From 34fa28f4017b9d9ba2f67c3a65aefac85eef8aa9 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Thu, 10 Jun 2021 17:24:18 -0700 Subject: [PATCH 01/15] test --- .github/workflows/pr-checker.yml | 91 ++++++++++++++++++++++++++++++++ kubernetes/linux/setup.sh | 13 +++-- source/plugins/go/src/go.mod | 1 + source/plugins/go/src/go.sum | 7 +++ 4 files changed, 109 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/pr-checker.yml diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml new file mode 100644 index 000000000..fcf95463a --- /dev/null +++ b/.github/workflows/pr-checker.yml @@ -0,0 +1,91 @@ +name: pr-checker +on: + #push: + # branches: + # - ci_dev + pull_request: + types: [opened, synchronize, reopened] + branches: + - ci_dev + - vishwa/scan +jobs: + build-and-push-image: + runs-on: ubuntu-latest + steps: + - name: Set-workflow-initiator + run: echo "Initiated by - ${GITHUB_ACTOR}" + #- name: Set-branch-name-for-non-pr + # if: ${{ github.event_name != 'pull_request' }} + # run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / _)" >> $GITHUB_ENV + - name: Set-branch-name-for-pr + if: ${{ github.event_name == 'pull_request' }} + run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF} | tr / _)" >> $GITHUB_ENV + - name: Set-Env + run: echo "ENV=dev" >> $GITHUB_ENV + - name: Set-ACR-Registry + run: echo "ACR_REGISTRY=containerinsightsprod.azurecr.io" >> $GITHUB_ENV + - name: Set-ACR-Repository + run: echo "ACR_REPOSITORY=/public/azuremonitor/containerinsights/cidev" >> $GITHUB_ENV + - name: Set-image-tag-name + run: echo "IMAGE_TAG_NAME=cidev" >> $GITHUB_ENV + - name: Set-image-tag-suffix + run: echo "IMAGE_TAG_DATE=$(date +%m-%d-%Y)" >> $GITHUB_ENV + - name: Set-commit-sha + run: echo "COMMIT_SHA=${GITHUB_SHA::8}" >> $GITHUB_ENV + - name: Set-image-tag + run: echo "IMAGETAG=${ACR_REGISTRY}${ACR_REPOSITORY}:${IMAGE_TAG_NAME}-${BRANCH_NAME}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV + - name: Set-image-telemetry-tag + run: echo "IMAGETAG_TELEMETRY=${IMAGE_TAG_NAME}-${BRANCH_NAME}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV + - name: Set-Helm-OCI-Experimental-feature + run: echo "HELM_EXPERIMENTAL_OCI=1" >> $GITHUB_ENV + - name: Set-Helm-chart-version + run: echo "HELM_CHART_VERSION=0.0.1" >> $GITHUB_ENV + - name: Set-Helm-tag + run: echo "HELMTAG=${ACR_REGISTRY}${ACR_REPOSITORY}:${IMAGE_TAG_NAME}-chart-${BRANCH_NAME}-${HELM_CHART_VERSION}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV + - name: Checkout-code + uses: actions/checkout@v2 + - name: Show-versions-On-build-machine + run: lsb_release -a && go version && helm version && docker version + - name: Install-build-dependencies + run: sudo apt-get install build-essential -y + - name: Build-source-code + run: cd ./build/linux/ && make + - name: Create-docker-image + run: | + cd ./kubernetes/linux/ && docker build . --file Dockerfile -t $IMAGETAG --build-arg IMAGE_TAG=$IMAGETAG_TELEMETRY + - name: List-docker-images + run: docker images --digests --all + - name: Run-trivy-scanner-on-docker-image + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ env.IMAGETAG }}" + format: 'table' + #output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' + vuln-type: 'os,library' + #skip-dirs: 'opt/telegraf/telegraf,opt/microsoft/otelcollector/otelcollector' + exit-code: '1' + timeout: '5m0s' + #- name: Save-Helm-chart-to-local-cache + # run: cd ./charts/azuremonitor-containers/ && helm chart save . ${{ env.HELMTAG }} + #- name: List-local-Helm-Charts + # run: helm chart list + #- name: Login-to-ACR-thru-Docker + # if: github.event_name != 'pull_request' + # run: docker login containerinsightsprod.azurecr.io -u ${{ secrets.RCA_PS_DI }} -p ${{ secrets.RCA_PS_CES }} + #- name: Publish-docker-image-to-ACR + # if: github.event_name != 'pull_request' + # run: | + # docker push ${{ env.IMAGETAG }} + #- name: Login-to-ACR-thru-Helm + # if: github.event_name != 'pull_request' + # run: helm registry login containerinsightsprod.azurecr.io --username ${{ secrets.RCA_PS_DI }} --password ${{ secrets.RCA_PS_CES }} + #- name: Publish-Helm-chart-to-ACR + # if: github.event_name != 'pull_request' + # run: helm chart push ${{ env.HELMTAG }} + #- name: Tag-this-push + # uses: actions-ecosystem/action-push-tag@v1 + # if: github.event_name != 'pull_request' + # with: + # tag: ${{ env.IMAGETAG_TELEMETRY }} + # message: "Created tag ${{ env.IMAGETAG_TELEMETRY }} for CommitID: ${{ env.GITHUB_SHA }}" diff --git a/kubernetes/linux/setup.sh b/kubernetes/linux/setup.sh index 17cfb3f77..ef55a6d38 100644 --- a/kubernetes/linux/setup.sh +++ b/kubernetes/linux/setup.sh @@ -28,10 +28,10 @@ sudo apt-get install jq=1.5+dfsg-2 -y sudo apt-get install libcap2-bin -y #1.18 pre-release -wget https://dl.influxdata.com/telegraf/releases/telegraf-1.18.0_linux_amd64.tar.gz -tar -zxvf telegraf-1.18.0_linux_amd64.tar.gz +wget https://dl.influxdata.com/telegraf/releases/telegraf-1.19.0~rc0_linux_amd64.tar.gz +tar -zxvf telegraf-1.19.0~rc0_linux_amd64.tar.gz -mv /opt/telegraf-1.18.0/usr/bin/telegraf /opt/telegraf +mv /opt/telegraf-1.19.0/usr/bin/telegraf /opt/telegraf chmod 777 /opt/telegraf @@ -63,3 +63,10 @@ rm -f $TMPDIR/envmdsd # Remove settings for cron.daily that conflict with the node's cron.daily. Since both are trying to rotate the same files # in /var/log at the same time, the rotation doesn't happen correctly and then the *.1 file is forever logged to. rm /etc/logrotate.d/alternatives /etc/logrotate.d/apt /etc/logrotate.d/azure-mdsd /etc/logrotate.d/rsyslog + +#Remove gemfile.lock for http_parser gem 0.6.0 +#see - https://github.com/fluent/fluentd/issues/3374 https://github.com/tmm1/http_parser.rb/issues/70 +if [ -e "/var/lib/gems/2.6.0/gems/http_parser.rb-0.6.0/Gemfile.lock" ]; then + #rename + mv /var/lib/gems/2.6.0/gems/http_parser.rb-0.6.0/Gemfile.lock /var/lib/gems/2.6.0/gems/http_parser.rb-0.6.0/renamed_Gemfile_lock.renamed +fi diff --git a/source/plugins/go/src/go.mod b/source/plugins/go/src/go.mod index 3fd38a9bd..5b5c735e5 100644 --- a/source/plugins/go/src/go.mod +++ b/source/plugins/go/src/go.mod @@ -31,4 +31,5 @@ require ( k8s.io/api v0.0.0-20180628040859-072894a440bd // indirect k8s.io/apimachinery v0.0.0-20180621070125-103fd098999d k8s.io/client-go v8.0.0+incompatible + golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f ) diff --git a/source/plugins/go/src/go.sum b/source/plugins/go/src/go.sum index 52bb2ab04..64745749f 100644 --- a/source/plugins/go/src/go.sum +++ b/source/plugins/go/src/go.sum @@ -108,6 +108,10 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90Pveol golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413 h1:ULYEB3JvPRE/IfO+9uO7vKV/xzVTO7XPAwm8xbf4w2g= golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo= +golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f h1:aZp0e2vLN4MToVqnjNEYEtrEA8RH8U8FN1CU7JgqsPU= +golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/net v0.0.0-20170809000501-1c05540f6879 h1:0rFa7EaCGdQPmZVbo9F7MNF65b8dyzS6EUnXjs9Cllk= golang.org/x/net v0.0.0-20170809000501-1c05540f6879/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -120,8 +124,11 @@ golang.org/x/sys v0.0.0-20171031081856-95c657629925/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/text v0.0.0-20170810154203-b19bf474d317 h1:WKW+OPdYPlvOTVGHuMfjnIC6yY2SI93yFB0pZ7giBmQ= golang.org/x/text v0.0.0-20170810154203-b19bf474d317/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= From 12e17ec2a809ecc51c416b11ed9ff596288323cf Mon Sep 17 00:00:00 2001 From: vishwanath Date: Thu, 10 Jun 2021 17:30:40 -0700 Subject: [PATCH 02/15] test1 --- .github/workflows/pr-checker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index fcf95463a..e57069986 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -1,4 +1,4 @@ -name: pr-checker +name: pr-checker1 on: #push: # branches: From a6fe6f46f81b0479a6e9843abf5a0cd4a5a35faf Mon Sep 17 00:00:00 2001 From: vishwanath Date: Thu, 10 Jun 2021 18:44:44 -0700 Subject: [PATCH 03/15] test-2 --- .github/workflows/pr-checker.yml | 83 +++++++++++++++++++++++++++++++- 1 file changed, 82 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index e57069986..92585612b 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -7,9 +7,10 @@ on: types: [opened, synchronize, reopened] branches: - ci_dev + - ci_prod - vishwa/scan jobs: - build-and-push-image: + LINUX-build-and-scan: runs-on: ubuntu-latest steps: - name: Set-workflow-initiator @@ -55,6 +56,86 @@ jobs: cd ./kubernetes/linux/ && docker build . --file Dockerfile -t $IMAGETAG --build-arg IMAGE_TAG=$IMAGETAG_TELEMETRY - name: List-docker-images run: docker images --digests --all + - name: Run-trivy-scanner-on-docker-image + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{ env.IMAGETAG }}" + format: 'table' + #output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' + vuln-type: 'os,library' + skip-dirs: 'opt/telegraf' + exit-code: '1' + timeout: '5m0s' + #- name: Save-Helm-chart-to-local-cache + # run: cd ./charts/azuremonitor-containers/ && helm chart save . ${{ env.HELMTAG }} + #- name: List-local-Helm-Charts + # run: helm chart list + #- name: Login-to-ACR-thru-Docker + # if: github.event_name != 'pull_request' + # run: docker login containerinsightsprod.azurecr.io -u ${{ secrets.RCA_PS_DI }} -p ${{ secrets.RCA_PS_CES }} + #- name: Publish-docker-image-to-ACR + # if: github.event_name != 'pull_request' + # run: | + # docker push ${{ env.IMAGETAG }} + #- name: Login-to-ACR-thru-Helm + # if: github.event_name != 'pull_request' + # run: helm registry login containerinsightsprod.azurecr.io --username ${{ secrets.RCA_PS_DI }} --password ${{ secrets.RCA_PS_CES }} + #- name: Publish-Helm-chart-to-ACR + # if: github.event_name != 'pull_request' + # run: helm chart push ${{ env.HELMTAG }} + #- name: Tag-this-push + # uses: actions-ecosystem/action-push-tag@v1 + # if: github.event_name != 'pull_request' + # with: + # tag: ${{ env.IMAGETAG_TELEMETRY }} + # message: "Created tag ${{ env.IMAGETAG_TELEMETRY }} for CommitID: ${{ env.GITHUB_SHA }}" + WINDOWS-build-and-scan: + runs-on: windows-latest + steps: + - name: Set-workflow-initiator + run: echo "Initiated by - ${GITHUB_ACTOR}" + #- name: Set-branch-name-for-non-pr + # if: ${{ github.event_name != 'pull_request' }} + # run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / _)" >> $GITHUB_ENV + - name: Set-branch-name-for-pr + if: ${{ github.event_name == 'pull_request' }} + run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF} | tr / _)" >> $GITHUB_ENV + - name: Set-Env + run: echo "ENV=dev" >> $GITHUB_ENV + - name: Set-ACR-Registry + run: echo "ACR_REGISTRY=containerinsightsprod.azurecr.io" >> $GITHUB_ENV + - name: Set-ACR-Repository + run: echo "ACR_REPOSITORY=/public/azuremonitor/containerinsights/cidev" >> $GITHUB_ENV + - name: Set-image-tag-name + run: echo "IMAGE_TAG_NAME=cidevwin" >> $GITHUB_ENV + - name: Set-image-tag-suffix + run: echo "IMAGE_TAG_DATE=$(date +%m-%d-%Y)" >> $GITHUB_ENV + - name: Set-commit-sha + run: echo "COMMIT_SHA=${GITHUB_SHA::8}" >> $GITHUB_ENV + - name: Set-image-tag + run: echo "IMAGETAG=${ACR_REGISTRY}${ACR_REPOSITORY}:${IMAGE_TAG_NAME}-${BRANCH_NAME}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV + - name: Set-image-telemetry-tag + run: echo "IMAGETAG_TELEMETRY=${IMAGE_TAG_NAME}-${BRANCH_NAME}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV + - name: Set-Helm-OCI-Experimental-feature + run: echo "HELM_EXPERIMENTAL_OCI=1" >> $GITHUB_ENV + - name: Set-Helm-chart-version + run: echo "HELM_CHART_VERSION=0.0.1" >> $GITHUB_ENV + - name: Set-Helm-tag + run: echo "HELMTAG=${ACR_REGISTRY}${ACR_REPOSITORY}:${IMAGE_TAG_NAME}-chart-${BRANCH_NAME}-${HELM_CHART_VERSION}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV + - name: Checkout-code + uses: actions/checkout@v2 + - name: Show-versions-On-build-machine + run: systeminfo && go version && docker version + - name: Install-build-dependencies + run: sudo apt-get install build-essential -y + - name: Build-source-code + run: cd ./build/linux/ && powershell.exe -command Makefile.ps1 + - name: Create-docker-image + run: | + cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $IMAGETAG --build-arg IMAGE_TAG=$IMAGETAG_TELEMETRY + - name: List-docker-images + run: docker images --digests --all - name: Run-trivy-scanner-on-docker-image uses: aquasecurity/trivy-action@master with: From 7160d545ec370b787900241946fa2b983a729690 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Thu, 10 Jun 2021 18:50:51 -0700 Subject: [PATCH 04/15] test-3 --- .github/workflows/pr-checker.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index 92585612b..aabc23181 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -127,10 +127,10 @@ jobs: uses: actions/checkout@v2 - name: Show-versions-On-build-machine run: systeminfo && go version && docker version - - name: Install-build-dependencies - run: sudo apt-get install build-essential -y + #- name: Install-build-dependencies + # run: sudo apt-get install build-essential -y - name: Build-source-code - run: cd ./build/linux/ && powershell.exe -command Makefile.ps1 + run: cd ./build/windows/ && powershell.exe -command Makefile.ps1 - name: Create-docker-image run: | cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $IMAGETAG --build-arg IMAGE_TAG=$IMAGETAG_TELEMETRY From f40ba427e76b8b122b16b34e9f9254cfac7ac890 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Thu, 10 Jun 2021 19:11:15 -0700 Subject: [PATCH 05/15] 3 --- .github/workflows/pr-checker.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index aabc23181..8f84cd4d2 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -94,7 +94,9 @@ jobs: runs-on: windows-latest steps: - name: Set-workflow-initiator - run: echo "Initiated by - ${GITHUB_ACTOR}" + run: echo "Initiated by -" ${{ env.GITHUB_ACTOR }} + - name: Set-workflow-initiator-2 + run: echo "Initiated by -"$env:GITHUB_ACTOR #- name: Set-branch-name-for-non-pr # if: ${{ github.event_name != 'pull_request' }} # run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / _)" >> $GITHUB_ENV @@ -130,7 +132,7 @@ jobs: #- name: Install-build-dependencies # run: sudo apt-get install build-essential -y - name: Build-source-code - run: cd ./build/windows/ && powershell.exe -command Makefile.ps1 + run: cd ./build/windows/ && Makefile.ps1 - name: Create-docker-image run: | cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $IMAGETAG --build-arg IMAGE_TAG=$IMAGETAG_TELEMETRY From 76d34cebb29d37fca2500571b61119c89ae12415 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Thu, 10 Jun 2021 19:45:11 -0700 Subject: [PATCH 06/15] 4 --- .github/workflows/pr-checker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index 8f84cd4d2..9d6c2730d 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -94,7 +94,7 @@ jobs: runs-on: windows-latest steps: - name: Set-workflow-initiator - run: echo "Initiated by -" ${{ env.GITHUB_ACTOR }} + run: echo "Initiated by - ${{ env.GITHUB_ACTOR }}" - name: Set-workflow-initiator-2 run: echo "Initiated by -"$env:GITHUB_ACTOR #- name: Set-branch-name-for-non-pr @@ -132,7 +132,7 @@ jobs: #- name: Install-build-dependencies # run: sudo apt-get install build-essential -y - name: Build-source-code - run: cd ./build/windows/ && Makefile.ps1 + run: cd ./build/windows/ && & .\Makefile.ps1 - name: Create-docker-image run: | cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $IMAGETAG --build-arg IMAGE_TAG=$IMAGETAG_TELEMETRY From 9ae9a25f1e7aeda2d0f2d37d25aa5acee640a8d0 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Thu, 10 Jun 2021 22:10:02 -0700 Subject: [PATCH 07/15] test --- .github/workflows/pr-checker.yml | 36 +++++++++++++------------------- 1 file changed, 14 insertions(+), 22 deletions(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index 9d6c2730d..53fb814f2 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -93,55 +93,47 @@ jobs: WINDOWS-build-and-scan: runs-on: windows-latest steps: + #- name: Set-workflow-initiator + # run: echo "Initiated by - ${{ env.GITHUB_ACTOR }}" - name: Set-workflow-initiator - run: echo "Initiated by - ${{ env.GITHUB_ACTOR }}" - - name: Set-workflow-initiator-2 - run: echo "Initiated by -"$env:GITHUB_ACTOR + run: echo ("Initiated by -" + $env:GITHUB_ACTOR) #- name: Set-branch-name-for-non-pr # if: ${{ github.event_name != 'pull_request' }} # run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / _)" >> $GITHUB_ENV - name: Set-branch-name-for-pr if: ${{ github.event_name == 'pull_request' }} - run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF} | tr / _)" >> $GITHUB_ENV + run: echo ("BRANCH_NAME=" + $env:GITHUB_HEAD_REF.replace('/','_')) >> $env:GITHUB_ENV - name: Set-Env - run: echo "ENV=dev" >> $GITHUB_ENV + run: echo ("ENV=dev") >> $env:GITHUB_ENV - name: Set-ACR-Registry - run: echo "ACR_REGISTRY=containerinsightsprod.azurecr.io" >> $GITHUB_ENV + run: echo ("ACR_REGISTRY=containerinsightsprod.azurecr.io") >> $env:GITHUB_ENV - name: Set-ACR-Repository - run: echo "ACR_REPOSITORY=/public/azuremonitor/containerinsights/cidev" >> $GITHUB_ENV + run: echo ("ACR_REPOSITORY=/public/azuremonitor/containerinsights/cidev") >> $env:GITHUB_ENV - name: Set-image-tag-name - run: echo "IMAGE_TAG_NAME=cidevwin" >> $GITHUB_ENV + run: echo ("IMAGE_TAG_NAME=cidev-win") >> $env:GITHUB_ENV - name: Set-image-tag-suffix - run: echo "IMAGE_TAG_DATE=$(date +%m-%d-%Y)" >> $GITHUB_ENV + run: echo ("IMAGE_TAG_DATE="+ (Get-Date -Format "MM-dd-yyyy")) >> $env:GITHUB_ENV - name: Set-commit-sha - run: echo "COMMIT_SHA=${GITHUB_SHA::8}" >> $GITHUB_ENV + run: echo ("COMMIT_SHA=" + $env:GITHUB_SHA.SubString(0,8)) >> $env:GITHUB_ENV - name: Set-image-tag - run: echo "IMAGETAG=${ACR_REGISTRY}${ACR_REPOSITORY}:${IMAGE_TAG_NAME}-${BRANCH_NAME}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV + run: echo ("IMAGETAG=" + $env:ACR_REGISTRY + $env:ACR_REPOSITORY + ":" + $env:IMAGE_TAG_NAME + "-" + $env:BRANCH_NAME + "-" + $env:IMAGE_TAG_DATE + "-" + $env:COMMIT_SHA) >> $env:GITHUB_ENV - name: Set-image-telemetry-tag - run: echo "IMAGETAG_TELEMETRY=${IMAGE_TAG_NAME}-${BRANCH_NAME}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV - - name: Set-Helm-OCI-Experimental-feature - run: echo "HELM_EXPERIMENTAL_OCI=1" >> $GITHUB_ENV - - name: Set-Helm-chart-version - run: echo "HELM_CHART_VERSION=0.0.1" >> $GITHUB_ENV - - name: Set-Helm-tag - run: echo "HELMTAG=${ACR_REGISTRY}${ACR_REPOSITORY}:${IMAGE_TAG_NAME}-chart-${BRANCH_NAME}-${HELM_CHART_VERSION}-${IMAGE_TAG_DATE}-${COMMIT_SHA}" >> $GITHUB_ENV + run: echo ("IMAGETAG_TELEMETRY=" + $env:IMAGE_TAG_NAME + "-" + $env:BRANCH_NAME + "-" + $env:IMAGE_TAG_DATE + "-" + $env:COMMIT_SHA) >> $env:GITHUB_ENV - name: Checkout-code uses: actions/checkout@v2 - name: Show-versions-On-build-machine run: systeminfo && go version && docker version - #- name: Install-build-dependencies - # run: sudo apt-get install build-essential -y - name: Build-source-code run: cd ./build/windows/ && & .\Makefile.ps1 - name: Create-docker-image run: | - cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $IMAGETAG --build-arg IMAGE_TAG=$IMAGETAG_TELEMETRY + cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $env:IMAGETAG --build-arg IMAGE_TAG=$env:IMAGETAG_TELEMETRY - name: List-docker-images run: docker images --digests --all - name: Run-trivy-scanner-on-docker-image uses: aquasecurity/trivy-action@master with: - image-ref: "${{ env.IMAGETAG }}" + image-ref: '{$env:IMAGETAG}' format: 'table' #output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' From cfa43e79aa5b753dc0eca48c1a41e5e98db3a905 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Thu, 10 Jun 2021 22:46:45 -0700 Subject: [PATCH 08/15] 2 --- .github/workflows/pr-checker.yml | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index 53fb814f2..3a164a861 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -125,22 +125,28 @@ jobs: run: systeminfo && go version && docker version - name: Build-source-code run: cd ./build/windows/ && & .\Makefile.ps1 + - name: List-docker-images-pre + run: docker images --digests --all - name: Create-docker-image run: | cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $env:IMAGETAG --build-arg IMAGE_TAG=$env:IMAGETAG_TELEMETRY - name: List-docker-images run: docker images --digests --all - - name: Run-trivy-scanner-on-docker-image - uses: aquasecurity/trivy-action@master + - name: scan + - uses: Azure/container-scan@v0 with: - image-ref: '{$env:IMAGETAG}' - format: 'table' + image-name: ${env:IMAGETAG} + #- name: Run-trivy-scanner-on-docker-image + # uses: aquasecurity/trivy-action@master + # with: + # image-ref: '{$env:IMAGETAG}' + # format: 'table' #output: 'trivy-results.sarif' - severity: 'CRITICAL,HIGH' - vuln-type: 