{"id":39075697,"url":"https://github.com/cloud-gov/pages-cf-build-tasks","last_synced_at":"2026-04-02T22:17:44.238Z","repository":{"id":194863577,"uuid":"691713219","full_name":"cloud-gov/pages-cf-build-tasks","owner":"cloud-gov","description":null,"archived":false,"fork":false,"pushed_at":"2025-10-02T18:26:23.000Z","size":279,"stargazers_count":1,"open_issues_count":2,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-10-02T20:29:47.710Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloud-gov.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-09-14T18:21:32.000Z","updated_at":"2025-10-02T18:24:53.000Z","dependencies_parsed_at":"2024-04-08T19:26:29.057Z","dependency_job_id":"91cac3b6-47a0-433b-9648-6e83f400d315","html_url":"https://github.com/cloud-gov/pages-cf-build-tasks","commit_stats":null,"previous_names":["cloud-gov/owasp-zap-task","cloud-gov/pages-cf-build-tasks"],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/cloud-gov/pages-cf-build-tasks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fpages-cf-build-tasks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fpages-cf-build-tasks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fpages-cf-build-tasks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fpages-cf-build-tasks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloud-gov","download_url":"https://codeload.github.com/cloud-gov/pages-cf-build-tasks/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-gov%2Fpages-cf-build-tasks/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28515471,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T17:57:59.192Z","status":"ssl_error","status_checked_at":"2026-01-17T17:57:52.527Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-17T18:26:30.503Z","updated_at":"2026-01-17T18:26:30.637Z","avatar_url":"https://github.com/cloud-gov.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pages-cf-build-tasks\n\nThis repository is a monorepo for all cloud.gov Pages build tasks which run as [Cloud Foundry Tasks](https://docs.cloudfoundry.org/devguide/using-tasks.html).\n\n## Outline\n\nEach task has its own subfolder in `tasks/`. These subfolders contain all the task-specific code needed to both create (via Docker and Cloud Foundry) and run the task.\n\nShared code used across tasks is located in `lib/`.\n\n## Container Hardening + ECR Storage\n\nhardening: TBD\n\nAll container images are stored in the `pages-cf-build-tasks` repository on ECR. They are tagged with the task folder name and environment name: `((build-task))-((deploy-env))`\n\n## Patterns\n\n### New Build Task Migrations\n\nNew build tasks are registered in the [pages-core](https://github.com/cloud-gov/pages-core/) application by creating a new `BuildTaskType` instance via migration. They should follow this standard:\n\n```js\nawait db.insert('build_task_type',\n  ['name', 'description', 'metadata', 'createdAt', 'updatedAt', 'runner', 'startsWhen', 'url'],\n  [\n    taskTypeName,\n    taskTypeDescription,\n    {\n    \"appName\": appName,\n    \"template\": {\n        \"command\": `python build-task/main.py ${additionalFlags}`,\n        \"disk_in_mb\": diskInMb\n    }\n    },\n    new Date(),\n    new Date(),\n    'cf_task',\n    startsWhen,\n    url\n],\ncallback\n);\n```\n\nThe operator should supply the following values:\n\n- `taskTypeName`: A human-readable task name. Example: \"OWASP ZAP Vulnerability Scan\"\n- `taskTypeDescription`: A human-readable task description. Example: \"This scan identifies potential website security issues like unintended exposure of sensitive data, SQL injection opportunities, cross-site scripting (XSS) flaws, and the use of components with known vulnerabilities.\"\n- `appName`: A [`kebab-case`](https://developer.mozilla.org/en-US/docs/Glossary/Kebab_case) application name for the matching Cloud Foundary app this will be deployed as. It should include a template variable `env` for matching the various deployed environments (`dev`, `staging`, `production`). Example: `pages-owasp-zap-task-${env}`. This will correspond to the folder in this repo that hosts the code.\n- `additionalFlags`: see [Docker Command](#docker-command)\n- `diskInMb`: An integer value of the disk-space necessary (in megabytes) for running the docker image of the task.\n- `startsWhen`: One of `build` or `complete`. Tasks marked `build` will run at the start of an associated Pages build. Tasks marked `complete` will run after the build completes.\n- `url`: A link to additional documentation about the task.\n\n### Docker Command\n\nThe [command](https://docs.docker.com/engine/reference/run/) sent to a build task will always be of the following form:\n\n```sh\npython build-task/main.py \u003coperator-defined-flags\u003e \u003cdefault-parameters\u003e\n```\n\n\u003e [!NOTE]\n\u003e This section is a bit technical, requires fairly detailed knowledge of `pages-core`, and possibly needs further clarification. Please flag any questions or improvements as issues/PRs\n\n- `operator-defined-flags`: These flags are used for information that the `pages-core` application should pass to the build task. They are defined in the migration (as shown above) and take the form `-x {{templated information}} -y {{more info}} -z {{etc}}`. For templating, they have access to a single model/variable `task` within `pages-core`: this is the [`BuildTask` model](https://github.com/cloud-gov/pages-core/blob/main/api/models/build-task.js) and provides access to all associated properties, as well as those on linked models (`Build`, `BuildType`, `Site`). For example, if the task requires a site's url to scan, this could be passed as a \"target\" flag like so: `--target {{task.Build.url}}`. Within the task code, the operator must register these added flags (method: TBD) to access it within their code.\n\n- `default-parameters`: These parameters are always sent by the `pages-core` application and are necessary for use in the common steps like updating the build task status and uploading artifacts to S3. These parameters include the following values: `STATUS_CALLBACK`, `TASK_ID`, `AWS_DEFAULT_REGION`, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `BUCKET` and are available inside the task script as `params[parameter_name]` (example `params['TASK_ID']`)\n\n### Writing New Task Code\n\nAdding the code for a new task is done in this repository. Each task\nneeds a folder within `tasks` which should be named corresponding to the `appName` defined above (example: the folder `example` becomes `pages-example-task-dev`). There are two files required to be inside this folder and a third optional file:\n- `definition.py`: This is the main site of task-specific code. It needs to export one class, a subclass of [`BaseBuildTask`](lib/task.py). The custom class has two requirements:\n  1. It must implement a `handler` function which returns a dictionary with three keys:\n  ```python\n  {\n    'artifact': '/absolute/path/to/file'\n    'message': 'task message',\n    'count': 5 # count of \"issues\" raised by the scan\n  }\n  ```\n  2. It has extra parsers defined for any `operator-defined-flags`. An example is shown at [`tasks/example/definition.py`](tasks/example/definition.py)\n- `.env`: Environment variables which are added as [Build arguments](https://docs.docker.com/build/guide/build-args/) to the final docker image. The only required value is `BASE_IMAGE`.\n- `build.sh`: (optional) This script is run to configure task-specific dependecies needed in the final docker image.\n\n### Docker Image Building in CI\n\nAll tasks use the same `Dockerfile` with different build arguments supplied. Each task is built via the concourse task [`oci-build-task`](https://github.com/concourse/oci-build-task). The `.env` file referenced above is supplied as `BUILD_ARGS_FILE` so that `BASE_IMAGE` is available at build time. `TASK_FOLDER` is interpolated by the concourse `across` step and supplied as `BUILD_ARG_TASK_FOLDER`. All base images are required to have python available.\n\n## Changelog\n\nSee [CHANGELOG.md](./CHANGELOG.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloud-gov%2Fpages-cf-build-tasks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloud-gov%2Fpages-cf-build-tasks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloud-gov%2Fpages-cf-build-tasks/lists"}