diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml new file mode 100644 index 000000000..c75e6dc24 --- /dev/null +++ b/.github/workflows/pr-checker.yml @@ -0,0 +1,99 @@ +name: pullrequest-build-and-scan +on: + pull_request: + types: [opened, synchronize, reopened] + branches: + - ci_dev + - ci_prod + paths-ignore: + - '**.md' +jobs: + LINUX-build-and-scan: + runs-on: ubuntu-latest + steps: + - name: Set-workflow-initiator + run: echo "Initiated by - ${GITHUB_ACTOR}" + - name: Set-branch-name-for-pr + if: ${{ github.event_name == 'pull_request' }} + run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF} | tr / _)" >> $GITHUB_ENV + - name: Set-Env + run: echo "ENV=dev" >> $GITHUB_ENV + - name: Set-ACR-Registry + run: echo "ACR_REGISTRY=containerinsightsprod.azurecr.io" >> $GITHUB_ENV + - name: Set-ACR-Repository + run: echo "ACR_REPOSITORY=/public/azuremonitor/containerinsights/cidev" >> $GITHUB_ENV + - name: Set-image-tag-name + run: echo "IMAGE_TAG_NAME=cidev" >> $GITHUB_ENV + - name: Set-image-tag-suffix + run: echo "IMAGE_TAG_DATE=$(date +%m-%d-%Y)" >> $GITHUB_ENV + - name: Set-commit-sha + run: echo "COMMIT_SHA=${GITHUB_SHA::8}" >> $GITHUB_ENV + - name: Set-image-tag + run: echo "IMAGETAG=${ACR_REGISTRY}${ACR_REPOSITORY}:${IMAGE_TAG_NAME}-${BRANCH_NAME}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV + - name: Set-image-telemetry-tag + run: echo "IMAGETAG_TELEMETRY=${IMAGE_TAG_NAME}-${BRANCH_NAME}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV + - name: Set-Helm-OCI-Experimental-feature + run: echo "HELM_EXPERIMENTAL_OCI=1" >> $GITHUB_ENV + - name: Set-Helm-chart-version + run: echo "HELM_CHART_VERSION=0.0.1" >> $GITHUB_ENV + - name: Set-Helm-tag + run: echo "HELMTAG=${ACR_REGISTRY}${ACR_REPOSITORY}:${IMAGE_TAG_NAME}-chart-${BRANCH_NAME}-${HELM_CHART_VERSION}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV + - name: Checkout-code + uses: actions/checkout@v2 + - name: Show-versions-On-build-machine + run: lsb_release -a && go version && helm version && docker version + - name: Install-build-dependencies + run: sudo apt-get install build-essential -y + - name: Build-source-code + run: cd ./build/linux/ && make + - name: Create-docker-image + run: | + cd ./kubernetes/linux/ && docker build . --file Dockerfile -t $IMAGETAG --build-arg IMAGE_TAG=$IMAGETAG_TELEMETRY + - name: List-docker-images + run: docker images --digests --all + - name: Run-trivy-scanner-on-docker-image + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ env.IMAGETAG }}" + format: 'table' + severity: 'CRITICAL,HIGH' + vuln-type: 'os,library' + skip-dirs: 'opt/telegraf' + exit-code: '1' + timeout: '5m0s' + WINDOWS-build: + runs-on: windows-latest + steps: + - name: Set-workflow-initiator + run: echo ("Initiated by -" + $env:GITHUB_ACTOR) + - name: Set-branch-name-for-pr + if: ${{ github.event_name == 'pull_request' }} + run: echo ("BRANCH_NAME=" + $env:GITHUB_HEAD_REF.replace('/','_')) >> $env:GITHUB_ENV + - name: Set-Env + run: echo ("ENV=dev") >> $env:GITHUB_ENV + - name: Set-ACR-Registry + run: echo ("ACR_REGISTRY=containerinsightsprod.azurecr.io") >> $env:GITHUB_ENV + - name: Set-ACR-Repository + run: echo ("ACR_REPOSITORY=/public/azuremonitor/containerinsights/cidev") >> $env:GITHUB_ENV + - name: Set-image-tag-name + run: echo ("IMAGE_TAG_NAME=cidev-win") >> $env:GITHUB_ENV + - name: Set-image-tag-suffix + run: echo ("IMAGE_TAG_DATE="+ (Get-Date -Format "MM-dd-yyyy")) >> $env:GITHUB_ENV + - name: Set-commit-sha + run: echo ("COMMIT_SHA=" + $env:GITHUB_SHA.SubString(0,8)) >> $env:GITHUB_ENV + - name: Set-image-tag + run: echo ("IMAGETAG=" + $env:ACR_REGISTRY + $env:ACR_REPOSITORY + ":" + $env:IMAGE_TAG_NAME + "-" + $env:BRANCH_NAME + "-" + $env:IMAGE_TAG_DATE + "-" + $env:COMMIT_SHA) >> $env:GITHUB_ENV + - name: Set-image-telemetry-tag + run: echo ("IMAGETAG_TELEMETRY=" + $env:IMAGE_TAG_NAME + "-" + $env:BRANCH_NAME + "-" + $env:IMAGE_TAG_DATE + "-" + $env:COMMIT_SHA) >> $env:GITHUB_ENV + - name: Checkout-code + uses: actions/checkout@v2 + - name: Show-versions-On-build-machine + run: systeminfo && go version && docker version + - name: Build-source-code + run: cd ./build/windows/ && & .