TL;DR - How I built the Vilicus Service, a serverless full-stack application with backend workers and database only using git and CI/CD runners. What is Vilicus? is an open-source tool that orchestrates security scans of container images (Docker/OCI) and centralizes all results into a database for further analysis and metrics. Vilicus Vilicus provides many alternatives to use it: ; Own Installation in your GitHub workflows; GitHub Action in your GitLab CI/CD pipelines; Template CI ; Free Online Service This article explains how it was possible to build the Free Online Service without using a traditional deployment. Architecture The frontend is hosted in GitHub Pages. This frontend is a landing page with a free service to scan or display the vulnerabilities in container images. The results of container image scans are stored in a GitLab Repository. When the user asks to show the results from an image, the frontend consumes the GitLab API to retrieve the file with vulns from this image. In case this image is not scanned yet, the user has the option to schedule a scan using a google form. When this form is filled, the data is sent to a Google Spreadsheet. A GitHub Workflow runs every 5 minutes to check if there are new answers in this Spreadsheet. For each new image in the Spreadsheet, this workflow triggers another Workflow to scan the image and save the result in the GitLab Repository. GitLab provides bigger limits. Here's a summary of differences in offering on public cloud and free tier: Why store in GitLab? =========== ============ ==================== ============================= ===================================== =========== ============ ==================== ============================= ===================================== 
  GitHub      3                             2   100                                                          5000  
  BitBucket   5                             1   Unlimited (up to repo size)                                  5000  
  GitLab      Unlimited                    10   Unlimited (up to repo size)                                 36000  
 =========== ============ ==================== ============================= ===================================== Free users   Max repo size (GB)       Max file size (MB)        Max API calls per hour (per client) Google Drive This choice was a "quick win". In a usual deployment, the backend could call an API passing secrets without the clients knowing the secrets. But because I am using GitHub Pages I cannot use that (Well, I could do it in the javascript, but anyone using the Browser Inspect would see the secrets. So let's don't do it 😉). This makes the Google Spreadsheet perform as a Queue. Google Form: Google Spreadsheet with answers: GitHub Workflows The Schedule Workflow runs at most every 5 minutes. This workflow executes the python script that checks if there are new rows in the Google Spreadsheet, and for each row is made an HTTP request to trigger the event repository_dispatch. This makes the workflows perform as backend workers. Schedule in the workflow: name: Schedule on: schedule: - cron: '*/5 * * * *' ... Event repository_dispatch in WorkFlow: name: Report on: [repository_dispatch] ... Screenshots Schedule History: Schedule WorkFlow: Scans History: Report Workflow: Scan Report stored in GitLab: Source Code: Schedule Workflow Report Workflow Script to upload the report file to Gitlab Script to iterate the answers and trigger new scans GitLab Repo with report files Do you want to know more about GitHub Actions? Learn GitHub Actions Workflow syntax Github Pages The Frontend is running in GitHub Pages. By default, an application running in GH Pages is hosted as . But GitHub allows you to customize the domain, because that it's possible to access Vilicus using instead of . GitHub Workflow to build the application and deploy it in GH Pages http://<github-user>.github.io/<repository> https://vilicus.edersonbrilhante.com.br http://edersonbrilhante.github.io/vilicus Building the source code: - name: Build run: |
    cd website
    npm install
    npm run-script build env: REACT_APP_GA_CODE: ${{ secrets.REACT_APP_GA_CODE }} REACT_APP_FORM_SCAN: ${{ secrets.REACT_APP_FORM_SCAN }} Deploying the build: - name: Deploy uses: JamesIves/github-pages-deploy-action@releases/v3 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} BRANCH: gh-pages FOLDER: website/build Source Code: Workflow to deploy code in GitHub Pages Application Source Code Deployed code in GH Pages Do you want to know more about GitHub Pages? Configuring a publishing source Configuring a custom domain That’s it! In case you have any questions, please ping me on . LinkedIn Also published at https://dev.to/edersonbrilhante/a-serverless-full-stack-application-using-only-git-google-drive-and-public-ci-cd-runners-262l

Google

An Open-Source Tool For Security Scans Of Container Images — Vilicus

Read My Stories

Too Long; Didn't Read

Make resilience your competitive advantage

How to Build a Serverless Full-stack Application Using Git, Google Drive, and Public CI/CD Runners?

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

An Open-Source Tool For Security Scans Of Container Images — Vilicus

The Noonification: How to Deal With Flapping or Broken Tests (11/29/2023)

The Noonification: Delving Into OpenTelemetry Collector (11/18/2023)

The Noonification: How to Implement a Merkle Tree in Solidity (11/12/2023)

105 Stories To Learn About K8s

An Open-Source Tool For Security Scans Of Container Images — Vilicus

The Noonification: How to Deal With Flapping or Broken Tests (11/29/2023)

The Noonification: Delving Into OpenTelemetry Collector (11/18/2023)

The Noonification: How to Implement a Merkle Tree in Solidity (11/12/2023)

105 Stories To Learn About K8s

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps