From 43d3c5e222b5e62efc57023afdcbcb1a22ab1ded Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Thu, 18 Feb 2021 09:12:05 +0100 Subject: [PATCH 1/8] Enable Dependabot --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..219c13a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "cargo" + directory: "/" + schedule: + interval: "daily" From 9d9acf02adda3cd367d0dbdb2ea17e4ec70da9dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Thu, 18 Feb 2021 09:14:02 +0100 Subject: [PATCH 2/8] Enable security audit --- .github/workflows/rust.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 8dc9b51..dd2c42f 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -45,3 +45,13 @@ jobs: run: cargo build --verbose - name: Run tests run: cargo test --verbose + + + security_audit: + name: Run security audit + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/audit-check@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} From 7c1b8a7d513fa950942c862deb382ad6d554f98d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Thu, 18 Feb 2021 09:36:56 +0100 Subject: [PATCH 3/8] Removed unneeded whitespace --- .github/workflows/rust.yml | 1 - Cargo.toml | 12 ++++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index dd2c42f..d256d29 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -46,7 +46,6 @@ jobs: - name: Run tests run: cargo test --verbose - security_audit: name: Run security audit runs-on: ubuntu-latest diff --git a/Cargo.toml b/Cargo.toml index a38b694..9896ac6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,6 +3,8 @@ name = "stackable-agent" version = "0.1.0" authors = ["Sönke Liebau "] edition = "2018" +description = "Test" +license = "Apache-2.0" [dependencies] # We are currently referencing the Krustlet directly from the repository, because some features that we are using have @@ -43,3 +45,13 @@ serde_yaml = "0.8" opt-level = "s" lto = true codegen-units = 1 + +[package.metadata.rpm] +package = "stackable-agent" + +[package.metadata.rpm.cargo] +buildflags = ["--release"] + +[package.metadata.rpm.targets] +"./src/bin/agent" = { path = "/usr/bin/./src/bin/agent" } +"./src/bin/generate_doc" = { path = "/usr/bin/./src/bin/generate_doc" } From 4c54c465184a18abcc58420d52617a76350d3649 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Thu, 18 Feb 2021 09:38:39 +0100 Subject: [PATCH 4/8] Reverted changes that were accidentally included in a commit. --- Cargo.toml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 9896ac6..a38b694 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,8 +3,6 @@ name = "stackable-agent" version = "0.1.0" authors = ["Sönke Liebau "] edition = "2018" -description = "Test" -license = "Apache-2.0" [dependencies] # We are currently referencing the Krustlet directly from the repository, because some features that we are using have @@ -45,13 +43,3 @@ serde_yaml = "0.8" opt-level = "s" lto = true codegen-units = 1 - -[package.metadata.rpm] -package = "stackable-agent" - -[package.metadata.rpm.cargo] -buildflags = ["--release"] - -[package.metadata.rpm.targets] -"./src/bin/agent" = { path = "/usr/bin/./src/bin/agent" } -"./src/bin/generate_doc" = { path = "/usr/bin/./src/bin/generate_doc" } From 2cf9f3bac40181c26aa9d0e7cfb2402d42f536dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Thu, 18 Feb 2021 09:58:33 +0100 Subject: [PATCH 5/8] Updated dependency to avoid nagging security audit. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index a38b694..99850af 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -27,7 +27,7 @@ tar = "0.4" handlebars = "3.5" thiserror = "1.0" url = "2.2" -pnet = "0.26.0" +pnet = "0.27" stackable_config = { git = "https://github.com/stackabletech/common.git", branch = "main" } phf = { version = "0.7.24", features = ["macros"] } dbus = "0.9.0" From d618bc8a9b4ecbbd7ec5f4b27dddb0b30a511493 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Thu, 18 Feb 2021 10:53:29 +0100 Subject: [PATCH 6/8] Added daily security audit to scan for new issues in our dependencies. --- .github/workflows/daily_security.yml | 12 ++++++++++++ .github/workflows/rust.yml | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/daily_security.yml diff --git a/.github/workflows/daily_security.yml b/.github/workflows/daily_security.yml new file mode 100644 index 0000000..26d8e43 --- /dev/null +++ b/.github/workflows/daily_security.yml @@ -0,0 +1,12 @@ +name: Security audit +on: + schedule: + - cron: '0 0 * * *' +jobs: + audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/audit-check@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index d256d29..40fc125 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -53,4 +53,4 @@ jobs: - uses: actions/checkout@v2 - uses: actions-rs/audit-check@v1 with: - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From 89c826e01d6c6a5d60fcc46d66e3e749881d1c98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Thu, 18 Feb 2021 11:02:57 +0100 Subject: [PATCH 7/8] Added ability to manually run security audit. --- .github/workflows/daily_security.