'os,library' + # severity: 'CRITICAL,HIGH' + # vuln-type: 'os,library' #skip-dirs: 'opt/telegraf/telegraf,opt/microsoft/otelcollector/otelcollector' - exit-code: '1' - timeout: '5m0s' + # exit-code: '1' + # timeout: '5m0s' #- name: Save-Helm-chart-to-local-cache # run: cd ./charts/azuremonitor-containers/ && helm chart save . ${{ env.HELMTAG }} #- name: List-local-Helm-Charts From e5a3c3418f1e005ca31b3b17c7842461b2efa2ee Mon Sep 17 00:00:00 2001 From: vishwanath Date: Thu, 10 Jun 2021 22:48:31 -0700 Subject: [PATCH 09/15] 3 --- .github/workflows/pr-checker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index 3a164a861..0f97b41ba 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -133,7 +133,7 @@ jobs: - name: List-docker-images run: docker images --digests --all - name: scan - - uses: Azure/container-scan@v0 + uses: Azure/container-scan@v0 with: image-name: ${env:IMAGETAG} #- name: Run-trivy-scanner-on-docker-image From 08ef371c40bab7db6e18fae3b8e99bf43723f6d5 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Thu, 10 Jun 2021 23:41:41 -0700 Subject: [PATCH 10/15] 4 --- .github/workflows/pr-checker.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index 0f97b41ba..b674775f2 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -125,17 +125,22 @@ jobs: run: systeminfo && go version && docker version - name: Build-source-code run: cd ./build/windows/ && & .\Makefile.ps1 + - name: pull + run: docker pull "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-ciprod04222021" - name: List-docker-images-pre + uses: PaloAltoNetworks/prisma-cloud-scan@v1 + with: + image_name: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-ciprod04222021" run: docker images --digests --all - name: Create-docker-image run: | cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $env:IMAGETAG --build-arg IMAGE_TAG=$env:IMAGETAG_TELEMETRY - name: List-docker-images run: docker images --digests --all - - name: scan - uses: Azure/container-scan@v0 - with: - image-name: ${env:IMAGETAG} + #- name: scan + # uses: Azure/container-scan@v0 + # with: + # image-name: ${env:IMAGETAG} #- name: Run-trivy-scanner-on-docker-image # uses: aquasecurity/trivy-action@master # with: From cc16e44c3d6935ac12c1f5486d38f5c777284552 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Thu, 10 Jun 2021 23:45:23 -0700 Subject: [PATCH 11/15] 5 --- .github/workflows/pr-checker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index b674775f2..ebaa219c4 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -131,7 +131,7 @@ jobs: uses: PaloAltoNetworks/prisma-cloud-scan@v1 with: image_name: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-ciprod04222021" - run: docker images --digests --all + #run: docker images --digests --all - name: Create-docker-image run: | cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $env:IMAGETAG --build-arg IMAGE_TAG=$env:IMAGETAG_TELEMETRY From 004bcbbc8cd4ba5c14b5741a6c7b0f839b3ae374 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Thu, 10 Jun 2021 23:55:27 -0700 Subject: [PATCH 12/15] 6 --- .github/workflows/pr-checker.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index ebaa219c4..8f4b8258b 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -125,12 +125,12 @@ jobs: run: systeminfo && go version && docker version - name: Build-source-code run: cd ./build/windows/ && & .\Makefile.ps1 - - name: pull - run: docker pull "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-ciprod04222021" + #- name: pull + # run: docker pull "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-ciprod04222021" - name: List-docker-images-pre uses: PaloAltoNetworks/prisma-cloud-scan@v1 with: - image_name: "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-ciprod04222021" + image_name: "mcr.microsoft.com/windows/servercore:ltsc2019" #run: docker images --digests --all - name: Create-docker-image run: | From 2478fa4ec5c7878d7edda691e26dec08089b6f46 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Mon, 14 Jun 2021 19:40:30 -0700 Subject: [PATCH 13/15] rename gem for windows --- .github/workflows/pr-checker.yml | 85 ++------------------------------ kubernetes/linux/setup.sh | 8 +-- kubernetes/windows/setup.ps1 | 12 ++++- 3 files changed, 18 insertions(+), 87 deletions(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index 8f4b8258b..ca0615163 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -1,8 +1,5 @@ -name: pr-checker1 +name: pullrequest-build-and-scan on: - #push: - # branches: - # - ci_dev pull_request: types: [opened, synchronize, reopened] branches: @@ -15,9 +12,6 @@ jobs: steps: - name: Set-workflow-initiator run: echo "Initiated by - ${GITHUB_ACTOR}" - #- name: Set-branch-name-for-non-pr - # if: ${{ github.event_name != 'pull_request' }} - # run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / _)" >> $GITHUB_ENV - name: Set-branch-name-for-pr if: ${{ github.event_name == 'pull_request' }} run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF} | tr / _)" >> $GITHUB_ENV @@ -61,45 +55,16 @@ jobs: with: image-ref: "${{ env.IMAGETAG }}" format: 'table' - #output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' vuln-type: 'os,library' skip-dirs: 'opt/telegraf' exit-code: '1' timeout: '5m0s' - #- name: Save-Helm-chart-to-local-cache - # run: cd ./charts/azuremonitor-containers/ && helm chart save . ${{ env.HELMTAG }} - #- name: List-local-Helm-Charts - # run: helm chart list - #- name: Login-to-ACR-thru-Docker - # if: github.event_name != 'pull_request' - # run: docker login containerinsightsprod.azurecr.io -u ${{ secrets.RCA_PS_DI }} -p ${{ secrets.RCA_PS_CES }} - #- name: Publish-docker-image-to-ACR - # if: github.event_name != 'pull_request' - # run: | - # docker push ${{ env.IMAGETAG }} - #- name: Login-to-ACR-thru-Helm - # if: github.event_name != 'pull_request' - # run: helm registry login containerinsightsprod.azurecr.io --username ${{ secrets.RCA_PS_DI }} --password ${{ secrets.RCA_PS_CES }} - #- name: Publish-Helm-chart-to-ACR - # if: github.event_name != 'pull_request' - # run: helm chart push ${{ env.HELMTAG }} - #- name: Tag-this-push - # uses: actions-ecosystem/action-push-tag@v1 - # if: github.event_name != 'pull_request' - # with: - # tag: ${{ env.IMAGETAG_TELEMETRY }} - # message: "Created tag ${{ env.IMAGETAG_TELEMETRY }} for CommitID: ${{ env.GITHUB_SHA }}" - WINDOWS-build-and-scan: + WINDOWS-build: runs-on: windows-latest steps: - #- name: Set-workflow-initiator - # run: echo "Initiated by - ${{ env.GITHUB_ACTOR }}" - name: Set-workflow-initiator run: echo ("Initiated by -" + $env:GITHUB_ACTOR) - #- name: Set-branch-name-for-non-pr - # if: ${{ github.event_name != 'pull_request' }} - # run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / _)" >> $GITHUB_ENV - name: Set-branch-name-for-pr if: ${{ github.event_name == 'pull_request' }} run: echo ("BRANCH_NAME=" + $env:GITHUB_HEAD_REF.replace('/','_')) >> $env:GITHUB_ENV @@ -125,53 +90,9 @@ jobs: run: systeminfo && go version && docker version - name: Build-source-code run: cd ./build/windows/ && & .\Makefile.ps1 - #- name: pull - # run: docker pull "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-ciprod04222021" - - name: List-docker-images-pre - uses: PaloAltoNetworks/prisma-cloud-scan@v1 - with: - image_name: "mcr.microsoft.com/windows/servercore:ltsc2019" - #run: docker images --digests --all - name: Create-docker-image run: | cd ./kubernetes/windows/ && docker build . --file Dockerfile -t $env:IMAGETAG --build-arg IMAGE_TAG=$env:IMAGETAG_TELEMETRY - name: List-docker-images run: docker images --digests --all - #- name: scan - # uses: Azure/container-scan@v0 - # with: - # image-name: ${env:IMAGETAG} - #- name: Run-trivy-scanner-on-docker-image - # uses: aquasecurity/trivy-action@master - # with: - # image-ref: '{$env:IMAGETAG}' - # format: 'table' - #output: 'trivy-results.sarif' - # severity: 'CRITICAL,HIGH' - # vuln-type: 'os,library' - #skip-dirs: 'opt/telegraf/telegraf,opt/microsoft/otelcollector/otelcollector' - # exit-code: '1' - # timeout: '5m0s' - #- name: Save-Helm-chart-to-local-cache - # run: cd ./charts/azuremonitor-containers/ && helm chart save . ${{ env.HELMTAG }} - #- name: List-local-Helm-Charts - # run: helm chart list - #- name: Login-to-ACR-thru-Docker - # if: