Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use distroless for base image #605

Merged
merged 21 commits into from
Aug 11, 2020
Merged

use distroless for base image #605

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
b4294b9
:whale: :recycle: use distroless for agent-ngt image
rinx Jul 30, 2020
acc2bf8
:whale: :recycle: use distroless for agent-sidecar image
rinx Jul 30, 2020
40cd0ab
:whale: :recycle: use distroless for discoverer-k8s image
rinx Aug 3, 2020
4193538
:whale: :recycle: use distroless for gateway-vald image
rinx Aug 4, 2020
12cf748
:whale: :recycle: use distroless for meta-redis image
rinx Aug 4, 2020
0341731
:whale: :recycle: use distroless for meta-cassandra image
rinx Aug 4, 2020
15e762a
:whale: :recycle: use distroless for manager-backup-mysql image
rinx Aug 4, 2020
c74dc68
:whale: :recycle: use distroless for manager-backup-cassandra image
rinx Aug 4, 2020
6f4c0d8
:whale: :recycle: use distroless for manager-compressor image
rinx Aug 4, 2020
dca470f
:whale: :recycle: use distroless for manager-index image
rinx Aug 4, 2020
4f0312d
:recycle: add UPX_OPTIONS
rinx Aug 5, 2020
094cc39
:whale: :recycle: use distroless for manager-replication-* image
rinx Aug 5, 2020
8f56701
:whale: :recycle: use distroless/static:nonroot image
rinx Aug 5, 2020
cbaaf1f
:whale: :green_heart: add daily trivy scan
rinx Aug 5, 2020
a32519c
:whale: :green_heart: add release-time trivy scan
rinx Aug 5, 2020
43335c9
:green_heart: build binaries and publish them to release page
rinx Aug 6, 2020
4810c63
:wrench: show version ad 'pr-xxx' when pr builds
rinx Aug 5, 2020
671e0da
Revert ":wrench: show version ad 'pr-xxx' when pr builds"
rinx Aug 7, 2020
c0d15e5
:wrench: show version as 'pr-xxx' when PR builds
rinx Aug 7, 2020
f702ca1
:wrench: fix info.BuildTime
rinx Aug 7, 2020
9ed3291
:wrench: update go.mod.default
rinx Aug 7, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 74 additions & 0 deletions .github/workflows/build-binaries.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
name: 'Upload artifacts to release'
on:
release:
types:
- created

jobs:
build-linux:
runs-on: ubuntu-latest
container:
image: vdaas/vald-ci-container:nightly
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 10
- name: Fetch golang version
run: |
GO_VERSION=`make version/go`
echo "::set-output name=version::${GO_VERSION}"
id: golang_version
- uses: actions/setup-go@v1
with:
go-version: ${{ steps.golang_version.outputs.version }}
- name: Build and zip
run: |
make binary/build/zip
- name: Upload artifact
uses: actions/upload-artifact@v2
with:
name: artifacts-linux
path: ./artifacts/
# build-macos: ## or using cross-compiler?
# runs-on: macos-latest
# steps:
# - uses: actions/checkout@v2
# with:
# fetch-depth: 10
# - name: Fetch golang version
# run: |
# GO_VERSION=`make version/go`
# echo "::set-output name=version::${GO_VERSION}"
# id: golang_version
# - uses: actions/setup-go@v1
# with:
# go-version: ${{ steps.golang_version.outputs.version }}
# - name: Build and zip
# run: |
# export PATH=$PATH:$(go env GOPATH)/bin
# brew install llvm libomp protobuf ngt
# make CXXFLAGS="-I/usr/local/opt/llvm/include -mno-avx512f -mno-avx512dq -mno-avx512cd -mno-avx512bw -mno-avx512vl" binary/build/zip
# - name: Upload artifact
# uses: actions/upload-artifact@v2
# with:
# name: artifacts-macos
# path: ./artifacts
publish:
runs-on: ubuntu-latest
needs:
- build-linux
# - build-macos
# - build-windows
steps:
- uses: actions/download-artifact@v2
with:
name: artifacts-linux
path: tmp/linux
# - uses: actions/download-artifact@v2
# with:
# name: artifacts-macos
# path: tmp/macos
- uses: shogo82148/actions-upload-release-asset@v1
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: tmp/linux/vald-*.zip
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ on:
- '.github/workflows/codeql-analysis.yml'
- '**.go'
schedule:
- cron: '0 1 * * 2'
- cron: '0 1 * * *'

