format table \ --exit-code 1 \ --ignore-unfixed \ --vuln-type os,library \ --severity CRITICAL,HIGH \ - --output ${MODULE}_trivy-results.json \ + --output ${MODULE}_trivy-results.sarif \ jerryworld/${MODULE}-${{ github.base_ref }}:${{ github.sha }} done - name: check sarif @@ -114,7 +114,7 @@ jobs: run: | ls -al MODULE=${{ matrix.module }} - cat ${MODULE}_trivy-results.json >> $GITHUB_OUTPUT + cat ${MODULE}_trivy-results.sarif >> $GITHUB_OUTPUT - name: Add comment uses: actions/github-script@v6 env: diff --git a/demo/src/main/java/com/example/demo/home/HomeController.java b/demo/src/main/java/com/example/demo/home/HomeController.java index eb5ada1..3a0e312 100644 --- a/demo/src/main/java/com/example/demo/home/HomeController.java +++ b/demo/src/main/java/com/example/demo/home/HomeController.java @@ -11,7 +11,7 @@ public class HomeController { @RequestMapping(value = "/home") public String home() { System.out.println("home Check"); - System.out.println("Trivy 테스트1"); + System.out.println("Trivy 테스트2"); return "Welcome home"; } } diff --git a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java index c0f9cb2..0d0ced2 100644 --- a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java +++ b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java @@ -9,7 +9,7 @@ public class Home1Controller { @GetMapping public String home1(){ - System.out.println("home1_1"); + System.out.println("home1_2"); return "home1"; } } From 0fc243f34b6cd14a7e38dbbdee079976cb817ad9 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 20:50:05 +0900 Subject: [PATCH 22/38] =?UTF-8?q?chore:=20json=20=ED=8F=AC=EB=A9=A7=20?= =?UTF-8?q?=EB=B3=80=ED=99=98=20=EB=B0=8F=20=EB=8D=B0=EC=9D=B4=ED=84=B0=20?= =?UTF-8?q?=ED=8F=AC=EB=A9=A7=ED=8C=85(6)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 3 ++- demo/src/main/java/com/example/demo/home/HomeController.java | 2 +- .../src/main/java/com/example/demo/home1/Home1Controller.java | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 805ef81..84ef072 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -114,7 +114,8 @@ jobs: run: | ls -al MODULE=${{ matrix.module }} - cat ${MODULE}_trivy-results.sarif >> $GITHUB_OUTPUT + echo "modules=$(echo $MODULE_MATRIX)" >> $GITHUB_OUTPUT + echo "trivy-results=$(cat ${MODULE}_trivy-results.sarif)" >> $GITHUB_OUTPUT - name: Add comment uses: actions/github-script@v6 env: diff --git a/demo/src/main/java/com/example/demo/home/HomeController.java b/demo/src/main/java/com/example/demo/home/HomeController.java index 3a0e312..93a2a7f 100644 --- a/demo/src/main/java/com/example/demo/home/HomeController.java +++ b/demo/src/main/java/com/example/demo/home/HomeController.java @@ -11,7 +11,7 @@ public class HomeController { @RequestMapping(value = "/home") public String home() { System.out.println("home Check"); - System.out.println("Trivy 테스트2"); + System.out.println("Trivy 테스트3"); return "Welcome home"; } } diff --git a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java index 0d0ced2..f2c3979 100644 --- a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java +++ b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java @@ -9,7 +9,7 @@ public class Home1Controller { @GetMapping public String home1(){ - System.out.println("home1_2"); + System.out.println("home1_3"); return "home1"; } } From 969a6c04b2ff58d18fadc36d038cfdcabeaffb61 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 20:57:49 +0900 Subject: [PATCH 23/38] =?UTF-8?q?chore:=20json=20=ED=8F=AC=EB=A9=A7=20?= =?UTF-8?q?=EB=B3=80=ED=99=98=20=EB=B0=8F=20=EB=8D=B0=EC=9D=B4=ED=84=B0=20?= =?UTF-8?q?=ED=8F=AC=EB=A9=A7=ED=8C=85(6)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 6 ++++-- .../src/main/java/com/example/demo/home/HomeController.java | 2 +- .../main/java/com/example/demo/home1/Home1Controller.java | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 84ef072..bc5be3a 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -114,8 +114,10 @@ jobs: run: | ls -al MODULE=${{ matrix.module }} - echo "modules=$(echo $MODULE_MATRIX)" >> $GITHUB_OUTPUT - echo "trivy-results=$(cat ${MODULE}_trivy-results.sarif)" >> $GITHUB_OUTPUT + DATA=$(cat ${MODULE}_trivy-results.sarif) + echo -e "trivy-results<> $GITHUB_OUTPUT + echo -e "$DATA" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT - name: Add comment uses: actions/github-script@v6 env: diff --git a/demo/src/main/java/com/example/demo/home/HomeController.java b/demo/src/main/java/com/example/demo/home/HomeController.java index 93a2a7f..3b3a009 100644 --- a/demo/src/main/java/com/example/demo/home/HomeController.java +++ b/demo/src/main/java/com/example/demo/home/HomeController.java @@ -11,7 +11,7 @@ public class HomeController { @RequestMapping(value = "/home") public String home() { System.out.println("home Check"); - System.out.println("Trivy 테스트3"); + System.out.println("Trivy 테스트4"); return "Welcome home"; } } diff --git a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java index f2c3979..5a73f91 100644 --- a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java +++ b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java @@ -9,7 +9,7 @@ public class Home1Controller { @GetMapping public String home1(){ - System.out.println("home1_3"); + System.out.println("home1_4"); return "home1"; } } From bee60da9948f6eb9c70100cd404d0cdf1f59adf6 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 21:04:42 +0900 Subject: [PATCH 24/38] =?UTF-8?q?chore:=20CVE=20=EC=88=98=EC=A4=80=20MEDIU?= =?UTF-8?q?M=EA=B9=8C=EC=A7=80=20=EA=B2=80=EC=A6=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 2 +- demo/src/main/java/com/example/demo/home/HomeController.java | 2 +- demo1/src/main/java/com/example/demo/home1/Home1Controller.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index bc5be3a..b29f025 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -105,7 +105,7 @@ jobs: --exit-code 1 \ --ignore-unfixed \ --vuln-type os,library \ - --severity CRITICAL,HIGH \ + --severity CRITICAL,HIGH,MEDIUM \ --output ${MODULE}_trivy-results.sarif \ jerryworld/${MODULE}-${{ github.base_ref }}:${{ github.sha }} done diff --git a/demo/src/main/java/com/example/demo/home/HomeController.java b/demo/src/main/java/com/example/demo/home/HomeController.java index 3b3a009..59c4c11 100644 --- a/demo/src/main/java/com/example/demo/home/HomeController.java +++ b/demo/src/main/java/com/example/demo/home/HomeController.java @@ -11,7 +11,7 @@ public class HomeController { @RequestMapping(value = "/home") public String home() { System.out.println("home Check"); - System.out.println("Trivy 테스트4"); + System.out.println("Trivy 테스트5"); return "Welcome home"; } } diff --git a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java index 5a73f91..8268aea 100644 --- a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java +++ b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java @@ -9,7 +9,7 @@ public class Home1Controller { @GetMapping public String home1(){ - System.out.println("home1_4"); + System.out.println("home1_5"); return "home1"; } } From daa69408d16b6e2e31aae8a311208e8ff9719619 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 21:08:13 +0900 Subject: [PATCH 25/38] =?UTF-8?q?chore:=20debug=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 2 +- demo/src/main/java/com/example/demo/home/HomeController.java | 2 +- demo1/src/main/java/com/example/demo/home1/Home1Controller.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index b29f025..8cdb20a 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -100,7 +100,7 @@ jobs: echo "CHECK Target : ${{ matrix.module }}" IFS=' ' read -r -a MODIFIED_MODULES <<< "${{ matrix.module }}" for MODULE in "${MODIFIED_MODULES[@]}"; do - trivy image -d \ + trivy image \ --format table \ --exit-code 1 \ --ignore-unfixed \ diff --git a/demo/src/main/java/com/example/demo/home/HomeController.java b/demo/src/main/java/com/example/demo/home/HomeController.java index 59c4c11..e535f2d 100644 --- a/demo/src/main/java/com/example/demo/home/HomeController.java +++ b/demo/src/main/java/com/example/demo/home/HomeController.java @@ -11,7 +11,7 @@ public class HomeController { @RequestMapping(value = "/home") public String home() { System.out.println("home