github.event_name != 'pull_request' - # run: docker login containerinsightsprod.azurecr.io -u ${{ secrets.RCA_PS_DI }} -p ${{ secrets.RCA_PS_CES }} - #- name: Publish-docker-image-to-ACR - # if: github.event_name != 'pull_request' - # run: | - # docker push ${{ env.IMAGETAG }} - #- name: Login-to-ACR-thru-Helm - # if: github.event_name != 'pull_request' - # run: helm registry login containerinsightsprod.azurecr.io --username ${{ secrets.RCA_PS_DI }} --password ${{ secrets.RCA_PS_CES }} - #- name: Publish-Helm-chart-to-ACR - # if: github.event_name != 'pull_request' - # run: helm chart push ${{ env.HELMTAG }} - #- name: Tag-this-push - # uses: actions-ecosystem/action-push-tag@v1 - # if: github.event_name != 'pull_request' - # with: - # tag: ${{ env.IMAGETAG_TELEMETRY }} - # message: "Created tag ${{ env.IMAGETAG_TELEMETRY }} for CommitID: ${{ env.GITHUB_SHA }}" + diff --git a/kubernetes/linux/setup.sh b/kubernetes/linux/setup.sh index ef55a6d38..ad7cc2232 100644 --- a/kubernetes/linux/setup.sh +++ b/kubernetes/linux/setup.sh @@ -27,11 +27,10 @@ sudo apt-get install jq=1.5+dfsg-2 -y #used to setcaps for ruby process to read /proc/env sudo apt-get install libcap2-bin -y -#1.18 pre-release -wget https://dl.influxdata.com/telegraf/releases/telegraf-1.19.0~rc0_linux_amd64.tar.gz -tar -zxvf telegraf-1.19.0~rc0_linux_amd64.tar.gz +wget https://dl.influxdata.com/telegraf/releases/telegraf-1.18.0_linux_amd64.tar.gz +tar -zxvf telegraf-1.18.0_linux_amd64.tar.gz -mv /opt/telegraf-1.19.0/usr/bin/telegraf /opt/telegraf +mv /opt/telegraf-1.18.0/usr/bin/telegraf /opt/telegraf chmod 777 /opt/telegraf @@ -68,5 +67,6 @@ rm /etc/logrotate.d/alternatives /etc/logrotate.d/apt /etc/logrotate.d/azure-mds #see - https://github.com/fluent/fluentd/issues/3374 https://github.com/tmm1/http_parser.rb/issues/70 if [ -e "/var/lib/gems/2.6.0/gems/http_parser.rb-0.6.0/Gemfile.lock" ]; then #rename + echo "Renaming unused gemfile.lock for http_parser 0.6.0" mv /var/lib/gems/2.6.0/gems/http_parser.rb-0.6.0/Gemfile.lock /var/lib/gems/2.6.0/gems/http_parser.rb-0.6.0/renamed_Gemfile_lock.renamed fi diff --git a/kubernetes/windows/setup.ps1 b/kubernetes/windows/setup.ps1 index 25aad5e16..3e47b7eb2 100644 --- a/kubernetes/windows/setup.ps1 +++ b/kubernetes/windows/setup.ps1 @@ -65,6 +65,16 @@ Write-Host ('Extracting Certificate Generator Package') Expand-Archive -Path /opt/omsagentwindows/certificategenerator.zip -Destination /opt/omsagentwindows/certgenerator/ -Force Write-Host ('Finished Extracting Certificate Generator Package') +Write-Host ("Removing Install folder") + Remove-Item /installation -Recurse -Write-Host ("Removing Install folder") \ No newline at end of file +#Remove gemfile.lock for http_parser gem 0.6.0 +#see - https://github.com/fluent/fluentd/issues/3374 https://github.com/tmm1/http_parser.rb/issues/70 + +$gemfile = "\ruby26\lib\ruby\gems\2.6.0\gems\http_parser.rb-0.6.0\Gemfile.lock" +$gemfileFullPath = $Env:SYSTEMDRIVE + "\" + $gemfile +If (Test-Path -Path $gemfile ) { + Write-Host ("Renaming unused gemfile.lock for http_parser 0.6.0") + Rename-Item -Path $gemfileFullPath -NewName "renamed_Gemfile_lock.renamed" +} \ No newline at end of file From 9250e1dfab20c66197a60fa49e9dac5b6454cae9 Mon Sep 17 00:00:00 2001 From: vishwanath Date: Mon, 14 Jun 2021 20:49:35 -0700 Subject: [PATCH 14/15] fix --- .github/workflows/pr-checker.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index ca0615163..debbfc292 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -6,6 +6,8 @@ on: - ci_dev - ci_prod - vishwa/scan + paths-ignore: + - '**.md' jobs: LINUX-build-and-scan: runs-on: ubuntu-latest From 032991c4b58fab589007266b88a53454839b127a Mon Sep 17 00:00:00 2001 From: vishwanath Date: Tue, 15 Jun 2021 08:58:47 -0700 Subject: [PATCH 15/15] fix --- .github/workflows/pr-checker.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pr-checker.yml b/.github/workflows/pr-checker.yml index debbfc292..c75e6dc24 100644 --- a/.github/workflows/pr-checker.yml +++ b/.github/workflows/pr-checker.yml @@ -5,7 +5,6 @@ on: branches: - ci_dev - ci_prod - - vishwa/scan paths-ignore: - '**.md' jobs: