release-1.2

.gitignore

@@ -1 +1,10 @@
-csi-scaleio
+
+/csi-vxflexos
+helm/.ps.out
+service/c.out
+service/test/
+test/integration/c.linux.out
+test/integration/stderr
+semver.mk
+goscaleio/
+gofsutil/

Dockerfile

@@ -1,10 +1,71 @@
-FROM centos:7.6.1810
-RUN yum install -y libaio
-RUN yum install -y libuuid
-RUN yum install -y numactl
-RUN yum install -y xfsprogs
-RUN yum install -y e4fsprogs
-COPY "csi-vxflexos" .
-COPY "csi-vxflexos.sh" .
-RUN chmod +x csi-vxflexos.sh
+# some arguments that must be supplied
+ARG GOPROXY
+ARG GOVERSION
+ARG BASEIMAGE
+
+
+# Stage to build the driver
+FROM golang:${GOVERSION} as builder
+ARG GOPROXY
+RUN mkdir -p /go/src
+COPY ./ /go/src/
+WORKDIR /go/src/
+RUN CGO_ENABLED=0 \
+    make build
+
+# Stage to build the driver image
+FROM $BASEIMAGE AS driver
+# install necessary packages
+# alphabetical order for easier maintenance
+RUN yum update -y && \
+    yum install -y \
+        e4fsprogs \
+        libaio \
+        libuuid \
+        numactl \
+        xfsprogs && \
+    yum clean all
 ENTRYPOINT ["/csi-vxflexos.sh"]
+# copy in the driver
+COPY --from=builder /go/src/csi-vxflexos /
+COPY "csi-vxflexos.sh" /
+RUN chmod +x /csi-vxflexos.sh
+
+# stage to run gosec
+FROM builder as gosec
+RUN go get github.com/securego/gosec/cmd/gosec
+RUN cd /go/src && \
+    gosec ./...
+
+# Stage to check for critical and high CVE issues via Trivy (https://github.com/aquasecurity/trivy)
+# will break image build if CRITICAL issues found
+# will print out all HIGH issues found
+FROM driver as cvescan
+# run trivy and clean up all traces after
+RUN curl https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh && \
+    trivy fs -s CRITICAL --exit-code 1 / && \
+    trivy fs -s HIGH / && \
+    trivy image --reset && \
+    rm ./bin/trivy
+
+# Stage to run antivirus scans via clamav (https://www.clamav.net/))
+# will break image build if anything found
+FROM driver as virusscan
+# run trivy and clean up all traces after
+RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
+    yum install -y clamav clamav-update && \
+    freshclam && \
+    clamscan -r -i --exclude-dir=/sys / && \
+    yum erase -y clamav clamav-update epel-release
+
+# final stage
+# simple stage to use the driver image as the resultant image 
+FROM driver as final
+
+LABEL vendor="Dell Inc." \
+      name="csi-powerflex" \
+      summary="CSI Driver for Dell EMC PowerFlex" \
+      description="CSI Driver for provisioning persistent storage from Dell EMC PowerFlex" \
+      version="1.2.0" \
+      license="Apache-2.0"
+COPY ./licenses /licenses

Makefile

@@ -1,37 +1,45 @@
-all: clean build
-
-# Tag parameters
-MAJOR=1
-MINOR=0
-PATCH=0
-NOTES=
-TAGMSG="CSI Spec 1.0"
-
+# default target
+all: help
+
+# include an overrides file, which sets up default values and allows user overrides
+include overrides.mk
+
+# Help target, prints usefule information
+help:
+	@echo
+	@echo "The following targets are commonly used:"
+	@echo
+	@echo "build            - Builds the code locally"
+	@echo "check            - Runs the suite of code checking tools: lint, format, etc"
+	@echo "clean            - Cleans the local build"
+	@echo "docker           - Builds the code within a golang container and then creates the driver image"
+	@echo "integration-test - Runs the integration tests. Requires access to an array"
+	@echo "push             - Pushes the built container to a target registry"
+	@echo "unit-test        - Runs the unit tests"
+	@echo
+	@make -s overrides-help
+
+# Clean the build
 clean:
 	rm -f core/core_generated.go
+	rm -f semver.mk
 	go clean
 
-build:
-	go generate
-	CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build
-
-install:
+# Dependencies
+dependencies:
 	go generate
-	GOOS=linux CGO_ENABLED=0 go install
+	go run core/semver/semver.go -f mk >semver.mk
 
-# Tags the release with the Tag parameters set above
-tag:
-	-git tag -d v$(MAJOR).$(MINOR).$(PATCH)$(NOTES)
-	git tag -a -m $(TAGMSG) v$(MAJOR).$(MINOR).$(PATCH)$(NOTES)
+# Build the driver locally
+build: dependencies
+	CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build
 
 # Generates the docker container (but does not push)
-docker:
-	go generate
-	go run core/semver/semver.go -f mk >semver.mk
+docker: dependencies
 	make -f docker.mk docker
 