Check"); - System.out.println("Trivy 테스트5"); + System.out.println("Trivy 테스트6"); return "Welcome home"; } } diff --git a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java index 8268aea..efd657e 100644 --- a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java +++ b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java @@ -9,7 +9,7 @@ public class Home1Controller { @GetMapping public String home1(){ - System.out.println("home1_5"); + System.out.println("home1_6"); return "home1"; } } From 70733b563ed0f47f6dcb1dfc260ccced6d165ee5 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 21:12:12 +0900 Subject: [PATCH 26/38] =?UTF-8?q?chore:=20debug=20=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 3 +-- demo/src/main/java/com/example/demo/home/HomeController.java | 2 +- .../src/main/java/com/example/demo/home1/Home1Controller.java | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 8cdb20a..61f9946 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -104,8 +104,7 @@ jobs: --format table \ --exit-code 1 \ --ignore-unfixed \ - --vuln-type os,library \ - --severity CRITICAL,HIGH,MEDIUM \ + --vuln-type library \ --output ${MODULE}_trivy-results.sarif \ jerryworld/${MODULE}-${{ github.base_ref }}:${{ github.sha }} done diff --git a/demo/src/main/java/com/example/demo/home/HomeController.java b/demo/src/main/java/com/example/demo/home/HomeController.java index e535f2d..231dd39 100644 --- a/demo/src/main/java/com/example/demo/home/HomeController.java +++ b/demo/src/main/java/com/example/demo/home/HomeController.java @@ -11,7 +11,7 @@ public class HomeController { @RequestMapping(value = "/home") public String home() { System.out.println("home Check"); - System.out.println("Trivy 테스트6"); + System.out.println("Trivy 테스트8"); return "Welcome home"; } } diff --git a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java index efd657e..820cf74 100644 --- a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java +++ b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java @@ -9,7 +9,7 @@ public class Home1Controller { @GetMapping public String home1(){ - System.out.println("home1_6"); + System.out.println("home1_8"); return "home1"; } } From de15fe361a49c7a6d787851bffbdebc3c8bcefbf Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 21:17:45 +0900 Subject: [PATCH 27/38] =?UTF-8?q?chore:=20trivy=20=EB=AA=85=EB=A0=B9=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 18 ++++++++---------- .../com/example/demo/home/HomeController.java | 2 +- .../example/demo/home1/Home1Controller.java | 2 +- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 61f9946..2263ecb 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -98,16 +98,14 @@ jobs: - name: Run Trivy vulnerability scanner run: | echo "CHECK Target : ${{ matrix.module }}" - IFS=' ' read -r -a MODIFIED_MODULES <<< "${{ matrix.module }}" - for MODULE in "${MODIFIED_MODULES[@]}"; do - trivy image \ - --format table \ - --exit-code 1 \ - --ignore-unfixed \ - --vuln-type library \ - --output ${MODULE}_trivy-results.sarif \ - jerryworld/${MODULE}-${{ github.base_ref }}:${{ github.sha }} - done + trivy image \ + --format table \ + --exit-code 1 \ + --ignore-unfixed \ + --vuln-type os,library \ + --severity CRITICAL,HIGH,MEDIUM \ + --output ${MODULE}_trivy-results.sarif \ + jerryworld/${{ matrix.module }}-${{ github.base_ref }}:${{ github.sha }} - name: check sarif id: save_sarif run: | diff --git a/demo/src/main/java/com/example/demo/home/HomeController.java b/demo/src/main/java/com/example/demo/home/HomeController.java index 231dd39..af36c19 100644 --- a/demo/src/main/java/com/example/demo/home/HomeController.java +++ b/demo/src/main/java/com/example/demo/home/HomeController.java @@ -11,7 +11,7 @@ public class HomeController { @RequestMapping(value = "/home") public String home() { System.out.println("home Check"); - System.out.println("Trivy 테스트8"); + System.out.println("Trivy 테스트9"); return "Welcome home"; } } diff --git a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java index 820cf74..f78003a 100644 --- a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java +++ b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java @@ -9,7 +9,7 @@ public class Home1Controller { @GetMapping public String home1(){ - System.out.println("home1_8"); + System.out.println("home1_10"); return "home1"; } } From ccc0fd4f6fbc5c6a789b68a12baf984fc5aa512c Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 21:21:10 +0900 Subject: [PATCH 28/38] =?UTF-8?q?chore:=20trivy=20=EB=AA=85=EB=A0=B9=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 1 - demo/src/main/java/com/example/demo/home/HomeController.java | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 2263ecb..dd9fc6a 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -100,7 +100,6 @@ jobs: echo "CHECK Target : ${{ matrix.module }}" trivy image \ --format table \ - --exit-code 1 \ --ignore-unfixed \ --vuln-type os,library \ --severity CRITICAL,HIGH,MEDIUM \ diff --git a/demo/src/main/java/com/example/demo/home/HomeController.java b/demo/src/main/java/com/example/demo/home/HomeController.java index af36c19..30b77f4 100644 --- a/demo/src/main/java/com/example/demo/home/HomeController.java +++ b/demo/src/main/java/com/example/demo/home/HomeController.java @@ -11,7 +11,7 @@ public class HomeController { @RequestMapping(value = "/home") public String home() { System.out.println("home Check"); - System.out.println("Trivy 테스트9"); + System.out.println("Trivy 테스트10"); return "Welcome home"; } } From 3498a05df55bc7530df247c007f5102b1159a566 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 21:25:42 +0900 Subject: [PATCH 29/38] =?UTF-8?q?fix:=20=EB=B3=80=EC=88=98=20=EB=88=84?= =?UTF-8?q?=EB=9D=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index dd9fc6a..68e4dc0 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -98,6 +98,7 @@ jobs: - name: Run Trivy vulnerability scanner run: | echo "CHECK Target : ${{ matrix.module }}" + MODULE=${{ matrix.module }} trivy image \ --format table \ --ignore-unfixed \ From 6b5be33f17a3b66fd8ee2bc9971c4dea7e771f11 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 21:25:46 +0900 Subject: [PATCH 30/38] =?UTF-8?q?fix:=20=EB=B3=80=EC=88=98=20=EB=88=84?= =?UTF-8?q?=EB=9D=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- demo1/src/main/java/com/example/demo/home1/Home1Controller.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java index f78003a..56f493d 100644 --- a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java +++ b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java @@ -9,7 +9,7 @@ public class Home1Controller { @GetMapping public String home1(){ - System.out.println("home1_10"); + System.out.println("home1_11"); return "home1"; } } From 73ecb81041fe3bd69ef0c2ef96f6bcad5074a16f Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 21:34:24 +0900 Subject: [PATCH 31/38] =?UTF-8?q?fix:=20=EB=B3=80=EC=88=98=20=EB=88=84?= =?UTF-8?q?=EB=9D=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 2 ++ demo/build.gradle | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 68e4dc0..fecae17 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -32,6 +32,8 @@ jobs: - name: Get Modified Files run: | + echo "event_before : ${{ github.event.before }}" + echo "after : ${{ github.sha }}" MODIFIED_FILES=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} | tr '\n' ' ') echo $MODIFIED_FILES echo "MODIFIED_FILES=$MODIFIED_FILES" >> $GITHUB_ENV diff --git a/demo/build.gradle b/demo/build.gradle index 3b5233d..58de6b3 100644 --- a/demo/build.gradle +++ b/demo/build.gradle @@ -30,7 +30,6 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-data-jpa' implementation 'org.springframework.boot:spring-boot-starter-validation' implementation 'org.springframework.cloud:spring-cloud-starter' - implementation 'org.springframework.cloud:spring-cloud-starter-config' implementation 'org.springframework.boot:spring-boot-starter-actuator' // KMS From 0fef95d552173589b531e26bb3d322c3fccaea8f Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 21:49:06 +0900 Subject: [PATCH 32/38] chore: CHECK --- .github/workflows/gradle.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index fecae17..d548c7e 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -12,6 +12,17 @@ concurrency: cancel-in-progress: true jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Git Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: check variables + run: | + echo "${{ toJson(github.event) }}" + echo "${{ toJson(github) }}" fetch-and-diff: runs-on: ubuntu-latest env: @@ -34,7 +45,7 @@ jobs: run: | echo "event_before : ${{ github.event.before }}" echo "after : ${{ github.sha }}" - MODIFIED_FILES=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} | tr '\n' ' ') + MODIFIED_FILES=$(git diff --name-only ${{ github.event.after }} ${{ github.sha }} | tr '\n' ' ') echo $MODIFIED_FILES echo "MODIFIED_FILES=$MODIFIED_FILES" >> $GITHUB_ENV From fe8610f58691bb540c519f79d4347148630b1175 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 21:51:41 +0900 Subject: [PATCH 33/38] chore: CHECK --- .github/workflows/gradle.yml | 15 +++------------ .../com/example/demo/home/HomeController.java | 2 +- 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index d548c7e..2520e6d 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -12,17 +12,6 @@ concurrency: cancel-in-progress: true jobs: - test: - runs-on: ubuntu-latest - steps: - - name: Git Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: check variables - run: | - echo "${{ toJson(github.event) }}" - echo "${{ toJson(github) }}" fetch-and-diff: runs-on: ubuntu-latest env: @@ -39,13 +28,15 @@ jobs: - name: Fetch Base Branch run: | + echo "From : ${{ github.head_ref }}" + echo "To : ${{ github.base_ref }}" git fetch origin +refs/heads/${{ github.head_ref }}:refs/remotes/origin/${{ github.base_ref }} - name: Get Modified Files run: | echo "event_before : ${{ github.event.before }}" echo "after : ${{ github.sha }}" - MODIFIED_FILES=$(git diff --name-only ${{ github.event.after }} ${{ github.sha }} | tr '\n' ' ') + MODIFIED_FILES=$(git diff --name-only ${{ github.head_ref }} ${{ github.base_ref }} | tr '\n' ' ') echo $MODIFIED_FILES echo "MODIFIED_FILES=$MODIFIED_FILES" >> $GITHUB_ENV diff --git a/demo/src/main/java/com/example/demo/home/HomeController.java b/demo/src/main/java/com/example/demo/home/HomeController.java index 30b77f4..9513ff8 100644 --- a/demo/src/main/java/com/example/demo/home/HomeController.java +++ b/demo/src/main/java/com/example/demo/home/HomeController.java @@ -11,7 +11,7 @@ public class HomeController { @RequestMapping(value = "/home") public String home() { System.out.println("home Check"); - System.out.println("Trivy 테스트10"); + System.out.println("Trivy 테스트11"); return "Welcome home"; } } From 12b1aeb40192d41c19b48a16e5b20b7430b572ba Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 21:55:03 +0900 Subject: [PATCH 34/38] chore: CHECK --- .github/workflows/gradle.yml | 4 +--- .../src/main/java/com/example/demo/home1/Home1Controller.java | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 2520e6d..8a5990f 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -34,9 +34,7 @@ jobs: - name: Get Modified Files run: | - echo "event_before : ${{ github.event.before }}" - echo "after : ${{ github.sha }}" - MODIFIED_FILES=$(git diff --name-only ${{ github.head_ref }} ${{ github.base_ref }} | tr '\n' ' ') + MODIFIED_FILES=$(git diff --name-only origin/${{ github.head_ref }} ${{ github.base_ref }} | tr '\n' ' ') echo $MODIFIED_FILES echo "MODIFIED_FILES=$MODIFIED_FILES" >> $GITHUB_ENV diff --git a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java index 56f493d..3175489 100644 --- a/demo1/src/main/java/com/example/demo/home1/Home1Controller.java +++ b/demo1/src/main/java/com/example/demo/home1/Home1Controller.java @@ -9,7 +9,7 @@ public class Home1Controller { @GetMapping public String home1(){ - System.out.println("home1_11"); + System.out.println("home1_12"); return "home1"; } } From fcb2c79eb02cae8bb7c9d5e34e07e1e766bcced8 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 21:56:00 +0900 Subject: [PATCH 35/38] chore: CHECK(3) --- .github/workflows/gradle.yml | 2 +- demo/src/main/java/com/example/demo/home/HomeController.