From 45b6bddd5dbcf233d2c73f26a665cd2285f3ebd7 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Mon, 9 Oct 2023 20:53:28 +0200 Subject: [PATCH 1/3] Add CI configuration --- .github/workflows/build_docker.yml | 22 +++++++++++++ .github/workflows/ci.yaml | 51 ++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 .github/workflows/build_docker.yml create mode 100644 .github/workflows/ci.yaml diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml new file mode 100644 index 000000000..9a9d5f62a --- /dev/null +++ b/.github/workflows/build_docker.yml @@ -0,0 +1,22 @@ +name: Build and publish a 🛢️ container + +on: + push: + paths-ignore: + - '.github/**' + branches: + - 'main' + tags: + - '*' + +jobs: + build-and-push-container: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: voxpupuli/gha-build-and-publish-a-container@v1 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + build_arch: linux/amd64,linux/arm64 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 000000000..b07e75ed4 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,51 @@ +--- + +on: + pull_request: {} + push: + branches: + - main + +name: CI + +jobs: + build_docker_image: + name: 'Built test Docker image' + runs-on: ubuntu-latest + defaults: + run: + working-directory: 'puppetdb' + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: . + tags: 'ci/hdm:${{ github.sha }}' + push: false + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'ci/hdm:${{ github.sha }}' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + tests: + needs: + - build_docker_image + runs-on: ubuntu-latest + name: Test suite + steps: + - run: echo Test suite completed From ac923c4c185d71dd685c55e30ef3d0cffc77eeaf Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 10 Oct 2023 12:10:15 +0200 Subject: [PATCH 2/3] try to adapt ci --- .github/workflows/build_docker.yml | 4 ++-- .github/workflows/ci.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml index 9a9d5f62a..614639a70 100644 --- a/.github/workflows/build_docker.yml +++ b/.github/workflows/build_docker.yml @@ -16,7 +16,7 @@ jobs: contents: read packages: write steps: - - uses: voxpupuli/gha-build-and-publish-a-container@v1 + - uses: voxpupuli/gha-build-and-publish-a-container@v2 with: - github_token: ${{ secrets.GITHUB_TOKEN }} build_arch: linux/amd64,linux/arm64 + buildfile: puppetdb/Dockerfile diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b07e75ed4..72882aa63 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -26,14 +26,14 @@ jobs: - name: Build Docker image uses: docker/build-push-action@v5 with: - context: . - tags: 'ci/hdm:${{ github.sha }}' + context: puppetdb + tags: 'ci/puppdb:${{ github.sha }}' push: false - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'ci/hdm:${{ github.sha }}' + image-ref: 'ci/puppdb:${{ github.sha }}' format: 'sarif' output: 'trivy-results.sarif' From 1ab5da6542357a8e53f771fd2e8836341f73c238 Mon Sep 17 00:00:00 2001 From: Tim 'bastelfreak' Meusel Date: Tue, 10 Oct 2023 13:28:51 +0200 Subject: [PATCH 3/3] fix puppetdb package installation --- puppetdb/Dockerfile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/puppetdb/Dockerfile b/puppetdb/Dockerfile index 79bdd7b8c..c493e0f49 100644 --- a/puppetdb/Dockerfile +++ b/puppetdb/Dockerfile @@ -68,10 +68,12 @@ ADD https://raw.githubusercontent.com/puppetlabs/wtfc/6aa5eef89728cc2903490a6184 COPY docker-entrypoint.d /docker-entrypoint.d # hadolint ignore=DL3009 -RUN apt-get update && \ - apt-get install --no-install-recommends -y ca-certificates curl dnsutils netcat && \ +ENV DEBIAN_FRONTEND noninteractive +RUN apt update && \ + apt install --no-install-recommends -y ca-certificates curl dnsutils netcat && \ chmod +x /ssl.sh /wtfc.sh /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh && \ - dpkg -i dumb-init_"$DUMB_INIT_VERSION"_amd64.deb + dpkg -i dumb-init_"$DUMB_INIT_VERSION"_amd64.deb && \ + rm dumb-init_"$DUMB_INIT_VERSION"_amd64.deb ###################################################### # release (build from packages) @@ -81,7 +83,6 @@ FROM base as release ARG version ARG UBUNTU_CODENAME -ARG install_path=puppetdb="$version"-1"$UBUNTU_CODENAME" ARG deb_uri=https://apt.puppetlabs.com/puppet7-release-$UBUNTU_CODENAME.deb ###################################################### @@ -96,7 +97,6 @@ ARG vcs_ref ARG version ARG build_date ARG build_type -ARG install_path ARG deb_uri # used by entrypoint to submit metrics to Google Analytics; # published images should use "production" for this build_arg @@ -108,9 +108,9 @@ ADD $deb_uri /puppet.deb RUN dpkg -i /puppet.deb && \ rm /puppet.deb && \ - apt-get update && \ - apt-get install --no-install-recommends -y $install_path && \ - apt-get clean && \ + apt update && \ + apt install --no-install-recommends -y puppetdb && \ + apt autoremove && \ rm -rf /var/lib/apt/lists/* && \ mkdir -p "$LOGDIR" && \ # We want to use the HOCON database.conf and config.conf files, so get rid