 # Pushes container to the repository
-push:	docker
+push: docker
 	make -f docker.mk push
 
 # Windows or Linux; requires no hardware

README.md

@@ -1,13 +1,25 @@
-# CSI Driver for VxFlex OS
+# CSI Driver for PowerFlex (Formerly VxFlex OS)
+
+[![Go Report Card](https://goreportcard.com/badge/github.com/dell/csi-vxflexos)](https://goreportcard.com/report/github.com/dell/csi-vxflexos)
+[![License](https://img.shields.io/github/license/dell/csi-vxflexos)](https://github.com/dell/csi-vxflexos/blob/master/LICENSE)
+[![Docker](https://img.shields.io/docker/pulls/dellemc/csi-vxflexos.svg?logo=docker)](https://hub.docker.com/r/dellemc/csi-vxflexos)
+[![Last Release](https://img.shields.io/github/v/release/dell/csi-vxflexos?label=latest&style=flat-square)](https://github.com/dell/csi-vxflexos/releases)
 
 ## Description
-CSI Driver for VxFlex OS is a Container Storage Interface ([CSI](https://github.com/container-storage-interface/spec))
-driver that provides VxFlex OS support. It supports CSI specification version 1.1.
+CSI Driver for PowerFlex is a Container Storage Interface ([CSI](https://github.com/container-storage-interface/spec))
+driver that provides PowerFlex support. It supports CSI specification version 1.1.
 
 This project may be compiled as a stand-alone binary using Golang that, when
 run, provides a valid CSI endpoint. This project can also be built
 as a Golang plug-in in order to extend the functionality of other programs.
 
+## Support
+The CSI Driver for Dell EMC PowerFlex image, which is the built driver code, is available on Dockerhub and is officially supported by Dell EMC.  
+
+The source code for CSI Driver for Dell EMC PowerFlex available on Github is unsupported and provided solely under the terms of the license attached to the source code. For clarity, Dell EMC does not provide support for any source code modifications.  
+
+For any CSI driver issues, questions or feedback, join the [Dell EMC Container community](https://www.dell.com/community/Containers/bd-p/Containers).
+
 ## Building
 
 This project is a Go module (see golang.org Module information for explanation).
@@ -20,24 +32,20 @@ To run unit tests, execute `make unit-test`.
 To build a docker image, execute `make docker`.
 
 You can run an integration test on a Linux system by populating the file `env.sh`
-with values for your VxFlex OS system and then run "make integration-test".
+with values for your PowerFlex system and then run "make integration-test".
 
 ## Runtime Dependencies
 The Node portion of the driver can be run on any node that is configured as a
-VxFlex OS SDC. This means that the `scini` kernel module must be loaded. Also,
+PowerFlex SDC. This means that the `scini` kernel module must be loaded. Also,
 if the `X_CSI_VXFLEXOS_SDCGUID` environment variable is not set, the driver will
 try to query the SDC GUID by executing the binary
 `/opt/emc/scaleio/sdc/bin/drv_cfg`. If that binary is not present, the Node
 Service cannot be run.
 
 ## Installation
+Installation in a Kubernetes cluster should be done using the scripts within the `dell-csi-helm-installer` directory. 
 
-Installation in Kubernetes should be done using the `install.vxflexos` script
-and accompanying Helm chart in the helm directory. For more information, please refer 
-to the `CSI Driver for VxFlex OS Product Guide` and `CSI Driver for VxFlex OS Release Notes`.
-The driver will be started in Kubernetes as a result of executing the installation
-script.
-
+For more information, consult the [README.md](dell-csi-helm-installer/README.md)
 
 ## Using driver
 
@@ -121,12 +129,3 @@ This means that giving a workload read-only access to a block device is not
 supported.
 
 In general, volumes should be formatted with xfs or ext4.
-
-## Support
-The CSI Driver for Dell EMC VxFlex OS image available on Dockerhub is officially supported by Dell EMC.
-
-The source code available on Github is unsupported and provided solely under the terms of the license attached to the source code. For clarity, Dell EMC does not provide support for any source code modifications.
-
-For any CSI driver setup, configuration issues, questions or feedback, join the Dell EMC Container community athttps://www.dell.com/community/Containers/bd-p/Containers
-
-For any Dell EMC storage issues, please contact Dell support at: https://www.dell.com/support.

core/semver/semver.go

@@ -56,6 +56,7 @@ func main() {
 	} else if strings.EqualFold("ver", format) {
 		format = "ver"
 	} else {
+		/* #nosec G304 */
 		if fileExists(format) {
 			buf, err := ioutil.ReadFile(format)
 			if err != nil {
@@ -76,6 +77,7 @@ func main() {
 			os.Exit(1)
 		}
 		w = fout
+		/* #nosec G307 */
 		defer fout.Close()
 	}
 
@@ -163,6 +165,7 @@ func main() {
 }
 
 func doExec(cmd string, args ...string) ([]byte, error) {
+	/* #nosec G204 */
 	c := exec.Command(cmd, args...)
 	c.Stderr = os.Stderr
 	return c.Output()