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/daily_security.yml b/.github/workflows/daily_security.yml index 26d8e43..94ffca9 100644 --- a/.github/workflows/daily_security.yml +++ b/.github/workflows/daily_security.yml @@ -2,6 +2,8 @@ name: Security audit on: schedule: - cron: '0 0 * * *' + workflow_dispatch: + jobs: audit: runs-on: ubuntu-latest From d6fe76edb704c513f66752fcdd90c5ccdf4d3af9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Liebau?= Date: Thu, 18 Feb 2021 12:00:00 +0100 Subject: [PATCH 8/8] Merged main & added action to check for new versions of github actions. --- .github/dependabot.yml | 7 ++++++- Cargo.lock | 47 +++++++++++++++++++++--------------------- 2 files changed, 29 insertions(+), 25 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 219c13a..9f0a052 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,11 @@ version: 2 updates: - - package-ecosystem: "cargo" + - package-ecosystem: "github-actions" directory: "/" schedule: interval: "daily" + + - package-ecosystem: "cargo" + directory: "/" + schedule: + interval: "daily" \ No newline at end of file diff --git a/Cargo.lock b/Cargo.lock index 5c7f6a7..9903271 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1126,9 +1126,9 @@ checksum = "47be2f14c678be2fdcab04ab1171db51b2762ce6f0a8ee87c8dd4a04ed216135" [[package]] name = "ipnetwork" -version = "0.16.0" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8eca9f51da27bc908ef3dd85c21e1bbba794edaf94d7841e37356275b82d31e" +checksum = "02c3eaab3ac0ede60ffa41add21970a7df7d91772c03383aac6c2c3d53cc716b" dependencies = [ "serde", ] @@ -1259,7 +1259,7 @@ dependencies = [ [[package]] name = "kubelet" version = "0.5.0" -source = "git+https://github.com/stackabletech/krustlet.git?rev=bb8bb42c9400a565df4be04f357e61934fb277c6#bb8bb42c9400a565df4be04f357e61934fb277c6" +source = "git+https://github.com/deislabs/krustlet.git?rev=ac218b38ba564de806568e49d9e38aaef9f41537#ac218b38ba564de806568e49d9e38aaef9f41537" dependencies = [ "anyhow", "async-stream 0.3.0", @@ -1308,7 +1308,7 @@ dependencies = [ [[package]] name = "kubelet-derive" version = "0.1.0" -source = "git+https://github.com/stackabletech/krustlet.git?rev=bb8bb42c9400a565df4be04f357e61934fb277c6#bb8bb42c9400a565df4be04f357e61934fb277c6" +source = "git+https://github.com/deislabs/krustlet.git?rev=ac218b38ba564de806568e49d9e38aaef9f41537#ac218b38ba564de806568e49d9e38aaef9f41537" dependencies = [ "quote 1.0.7", "syn 1.0.50", @@ -1586,7 +1586,7 @@ dependencies = [ [[package]] name = "oci-distribution" version = "0.4.0" -source = "git+https://github.com/stackabletech/krustlet.git?rev=bb8bb42c9400a565df4be04f357e61934fb277c6#bb8bb42c9400a565df4be04f357e61934fb277c6" +source = "git+https://github.com/deislabs/krustlet.git?rev=ac218b38ba564de806568e49d9e38aaef9f41537#ac218b38ba564de806568e49d9e38aaef9f41537" dependencies = [ "anyhow", "futures-util", @@ -1845,9 +1845,9 @@ checksum = "3831453b3449ceb48b6d9c7ad7c96d5ea673e9b470a1dc578c2ce6521230884c" [[package]] name = "pnet" -version = "0.26.0" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c62df42dcd72f6f2a658bcf38509f1027df1440ac85f1af4badbe034418302dc" +checksum = "b657d5b9a98a2c81b82549922b8b15984e49f8120cd130b11a09f81b9b55d633" dependencies = [ "ipnetwork", "pnet_base", @@ -1859,28 +1859,28 @@ dependencies = [ [[package]] name = "pnet_base" -version = "0.26.0" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7cd5f7e15220afa66b0a9a62841ea10089f39dcaa1c29752c0b22dfc03111b5" +checksum = "4e4688aa497ef62129f302a5800ebde67825f8ff129f43690ca84099f6620bed" [[package]] name = "pnet_datalink" -version = "0.26.0" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7318ae1d6e0b7fa1e49933233c9473f2b72d3d18b97e70e2716c6415dde5f915" +checksum = "59001c9c4d9d23bf2f61afaaf134a766fd6932ba2557c606b9112157053b9ac7" dependencies = [ "ipnetwork", "libc", "pnet_base", "pnet_sys", - "winapi 0.2.8", + "winapi 0.3.9", ] [[package]] name = "pnet_macros" -version = "0.26.0" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbbd5c52c6e04aa720400f9c71cd0e8bcb38cd13421d5caabd9035e9efa47de9" +checksum = "d894a90dbdbe976e624453fc31b1912f658083778329442dda1cca94f76a3e76" dependencies = [ "regex", "syntex", @@ -1889,18 +1889,18 @@ dependencies = [ [[package]] name = "pnet_macros_support" -version = "0.26.0" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "daf9c5c0c36766d0a4da9ab268c0700771b8ec367b9463fd678109fa28463c5b" +checksum = "4b99269a458570bc06a9132254349f6543d9abc92e88b68d8de934aac9481f6c" dependencies = [ "pnet_base", ] [[package]] name = "pnet_packet" -version = "0.26.0" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89e26a864d71d0ac51a549cf40283c44ed1b8f98168545638a4730ef9f560283" +checksum = "33f8238f4eb897a55ca06510cd71afb5b5ca7b4ff2d7188f1ca855fc1710133e" dependencies = [ "glob", "pnet_base", @@ -1911,20 +1911,19 @@ dependencies = [ [[package]] name = "pnet_sys" -version = "0.26.0" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73f0de0c52609f157b25d79ce24d9016ab1bbf10cde761397200d634a833872c" +checksum = "7589e4c4e7ed72a3ffdff8a65d3bea84e8c3a23e19d0a10e8f45efdf632fff15" dependencies = [ "libc", - "winapi 0.2.8", - "ws2_32-sys", + "winapi 0.3.9", ] [[package]] name = "pnet_transport" -version = "0.26.0" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6712ab76534340494d849e3c51c64a6261e4b451337b7c05bd3681e384c48b10" +checksum = "326abdfd2e70e8e943bd58087b59686de170cac050a3b19c9fcc84db01690af5" dependencies = [ "libc", "pnet_base",