Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Misc GitHub action fixes #75

Merged
merged 5 commits into from
Aug 1, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/build-push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
matrix:
target:
- name: "dev"
ref: "refs/heads/master"
ref: "refs/heads/main"
acr-name: "radixdev"
client-id: "2bfe6984-f5e3-4d09-a0b2-4dd96de3f21e"
subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/deploy-database.yml
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ jobs:
with:
connection-string: ${{env.connection}}
path: './azure-infrastructure/sql-scripts/roles.sql'
arguments: '--variables RADIX_ZONE=${{matrix.target.name}}'
arguments: '-v RADIX_ZONE=${{matrix.target.name}}'


- uses: azure/[email protected]
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: radix-acr-cleanup-pr
name: radix-vulnerability-scanner-pr
on:
pull_request:
branches:
Expand Down
41 changes: 17 additions & 24 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,35 +1,28 @@
FROM docker.io/golang:1.22.5-alpine3.20 AS builder

ENV CGO_ENABLED=0 \
GOOS=linux

# Build stage
FROM --platform=$BUILDPLATFORM docker.io/golang:1.22.5-alpine3.20 AS builder
ARG TARGETARCH
WORKDIR /src

# Install project dependencies
ENV CGO_ENABLED=0 \
GOOS=linux \
GOARCH=${TARGETARCH}
COPY ./go.mod ./go.sum ./
RUN go mod download

# Copy project code
COPY . .

# Build
RUN go build -ldflags="-s -w" -o /build/radix-vulnerability-scanner

# Install SNYK
FROM alpine:3 as tools
ADD https://github.com/snyk/cli/releases/download/v1.1292.1/snyk-linux-arm64 /
RUN chmod +x /snyk-linux-arm64
# SNYK cli
FROM --platform=$BUILDPLATFORM docker.io/alpine:3.20 AS tools
ARG TARGETARCH
RUN snykVersion=v1.1292.1 snykBinary=snyk-linux && \
if [ "${TARGETARCH}" = "arm64" ]; then snykBinary=snyk-linux-arm64; fi && \
wget -O /snyk -q https://github.com/snyk/cli/releases/download/${snykVersion}/${snykBinary}

# Run scanner
FROM alpine:3
RUN apk update && \
apk add ca-certificates libstdc++
# Final stage
FROM docker.io/ubuntu:24.04
WORKDIR /app
RUN usermod --home /home/radix-vulnerability-scanner ubuntu
COPY --from=builder /build/radix-vulnerability-scanner .
COPY --from=tools /snyk-linux-arm64 /usr/local/bin/snyk
RUN addgroup -S -g 1000 radix-vulnerability-scanner
RUN adduser -S -u 1000 -G radix-vulnerability-scanner radix-vulnerability-scanner

COPY --from=tools --chmod=755 /snyk /usr/local/bin/snyk
COPY --from=gcr.io/distroless/static /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
USER 1000

ENTRYPOINT ["/app/radix-vulnerability-scanner"]
7 changes: 6 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,15 @@ build:
docker build -t $(IMAGE_NAME) .

.PHONY: push
push:
push: build
az acr login -n $(DOCKER_REGISTRY)
docker push $(IMAGE_NAME)

.PHONY: pushmultiplatform
pushmultiplatform:
az acr login -n $(DOCKER_REGISTRY)
docker buildx build --platform=linux/amd64,linux/arm64 -t $(IMAGE_NAME) --push .

.PHONY: test
test:
go test -cover `go list ./... | grep -v 'pkg/client'`
Expand Down
3 changes: 1 addition & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ toolchain go1.22.5
require (
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0
github.com/containerd/containerd v1.7.20
github.com/distribution/reference v0.6.0
github.com/equinor/radix-common v1.9.3
github.com/equinor/radix-operator v1.57.1
github.com/golang-jwt/jwt/v5 v5.2.1
Expand Down Expand Up @@ -36,7 +36,6 @@ require (
github.com/cert-manager/cert-manager v1.14.2 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/emicklei/go-restful/v3 v3.11.2 // indirect
github.com/evanphx/json-patch v5.8.1+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
Expand Down
2 changes: 0 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,6 @@ github.com/cert-manager/cert-manager v1.14.2 h1:C/uci6yxiCRO04PWomBbSX+T4JT58FII
github.com/cert-manager/cert-manager v1.14.2/go.mod h1:pik7K6jXfgh++lfVJ/i1HzEnDluSUtTVLXSHikj8Lho=
github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/containerd/containerd v1.7.20 h1:Sl6jQYk3TRavaU83h66QMbI2Nqg9Jm6qzwX57Vsn1SQ=
github.com/containerd/containerd v1.7.20/go.mod h1:52GsS5CwquuqPuLncsXwG0t2CiUce+KsNHJZQJvAgR0=
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
Expand Down
Loading