Skip to content

ci: Removed port 22 from ted in ci-test #37180

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 1, 2024
Merged

ci: Removed port 22 from ted in ci-test #37180

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/ci-test-custom-script.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ jobs:
sudo /etc/init.d/ssh stop ;
mkdir -p ~/git-server/keys
ted_tag="${{inputs.ted_tag}}"
docker run --name test-event-driver -d -p 22:22 -p 5001:5001 -p 3306:3306 \
docker run --name test-event-driver -d -p 5001:5001 -p 3306:3306 \
-p 5433:5432 -p 28017:27017 -p 25:25 -p 4200:4200 -p 5000:5000 -p 3001:3000 -p 6001:6001 -p 8001:8000 --privileged --pid=host --ipc=host --volume /:/host -v ~/git-server/keys:/git-server/keys \
Comment on lines +153 to 154
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Port 22 removal is consistent with other workflow changes

The removal of port 22 mapping in ci-test-custom-script.yml is part of a deliberate security pattern. All workflow files stop the SSH service before running containers, and other workflow files (ci-test-limited.yml, ci-test-limited-with-count.yml, ci-debugging.yml) should also have port 22 mapping removed for consistency.

  • .github/workflows/ci-test-limited.yml: Remove -p 22:22 from docker run command
  • .github/workflows/ci-test-limited-with-count.yml: Remove -p 22:22 from docker run command
  • .github/workflows/ci-debugging.yml: Remove -p 22:22 from docker run command
🔗 Analysis chain

Security improvement: SSH port removal

The removal of port 22 mapping enhances security by reducing the attack surface in the CI environment.

Let's verify that no CI operations depend on SSH access:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for SSH-related operations in the workflow files
rg -i "ssh|port.*22" .github/workflows/

Length of output: 359

Script:

#!/bin/bash
# Let's check the context around the SSH stop commands to understand their purpose
rg -B 5 -A 5 "ssh stop" .github/workflows/

# Also check if there are any SSH-related configurations or keys being used
rg -i "ssh.*key|ssh.*config" .github/workflows/

Length of output: 4494

"appsmith/test-event-driver:${ted_tag:-latest}"
docker run --name cloud-services -d -p 8000:80 -p 8090:8090 \
Expand Down
Loading