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 8a5990f..1aebc9d 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -34,7 +34,7 @@ jobs: - name: Get Modified Files run: | - MODIFIED_FILES=$(git diff --name-only origin/${{ github.head_ref }} ${{ github.base_ref }} | tr '\n' ' ') + MODIFIED_FILES=$(git diff --name-only origin/${{ github.head_ref }} origin/${{ github.base_ref }} | tr '\n' ' ') echo $MODIFIED_FILES echo "MODIFIED_FILES=$MODIFIED_FILES" >> $GITHUB_ENV diff --git a/demo/src/main/java/com/example/demo/home/HomeController.java b/demo/src/main/java/com/example/demo/home/HomeController.java index 9513ff8..f4c0d05 100644 --- a/demo/src/main/java/com/example/demo/home/HomeController.java +++ b/demo/src/main/java/com/example/demo/home/HomeController.java @@ -11,7 +11,7 @@ public class HomeController { @RequestMapping(value = "/home") public String home() { System.out.println("home Check"); - System.out.println("Trivy 테스트11"); + System.out.println("Trivy 테스트12"); return "Welcome home"; } } From ec9af55074a28c66f921c8b18a12c434ce8f7868 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 22:04:09 +0900 Subject: [PATCH 36/38] chore: CHECK(3) --- .github/workflows/gradle.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 1aebc9d..652f11c 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -26,18 +26,18 @@ jobs: with: fetch-depth: 0 - - name: Fetch Base Branch - run: | - echo "From : ${{ github.head_ref }}" - echo "To : ${{ github.base_ref }}" - git fetch origin +refs/heads/${{ github.head_ref }}:refs/remotes/origin/${{ github.base_ref }} - - name: Get Modified Files run: | MODIFIED_FILES=$(git diff --name-only origin/${{ github.head_ref }} origin/${{ github.base_ref }} | tr '\n' ' ') echo $MODIFIED_FILES echo "MODIFIED_FILES=$MODIFIED_FILES" >> $GITHUB_ENV + - name: Fetch Base Branch + run: | + echo "From : ${{ github.head_ref }}" + echo "To : ${{ github.base_ref }}" + git fetch origin +refs/heads/${{ github.head_ref }}:refs/remotes/origin/${{ github.base_ref }} + - name: Determine Modified Modules id: determine_modules run: | From 399986c8dc12078a5c7593da1bd477ddcb400031 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 22:08:09 +0900 Subject: [PATCH 37/38] =?UTF-8?q?fix:=20=EB=8F=99=EC=8B=9C=EC=84=B1=20?= =?UTF-8?q?=EA=B7=B8=EB=A3=B9=20=EB=8C=80=EC=83=81=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/gradle.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 652f11c..e296338 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -8,7 +8,7 @@ on: - dev concurrency: - group: ci-pr-${{ github.head_ref }} + group: ci-pr-${{ github.base_ref }} cancel-in-progress: true jobs: From 1695c8b99ce4d5371fc5efb5b971b328f8ea4736 Mon Sep 17 00:00:00 2001 From: jerry-world Date: Sun, 19 Oct 2025 22:15:06 +0900 Subject: [PATCH 38/38] =?UTF-8?q?chore:=20=EC=9D=98=EC=A1=B4=EC=84=B1=20?= =?UTF-8?q?=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- demo/build.gradle | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/demo/build.gradle b/demo/build.gradle index 58de6b3..7ac9ee1 100644 --- a/demo/build.gradle +++ b/demo/build.gradle @@ -27,7 +27,6 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter' implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.boot:spring-boot-starter-webflux' - implementation 'org.springframework.boot:spring-boot-starter-data-jpa' implementation 'org.springframework.boot:spring-boot-starter-validation' implementation 'org.springframework.cloud:spring-cloud-starter' implementation 'org.springframework.boot:spring-boot-starter-actuator' @@ -35,16 +34,6 @@ dependencies { // KMS implementation 'com.github.ulisesbocchio:jasypt-spring-boot-starter:3.0.5' - // Jpa - JSON - implementation 'io.hypersistence:hypersistence-utils-hibernate-63:3.7.6' - - // queryDSL - implementation 'com.querydsl:querydsl-jpa:5.1.0:jakarta' - implementation 'com.querydsl:querydsl-sql-spatial:5.1.0' - annotationProcessor "com.querydsl:querydsl-apt:5.1.0:jakarta" - annotationProcessor "jakarta.annotation:jakarta.annotation-api" - annotationProcessor "jakarta.persistence:jakarta.persistence-api" - // Swagger implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0'