From 0fb1b40465ee2cecc1dba919b48a0ee99afd4ef0 Mon Sep 17 00:00:00 2001 From: chgl Date: Sun, 19 May 2024 22:24:55 +0200 Subject: [PATCH] chore(deps): aggregated dep updates (#140) * chore(deps): update docker.io/library/postgres:16.2 docker digest to 4aea012 * chore(deps): update docker.io/library/ubuntu:24.04 docker digest to 3f85b7c * chore(deps): update all non-major dependencies * chore(deps): update github-actions * rm syntax * chore(deps): jammy -> noble * fix config * increase iter8 limits --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .config/dotnet-tools.json | 4 +-- .github/workflows/benchmarks.yaml | 4 +-- .github/workflows/buf.yaml | 4 +-- .github/workflows/build-grpc-utils-image.yaml | 4 +-- .github/workflows/ci.yaml | 24 ++++++++--------- .github/workflows/lint-pr-title.yaml | 2 +- .github/workflows/nightly-chaos.yaml | 6 ++--- .github/workflows/schedule.yaml | 2 +- .github/workflows/scorecards.yaml | 8 +++--- .mega-linter.yml | 4 ++- Dockerfile | 7 +++-- docker-compose.yaml | 4 +-- grpc-utils.Dockerfile | 3 +-- src/Vfps.IntegrationTests/MigrationsTests.cs | 2 -- .../Vfps.IntegrationTests.csproj | 4 +-- src/Vfps.StressTests/Vfps.StressTests.csproj | 6 ++--- .../ControllerTests/FhirControllerTests.cs | 1 - src/Vfps.Tests/Vfps.Tests.csproj | 12 ++++----- .../WebAppTests/HttpEndpointTests.cs | 2 -- src/Vfps/Vfps.csproj | 26 +++++++++---------- tests/iter8/experiment.yaml | 4 +-- 21 files changed, 64 insertions(+), 69 deletions(-) diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json index 27bae26..5214ef5 100644 --- a/.config/dotnet-tools.json +++ b/.config/dotnet-tools.json @@ -3,11 +3,11 @@ "isRoot": true, "tools": { "dotnet-outdated-tool": { - "version": "4.6.0", + "version": "4.6.4", "commands": ["dotnet-outdated"] }, "csharpier": { - "version": "0.27.3", + "version": "0.28.2", "commands": ["dotnet-csharpier"] } } diff --git a/.github/workflows/benchmarks.yaml b/.github/workflows/benchmarks.yaml index d28d0d4..09cc5ad 100644 --- a/.github/workflows/benchmarks.yaml +++ b/.github/workflows/benchmarks.yaml @@ -24,7 +24,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 @@ -37,7 +37,7 @@ jobs: run: dotnet run -c Release --project=src/Vfps.Benchmarks - name: Store benchmark result - uses: benchmark-action/github-action-benchmark@cc9ac13ce81036c9b67fcfe2cb95ca366684b9ea # v1.19.3 + uses: benchmark-action/github-action-benchmark@4de1bed97a47495fc4c5404952da0499e31f5c29 # v1.20.3 with: name: PseudonymGeneratorBenchmarks tool: "benchmarkdotnet" diff --git a/.github/workflows/buf.yaml b/.github/workflows/buf.yaml index 5768d17..0a9d580 100644 --- a/.github/workflows/buf.yaml +++ b/.github/workflows/buf.yaml @@ -15,9 +15,9 @@ jobs: contents: read pull-requests: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: bufbuild/buf-setup-action@517ee23296d5caf38df31c21945e6a54bbc8a89f # v1.30.0 + - uses: bufbuild/buf-setup-action@f1331ea1d3f74482cbb60ac19f47fa098232b059 # v1.32.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/build-grpc-utils-image.yaml b/.github/workflows/build-grpc-utils-image.yaml index 7aa4d80..2a5e3c5 100644 --- a/.github/workflows/build-grpc-utils-image.yaml +++ b/.github/workflows/build-grpc-utils-image.yaml @@ -20,7 +20,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Container meta for the gRPC utils image id: container_grpc_utils_meta @@ -33,7 +33,7 @@ jobs: uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3 - name: Login to GitHub Container Registry uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 81512dc..573d842 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -13,7 +13,7 @@ permissions: read-all jobs: build: - uses: miracum/.github/.github/workflows/standard-build.yaml@cc6fa0f9913128e1b27770bcd43df2c19e547a25 # v1.6.2 + uses: miracum/.github/.github/workflows/standard-build.yaml@392030c6f94fcfaa509a606af2b0907d022f2257 # v1.8.3 permissions: contents: read id-token: write @@ -36,7 +36,7 @@ jobs: pull-requests: write steps: - name: Download test image - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: ${{ needs.build.outputs.image-slug }}-test path: /tmp @@ -84,11 +84,11 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Download container image if: ${{ github.event_name == 'pull_request' }} - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: ${{ needs.build.outputs.image-slug }} path: /tmp @@ -185,11 +185,11 @@ jobs: - build steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Download container image if: ${{ github.event_name == 'pull_request' }} - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: ${{ needs.build.outputs.image-slug }} path: /tmp @@ -222,7 +222,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: install iter8 cli env: @@ -234,13 +234,13 @@ jobs: iter8 version - name: Create KinD cluster - uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: cluster_name: kind - name: Download container image if: ${{ github.event_name == 'pull_request' }} - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: ${{ needs.build.outputs.image-slug }} path: /tmp @@ -299,7 +299,7 @@ jobs: - name: Upload report if: always() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: iter8-report.html path: | @@ -313,14 +313,14 @@ jobs: - name: Upload cluster dump if: always() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: kind-cluster-dump.txt path: | kind-cluster-dump.txt lint: - uses: miracum/.github/.github/workflows/standard-lint.yaml@cc6fa0f9913128e1b27770bcd43df2c19e547a25 # v1.6.2 + uses: miracum/.github/.github/workflows/standard-lint.yaml@392030c6f94fcfaa509a606af2b0907d022f2257 # v1.8.3 permissions: contents: read pull-requests: write diff --git a/.github/workflows/lint-pr-title.yaml b/.github/workflows/lint-pr-title.yaml index 3dc2755..293ea09 100644 --- a/.github/workflows/lint-pr-title.yaml +++ b/.github/workflows/lint-pr-title.yaml @@ -14,7 +14,7 @@ jobs: name: Lint PR title runs-on: ubuntu-22.04 steps: - - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 + - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/nightly-chaos.yaml b/.github/workflows/nightly-chaos.yaml index 05cf0d6..c8a4713 100644 --- a/.github/workflows/nightly-chaos.yaml +++ b/.github/workflows/nightly-chaos.yaml @@ -15,12 +15,12 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3 - name: Install Task uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 @@ -38,7 +38,7 @@ jobs: - name: Upload cluster dump if: always() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: kind-cluster-dump.txt path: | diff --git a/.github/workflows/schedule.yaml b/.github/workflows/schedule.yaml index 0d486a0..23bdfe7 100644 --- a/.github/workflows/schedule.yaml +++ b/.github/workflows/schedule.yaml @@ -10,7 +10,7 @@ permissions: read-all jobs: schedule: - uses: miracum/.github/.github/workflows/standard-schedule.yaml@cc6fa0f9913128e1b27770bcd43df2c19e547a25 # v1.6.2 + uses: miracum/.github/.github/workflows/standard-schedule.yaml@392030c6f94fcfaa509a606af2b0907d022f2257 # v1.8.3 permissions: contents: read issues: write diff --git a/.github/workflows/scorecards.yaml b/.github/workflows/scorecards.yaml index 3b1ddb1..d6be78d 100644 --- a/.github/workflows/scorecards.yaml +++ b/.github/workflows/scorecards.yaml @@ -33,12 +33,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: sarif_file: results.sarif diff --git a/.mega-linter.yml b/.mega-linter.yml index 07a7e17..855881d 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -12,6 +12,8 @@ DISABLE_LINTERS: - REPOSITORY_DEVSKIM - SPELL_LYCHEE - MARKDOWN_MARKDOWN_LINK_CHECK + - JSON_V8R + - YAML_V8R SHOW_ELAPSED_TIME: true FILEIO_REPORTER: false @@ -31,6 +33,6 @@ REPOSITORY_KICS_ARGUMENTS: REPOSITORY_KICS_CONFIG_FILE: .kics.yaml MARKDOWN_MARKDOWN_TABLE_FORMATTER_ARGUMENTS: - - -p 0 + - --columnpadding=0 REPOSITORY_TRIVY_CONFIG_FILE: .trivy.yaml diff --git a/Dockerfile b/Dockerfile index 3a0b62c..4744666 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,6 @@ -# syntax=docker/dockerfile:1.7@sha256:dbbd5e059e8a07ff7ea6233b213b36aa516b4c53c645f1817a4dd18b83cbea56 # kics false positive "Missing User Instruction": # kics-scan ignore-line -FROM mcr.microsoft.com/dotnet/aspnet:8.0.3-jammy-chiseled@sha256:39f85ed7906df32eef6798d7d50ff54564248cfa9ef8581219f4351fcfa09a4c AS runtime +FROM mcr.microsoft.com/dotnet/aspnet:8.0.5-noble-chiseled@sha256:88349219b2723d0306c819bb5f7fa401c9db60205304d37ad5d835c4122d5205 AS runtime WORKDIR /opt/vfps EXPOSE 8080/tcp 8081/tcp 8082/tcp USER 65534:65534 @@ -11,7 +10,7 @@ ENV DOTNET_ENVIRONMENT="Production" \ ASPNETCORE_URLS="" \ DOTNET_BUNDLE_EXTRACT_BASE_DIR=/tmp -FROM mcr.microsoft.com/dotnet/sdk:8.0.203-jammy@sha256:c2c75cb385be90e8ade1dbe44cbb5a6195b7dbbe3386772da8b17fd0277a3d5f AS build +FROM mcr.microsoft.com/dotnet/sdk:8.0.300-noble@sha256:0f814b92f1cc906de4e35234a8d59f349ca8b902ffa8d22d09dcad3010f5b604 AS build WORKDIR /build ENV DOTNET_CLI_TELEMETRY_OPTOUT=1 \ PATH="/root/.dotnet/tools:${PATH}" @@ -75,7 +74,7 @@ FROM build AS stress-test WORKDIR /opt/vfps-stress # https://github.com/hadolint/hadolint/pull/815 isn't yet in mega-linter # hadolint ignore=DL3022 -COPY --from=docker.io/bitnami/kubectl:1.29.3@sha256:030eecfae01810d0b0930a809532159554e4e263fd38afcefb5ee45bd014b75e /opt/bitnami/kubectl/bin/kubectl /usr/bin/kubectl +COPY --from=docker.io/bitnami/kubectl:1.30.1@sha256:0aef4af32ece80e21c32ab31438252f32d84ebe35035faafedc4fde184075b4f /opt/bitnami/kubectl/bin/kubectl /usr/bin/kubectl COPY tests/chaos/chaos.yaml /tmp/ COPY --from=build-stress-test /build/publish . diff --git a/docker-compose.yaml b/docker-compose.yaml index ef0d26e..d331b25 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,6 +1,6 @@ services: postgresql: - image: docker.io/library/postgres:16.2@sha256:6b841c8f6a819884207402f1209a8116844365df15fca8cf556fc54a24c70800 + image: docker.io/library/postgres:16.3@sha256:1bf73ccae25238fa555100080042f0b2f9be08eb757e200fe6afc1fc413a1b3c restart: unless-stopped deploy: resources: @@ -20,7 +20,7 @@ services: - "127.0.0.1:35432:5432" jaeger: - image: docker.io/jaegertracing/all-in-one:1.55.0@sha256:f6b5d09073f14f76873d300f565a6691d815e81bea8e07e1dc3ff67e0596dd4e + image: docker.io/jaegertracing/all-in-one:1.57.0@sha256:8f165334f418ca53691ce358c19b4244226ed35c5d18408c5acf305af2065fb9 restart: unless-stopped deploy: resources: diff --git a/grpc-utils.Dockerfile b/grpc-utils.Dockerfile index 47865c5..c9742a3 100644 --- a/grpc-utils.Dockerfile +++ b/grpc-utils.Dockerfile @@ -1,5 +1,4 @@ -# syntax=docker/dockerfile:1.7@sha256:dbbd5e059e8a07ff7ea6233b213b36aa516b4c53c645f1817a4dd18b83cbea56 -FROM docker.io/library/ubuntu:24.04@sha256:723ad8033f109978f8c7e6421ee684efb624eb5b9251b70c6788fdb2405d050b +FROM docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 SHELL ["/bin/bash", "-eo", "pipefail", "-c"] ENV GRPCURL_URL=https://github.com/fullstorydev/grpcurl/releases/download/v1.8.8/grpcurl_1.8.8_linux_x86_64.tar.gz \ diff --git a/src/Vfps.IntegrationTests/MigrationsTests.cs b/src/Vfps.IntegrationTests/MigrationsTests.cs index eab7fad..2d18d5c 100644 --- a/src/Vfps.IntegrationTests/MigrationsTests.cs +++ b/src/Vfps.IntegrationTests/MigrationsTests.cs @@ -1,6 +1,4 @@ using DotNet.Testcontainers.Builders; -using DotNet.Testcontainers.Configurations; -using DotNet.Testcontainers.Containers; using Testcontainers.PostgreSql; using Xunit.Abstractions; diff --git a/src/Vfps.IntegrationTests/Vfps.IntegrationTests.csproj b/src/Vfps.IntegrationTests/Vfps.IntegrationTests.csproj index cbdf1ea..fbbc498 100644 --- a/src/Vfps.IntegrationTests/Vfps.IntegrationTests.csproj +++ b/src/Vfps.IntegrationTests/Vfps.IntegrationTests.csproj @@ -13,8 +13,8 @@ - - + + runtime; build; native; contentfiles; analyzers; buildtransitive all diff --git a/src/Vfps.StressTests/Vfps.StressTests.csproj b/src/Vfps.StressTests/Vfps.StressTests.csproj index 5bc0e73..a688006 100644 --- a/src/Vfps.StressTests/Vfps.StressTests.csproj +++ b/src/Vfps.StressTests/Vfps.StressTests.csproj @@ -6,10 +6,10 @@ - - + + - + runtime; build; native; contentfiles; analyzers; buildtransitive all diff --git a/src/Vfps.Tests/ControllerTests/FhirControllerTests.cs b/src/Vfps.Tests/ControllerTests/FhirControllerTests.cs index dd420ac..7e9f413 100644 --- a/src/Vfps.Tests/ControllerTests/FhirControllerTests.cs +++ b/src/Vfps.Tests/ControllerTests/FhirControllerTests.cs @@ -2,7 +2,6 @@ using Hl7.Fhir.Model; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging; -using Vfps.Data; using Vfps.Fhir; using Vfps.Tests.ServiceTests; using Task = System.Threading.Tasks.Task; diff --git a/src/Vfps.Tests/Vfps.Tests.csproj b/src/Vfps.Tests/Vfps.Tests.csproj index 8d344f1..88de0b2 100644 --- a/src/Vfps.Tests/Vfps.Tests.csproj +++ b/src/Vfps.Tests/Vfps.Tests.csproj @@ -10,18 +10,18 @@ all - + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - + + + - - + + runtime; build; native; contentfiles; analyzers; buildtransitive all diff --git a/src/Vfps.Tests/WebAppTests/HttpEndpointTests.cs b/src/Vfps.Tests/WebAppTests/HttpEndpointTests.cs index 6aef4bc..d2eb3b6 100644 --- a/src/Vfps.Tests/WebAppTests/HttpEndpointTests.cs +++ b/src/Vfps.Tests/WebAppTests/HttpEndpointTests.cs @@ -1,8 +1,6 @@ using Hl7.Fhir.Model; using Hl7.Fhir.Rest; using Microsoft.Extensions.DependencyInjection; -using Vfps.Data; -using Vfps.Protos; using Task = System.Threading.Tasks.Task; namespace Vfps.Tests.WebAppTests; diff --git a/src/Vfps/Vfps.csproj b/src/Vfps/Vfps.csproj index 620df15..6dc2cea 100644 --- a/src/Vfps/Vfps.csproj +++ b/src/Vfps/Vfps.csproj @@ -8,23 +8,23 @@ - - - - + + + + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - - + + + + + + - - - + + + diff --git a/tests/iter8/experiment.yaml b/tests/iter8/experiment.yaml index d6a1af0..6c2c784 100644 --- a/tests/iter8/experiment.yaml +++ b/tests/iter8/experiment.yaml @@ -83,9 +83,9 @@ stringData: - metric: grpc/error-rate limit: 0 - metric: grpc/latency/mean - limit: 50 + limit: 200 - metric: grpc/latency/p99.0 - limit: 100 + limit: 400 --- # Source: iter8/templates/k8s.yaml