\Makefile.ps1 + - name: Create-docker-image + run: | + cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $env:IMAGETAG --build-arg IMAGE_TAG=$env:IMAGETAG_TELEMETRY + - name: List-docker-images + run: docker images --digests --all + diff --git a/kubernetes/linux/setup.sh b/kubernetes/linux/setup.sh index 17cfb3f77..ad7cc2232 100644 --- a/kubernetes/linux/setup.sh +++ b/kubernetes/linux/setup.sh @@ -27,7 +27,6 @@ sudo apt-get install jq=1.5+dfsg-2 -y #used to setcaps for ruby process to read /proc/env sudo apt-get install libcap2-bin -y -#1.18 pre-release wget https://dl.influxdata.com/telegraf/releases/telegraf-1.18.0_linux_amd64.tar.gz tar -zxvf telegraf-1.18.0_linux_amd64.tar.gz @@ -63,3 +62,11 @@ rm -f $TMPDIR/envmdsd # Remove settings for cron.daily that conflict with the node's cron.daily. Since both are trying to rotate the same files # in /var/log at the same time, the rotation doesn't happen correctly and then the *.1 file is forever logged to. rm /etc/logrotate.d/alternatives /etc/logrotate.d/apt /etc/logrotate.d/azure-mdsd /etc/logrotate.d/rsyslog + +#Remove gemfile.lock for http_parser gem 0.6.0 +#see - https://github.com/fluent/fluentd/issues/3374 https://github.com/tmm1/http_parser.rb/issues/70 +if [ -e "/var/lib/gems/2.6.0/gems/http_parser.rb-0.6.0/Gemfile.lock" ]; then + #rename + echo "Renaming unused gemfile.lock for http_parser 0.6.0" + mv /var/lib/gems/2.6.0/gems/http_parser.rb-0.6.0/Gemfile.lock /var/lib/gems/2.6.0/gems/http_parser.rb-0.6.0/renamed_Gemfile_lock.renamed +fi diff --git a/kubernetes/windows/setup.ps1 b/kubernetes/windows/setup.ps1 index 25aad5e16..3e47b7eb2 100644 --- a/kubernetes/windows/setup.ps1 +++ b/kubernetes/windows/setup.ps1 @@ -65,6 +65,16 @@ Write-Host ('Extracting Certificate Generator Package') Expand-Archive -Path /opt/omsagentwindows/certificategenerator.zip -Destination /opt/omsagentwindows/certgenerator/ -Force Write-Host ('Finished Extracting Certificate Generator Package') +Write-Host ("Removing Install folder") + Remove-Item /installation -Recurse -Write-Host ("Removing Install folder") \ No newline at end of file +#Remove gemfile.lock for http_parser gem 0.6.0 +#see - https://github.com/fluent/fluentd/issues/3374 https://github.com/tmm1/http_parser.rb/issues/70 + +$gemfile = "\ruby26\lib\ruby\gems\2.6.0\gems\http_parser.rb-0.6.0\Gemfile.lock" +$gemfileFullPath = $Env:SYSTEMDRIVE + "\" + $gemfile +If (Test-Path -Path $gemfile ) { + Write-Host ("Renaming unused gemfile.lock for http_parser 0.6.0") + Rename-Item -Path $gemfileFullPath -NewName "renamed_Gemfile_lock.renamed" +} \ No newline at end of file diff --git a/source/plugins/go/src/go.mod b/source/plugins/go/src/go.mod index 3fd38a9bd..5b5c735e5 100644 --- a/source/plugins/go/src/go.mod +++ b/source/plugins/go/src/go.mod @@ -31,4 +31,5 @@ require ( k8s.io/api v0.0.0-20180628040859-072894a440bd // indirect k8s.io/apimachinery v0.0.0-20180621070125-103fd098999d k8s.io/client-go v8.0.0+incompatible + golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f ) diff --git a/source/plugins/go/src/go.sum b/source/plugins/go/src/go.sum index 52bb2ab04..64745749f 100644 --- a/source/plugins/go/src/go.sum +++ b/source/plugins/go/src/go.sum @@ -108,6 +108,10 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90Pveol golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413 h1:ULYEB3JvPRE/IfO+9uO7vKV/xzVTO7XPAwm8xbf4w2g= golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo= +golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f h1:aZp0e2vLN4MToVqnjNEYEtrEA8RH8U8FN1CU7JgqsPU= +golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/net v0.0.0-20170809000501-1c05540f6879 h1:0rFa7EaCGdQPmZVbo9F7MNF65b8dyzS6EUnXjs9Cllk= golang.org/x/net v0.0.0-20170809000501-1c05540f6879/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -120,8 +124,11 @@ golang.org/x/sys v0.0.0-20171031081856-95c657629925/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/text v0.0.0-20170810154203-b19bf474d317 h1:WKW+OPdYPlvOTVGHuMfjnIC6yY2SI93yFB0pZ7giBmQ= golang.org/x/text v0.0.0-20170810154203-b19bf474d317/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=