mirror of
https://github.com/nextcloud/docker.git
synced 2025-04-21 03:06:08 +02:00
19 lines
885 B
Bash
Executable file
19 lines
885 B
Bash
Executable file
#!/usr/bin/env bash
|
|
set -eo pipefail
|
|
|
|
# Run PHP Version Audit against all the base docker images to alert if they are EOL or have CVEs
|
|
# See https://www.github.developerdan.com/php-version-audit/
|
|
|
|
# Parse out the "FROM php:" tags from the Dockerfiles
|
|
php_tags=$(find . -type f -name Dockerfile -not -path '*/.*' | xargs cat | grep "FROM php:" | sort -u | sed 's/.*://')
|
|
|
|
# For each image, get the full php version
|
|
php_versions=$(echo "${php_tags}" | while read -r tag; do
|
|
docker run --pull always --rm --entrypoint=php "php:${tag}" -r 'echo phpversion()."\n";';
|
|
done | sort -u)
|
|
|
|
# Run all the php version through php-version-audit with the '--fail-security' flag
|
|
# to generate an exit code if a CVE is found or the support is EOL
|
|
echo "${php_versions}" | while read -r version; do
|
|
docker run --rm lightswitch05/php-version-audit:latest --fail-security --version="${version}";
|
|
done
|