chore: fixed ci readme added security (#57)

docs: fixed incorrectly updated 127.0.0.1... ci: fix image name to be all lowercase and use GHA caching docs: added SECURITY.md
chgl · Dec 13, 2022 · 717c250 · 717c250
1 parent df58088
commit 717c250
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 21 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -12,7 +12,7 @@ on:
 permissions: read-all
 
 env:
-  IMAGE_NAME: ghcr.io/${{ github.repository }}
+  IMAGE_NAME: ghcr.io/chgl/magnifhir
 
 jobs:
   build:
@@ -48,41 +48,26 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Cache Docker layers
-        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
-
       - name: Run unit tests
         id: docker_build_unit_test
         uses: docker/build-push-action@c84f38281176d4c9cdb1626ffafcd6b3911b5d94 # tag=v3
         with:
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
           push: false
           target: test
 
       - name: Build and push
         id: build
         uses: docker/build-push-action@c84f38281176d4c9cdb1626ffafcd6b3911b5d94 # tag=v3
         with:
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}
           load: ${{ github.event_name == 'pull_request' }}
 
-      - name: List images
-        id: list_images
-        run: |
-          docker image ls
-          IMAGES=(${{ steps.docker_meta.outputs.tags }})
-          echo "##[set-output name=image_name;]${IMAGES[0]}"
-
       - name: Install Cosign
         if: ${{ github.event_name != 'pull_request' }}
         uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # tag=v2.8.1

diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ Visibility into your FHIR server.
 <!-- x-release-please-start-version -->
 
 ```sh
-docker run --rm -it -p 1.1.6.1:8080:8080 \
+docker run --rm -it -p 8080:8080 \
     -e FhirServers__0__Name="HAPI FHIR Test Server" \
     -e FhirServers__0__BaseUrl="https://hapi.fhir.org/baseR4" \
     ghcr.io/chgl/magnifhir:v1.1.6

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,10 @@
+# Security Policy
+
+## Supported Versions
+
+Only the most recent major version is regularly updated and receives security fixes.
+
+## Reporting a Vulnerability
+
+Please use the project's [private vulnerability reporting feature](https://github.com/chgl/magniFHIR/security/advisories)
+to report any vulnerabilities. For more information, see <https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability>