chore(iatlas): create PostgreSQL project for iAtlas

[tschaffter]

Closes #2412

Overview

This PR adds the project iatlas-postgres to build, start and scan for CVEs a container with PostgreSQL. This is the first component added to the Sage Monorepo for iAtlas. The next project to be added is iatlas-data that will depend on the present project.

Once this PR is merged, the CI workflow will build, scan and publish the image ghcr.io/sage-bionetworks/iatlas-postgres:sha-<commit id>.

EDIT: The image is now available here.

Cc: @jonryser @jaeddy

Changelog

• Add the project iatlas-postgres using openchallenges-postgres as template

Preview

Build the image

nx build-image iatlas-postgres

Images:

$ docker images | grep iatlas
ghcr.io/sage-bionetworks/iatlas-postgres                                     local            e4dcf185bec2   3 years ago         158MB
ghcr.io/sage-bionetworks/iatlas-postgres                                     sha-d03f65a      e4dcf185bec2   3 years ago         158MB

Scan the image for CVEs

Scan the image with Trivy.

$ nx scan-image iatlas-postgres

> nx run iatlas-postgres:scan-image

ghcr.io/sage-bionetworks/iatlas-postgres:local (alpine 3.12.1)
==============================================================
Total: 63 (UNKNOWN: 0, LOW: 2, MEDIUM: 17, HIGH: 40, CRITICAL: 4)
┌───────────────────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────┬──────────────────────────────────────────────────────────────┐
│        Library        │ Vulnerability  │ Severity │ Status │ Installed Version │  Fixed Version   │                            Title                             │
├───────────────────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────┼──────────────────────────────────────────────────────────────┤
│ apk-tools             │ CVE-2021-36159 │ CRITICAL │ fixed  │ 2.10.5-r1         │ 2.10.7-r0        │ libfetch: an out of boundary read while libfetch uses strtol │
│                       │                │          │        │                   │                  │ to parse...                                                  │
│                       │                │          │        │                   │                  │ https://avd.aquasec.com/nvd/cve-2021-36159                   │
│                       ├────────────────┼──────────┤        │                   ├──────────────────┼──────────────────────────────────────────────────────────────┤
│                       │ CVE-2021-30139 │ HIGH     │        │                   │ 2.10.6-r0        │ In Alpine Linux apk-tools before 2.12.5, the tarball parser  │
│                       │                │          │        │                   │                  │ allows a buffer...                                           │
│                       │                │          │        │                   │                  │ https://avd.aquasec.com/nvd/cve-2021-30139                   │

...

Note
The image is scanned by the CI/CD workflow. The results are pushed to the Security tab of the repo.

Start the container in detached mode

$ nx serve-detach iatlas-postgres

> nx run iatlas-postgres:serve-detach

 Network iatlas  Creating
 Network iatlas  Created
 Volume "iatlas-postgres-data"  Creating
 Volume "iatlas-postgres-data"  Created
 Container iatlas-postgres  Creating
 Container iatlas-postgres  Created
 Container iatlas-postgres  Starting
 Container iatlas-postgres  Started

 ———————————————————————————————————————————————————————————————————————————————————————————————————————————————————

 >  NX   Successfully ran target serve-detach for project iatlas-postgres (1s)

Explore the content of the DB

1. In VS Code, select the extension SQLTools
2. Under Connections, click on iatlas-postgres to connect with the credentials defined in .vscode/settings.json.
3. You can now explore the DB iatlas