jobs:
CodeQL-Build:
Expand Down
30 changes: 30 additions & 0 deletions .github/workflows/dockers-agent-ngt-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,11 @@ jobs:
- uses: actions/checkout@v1
with:
fetch-depth: 10
- name: Overwrite version name
if: github.event_name == 'pull_request'
run: |
pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"`
echo "PR-${pr_num}" > versions/VALD_VERSION
- name: Build the Docker image
run: |
make docker/build/agent-ngt
Expand All @@ -65,6 +70,7 @@ jobs:
docker push ${imagename}:pr-${pr_num}
- name: push to DockerHub (tags)
if: startsWith( github.ref, 'refs/tags/')
id: push_to_dockerhub_tags
run: |
imagename=`make docker/name/agent-ngt`
docker push ${imagename}:latest
Expand All @@ -73,6 +79,30 @@ jobs:
docker push ${imagename}:${tag_name}
docker tag ${imagename} ${imagename}:nightly
docker push ${imagename}:nightly
echo "::set-output name=IMAGE_NAME::${imagename}"
echo "::set-output name=TAG_NAME::${tag_name}"
- name: Initialize CodeQL
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/init@v1
- name: Run vulnerability scanner (table)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}"
format: 'table'
- name: Run vulnerability scanner (sarif)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to Security tab
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'
slack:
name: Slack notification
needs: build
Expand Down
30 changes: 30 additions & 0 deletions .github/workflows/dockers-agent-sidecar-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,11 @@ jobs:
- uses: actions/checkout@v1
with:
fetch-depth: 10
- name: Overwrite version name
if: github.event_name == 'pull_request'
run: |
pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"`
echo "PR-${pr_num}" > versions/VALD_VERSION
- name: Build the Docker image
run: |
make docker/build/agent-sidecar
Expand All @@ -65,6 +70,7 @@ jobs:
docker push ${imagename}:pr-${pr_num}
- name: push to DockerHub (tags)
if: startsWith( github.ref, 'refs/tags/')
id: push_to_dockerhub_tags
run: |
imagename=`make docker/name/agent-sidecar`
docker push ${imagename}:latest
Expand All @@ -73,6 +79,30 @@ jobs:
docker push ${imagename}:${tag_name}
docker tag ${imagename} ${imagename}:nightly
docker push ${imagename}:nightly
echo "::set-output name=IMAGE_NAME::${imagename}"
echo "::set-output name=TAG_NAME::${tag_name}"
- name: Initialize CodeQL
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/init@v1
- name: Run vulnerability scanner (table)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}"
format: 'table'
- name: Run vulnerability scanner (sarif)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to Security tab
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'
slack:
name: Slack notification
needs: build
Expand Down
30 changes: 30 additions & 0 deletions .github/workflows/dockers-backup-manager-cassandra-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@ jobs:
- uses: actions/checkout@v1
with:
fetch-depth: 10
- name: Overwrite version name
if: github.event_name == 'pull_request'
run: |
pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"`
echo "PR-${pr_num}" > versions/VALD_VERSION
- name: Build the Docker image
run: |
make docker/build/backup-manager-cassandra
Expand All @@ -67,6 +72,7 @@ jobs:
docker push ${imagename}:pr-${pr_num}
- name: push to DockerHub (tags)
if: startsWith( github.ref, 'refs/tags/')
id: push_to_dockerhub_tags
run: |
imagename=`make docker/name/backup-manager-cassandra`
docker push ${imagename}:latest
Expand All @@ -75,6 +81,30 @@ jobs:
docker push ${imagename}:${tag_name}
docker tag ${imagename} ${imagename}:nightly
docker push ${imagename}:nightly
echo "::set-output name=IMAGE_NAME::${imagename}"
echo "::set-output name=TAG_NAME::${tag_name}"
- name: Initialize CodeQL
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/init@v1
- name: Run vulnerability scanner (table)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}"
format: 'table'
- name: Run vulnerability scanner (sarif)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to Security tab
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'
slack:
name: Slack notification
needs: build
Expand Down
30 changes: 30 additions & 0 deletions .github/workflows/dockers-backup-manager-mysql-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,11 @@ jobs:
- uses: actions/checkout@v1
with:
fetch-depth: 10
- name: Overwrite version name
if: github.event_name == 'pull_request'
run: |
pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"`
echo "PR-${pr_num}" > versions/VALD_VERSION
- name: Build the Docker image
run: |
make docker/build/backup-manager-mysql
Expand All @@ -65,6 +70,7 @@ jobs:
docker push ${imagename}:pr-${pr_num}
- name: push to DockerHub (tags)
if: startsWith( github.ref, 'refs/tags/')
id: push_to_dockerhub_tags
run: |
imagename=`make docker/name/backup-manager-mysql`
docker push ${imagename}:latest
Expand All @@ -73,6 +79,30 @@ jobs:
docker push ${imagename}:${tag_name}
docker tag ${imagename} ${imagename}:nightly
docker push ${imagename}:nightly
echo "::set-output name=IMAGE_NAME::${imagename}"
echo "::set-output name=TAG_NAME::${tag_name}"
- name: Initialize CodeQL
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/init@v1
- name: Run vulnerability scanner (table)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}"
format: 'table'
- name: Run vulnerability scanner (sarif)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to Security tab
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'
slack:
name: Slack notification
needs: build
Expand Down
30 changes: 30 additions & 0 deletions .github/workflows/dockers-discoverer-k8s-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ jobs:
- uses: actions/checkout@v1
with:
fetch-depth: 10
- name: Overwrite version name
if: github.event_name == 'pull_request'
run: |
pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"`
echo "PR-${pr_num}" > versions/VALD_VERSION
- name: Build the Docker image
run: |
make docker/build/discoverer-k8s
Expand All @@ -61,6 +66,7 @@ jobs:
docker push ${imagename}:pr-${pr_num}
- name: push to DockerHub (tags)
if: startsWith( github.ref, 'refs/tags/')
id: push_to_dockerhub_tags
run: |
imagename=`make docker/name/discoverer-k8s`
docker push ${imagename}:latest
Expand All @@ -69,6 +75,30 @@ jobs:
docker push ${imagename}:${tag_name}
docker tag ${imagename} ${imagename}:nightly
docker push ${imagename}:nightly
echo "::set-output name=IMAGE_NAME::${imagename}"
echo "::set-output name=TAG_NAME::${tag_name}"
- name: Initialize CodeQL
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/init@v1
- name: Run vulnerability scanner (table)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}"
format: 'table'
- name: Run vulnerability scanner (sarif)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to Security tab
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'
slack:
name: Slack notification
needs: build
Expand Down
30 changes: 30 additions & 0 deletions .github/workflows/dockers-gateway-vald-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ jobs:
- uses: actions/checkout@v1
with:
fetch-depth: 10
- name: Overwrite version name
if: github.event_name == 'pull_request'
run: |
pr_num=`cat $GITHUB_EVENT_PATH | jq -r ".number"`
echo "PR-${pr_num}" > versions/VALD_VERSION
- name: Build the Docker image
run: |
make docker/build/gateway-vald
Expand All @@ -63,6 +68,7 @@ jobs:
docker push ${imagename}:pr-${pr_num}
- name: push to DockerHub (tags)
if: startsWith( github.ref, 'refs/tags/')
id: push_to_dockerhub_tags
run: |
imagename=`make docker/name/gateway-vald`
docker push ${imagename}:latest
Expand All @@ -71,6 +77,30 @@ jobs:
docker push ${imagename}:${tag_name}
docker tag ${imagename} ${imagename}:nightly
docker push ${imagename}:nightly
echo "::set-output name=IMAGE_NAME::${imagename}"
echo "::set-output name=TAG_NAME::${tag_name}"
- name: Initialize CodeQL
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/init@v1
- name: Run vulnerability scanner (table)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}"
format: 'table'
- name: Run vulnerability scanner (sarif)
if: startsWith( github.ref, 'refs/tags/')
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ steps.push_to_dockerhub_tags.outputs.IMAGE_NAME }}:${{ steps.push_to_dockerhub_tags.outputs.TAG_NAME }}"
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to Security tab
if: startsWith( github.ref, 'refs/tags/')
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'
slack:
name: Slack notification
needs: build
Expand Down
Loading