diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 88e252d9..57d12c32 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -50,7 +50,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + uses: github/codeql-action/init@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -60,7 +60,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + uses: github/codeql-action/autobuild@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -73,6 +73,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + uses: github/codeql-action/analyze@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8aea12fe..f8ef1970 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 with: sarif_file: results.sarif diff --git a/scripts/grafana/clean.sh b/scripts/grafana/clean.sh new file mode 100644 index 00000000..6032773e --- /dev/null +++ b/scripts/grafana/clean.sh @@ -0,0 +1,4 @@ + + +rm -rf provisioning/datasources +rm -rf *_volume diff --git a/scripts/grafana/start-prometheus.sh b/scripts/grafana/start-prometheus.sh index 849cb084..79e4e0d6 100755 --- a/scripts/grafana/start-prometheus.sh +++ b/scripts/grafana/start-prometheus.sh @@ -1,49 +1,73 @@ #!/bin/sh -if [ "$#" -ne 1 ]; -then +set -e + +usage() { echo echo "Usage: $0 target_address:port" echo echo "target_address is the hostname or IP address of the system that runs pcm-sensor-server" + echo + echo "Alternative usage: $0 filename" + echo + echo "Specify filename containing target_address:port in each line" exit 1 -fi +} -CTR_RUN=${CTR_RUN:-docker} +# Validate the URL format and reject localhost or 127.0.0.1 +validate_url() { + local url=$1 + local regex='^([a-zA-Z0-9.-]+):[0-9]+$' + local localhost_regex='^(localhost|127\.0\.0\.1):[0-9]+$' -mkdir -p grafana_volume/dashboards -mkdir -p prometheus_volume + if ! [[ $url =~ $regex ]]; then + echo "Error: The target_address ($url) provided is not in the correct format." + usage + fi -chmod -R 777 *_volume + if [[ $url =~ $localhost_regex ]]; then + echo "Error: The target_address cannot be localhost or 127.0.0.1." + usage + fi +} -mkdir -p provisioning/datasources -cp automatic_prometheus.yml provisioning/datasources/automatic.yml +if [ "$#" -ne 1 ]; then + usage +fi +CTR_RUN=${CTR_RUN:-docker} + +mkdir -p grafana_volume/dashboards || { echo "Error creating grafana_volume/dashboards directory"; exit 1; } +mkdir -p prometheus_volume || { echo "Error creating prometheus_volume directory"; exit 1; } + +chmod -R 777 *_volume || { echo "Error setting permissions on volume directories"; exit 1; } +mkdir -p provisioning/datasources || { echo "Error creating provisioning/datasources directory"; exit 1; } +cp automatic_prometheus.yml provisioning/datasources/automatic.yml || { echo "Error copying automatic_prometheus.yml"; exit 1; } # check if argument is file, create the prometheus.yml accordingly if [ -f "$1" ]; then echo "creating prometheus.yml for hosts in targets file"; - head -n -1 "prometheus.yml.template" > prometheus.yml + head -n -1 "prometheus.yml.template" > prometheus.yml || { echo "Error creating prometheus.yml"; exit 1; } while read -r line; do + validate_url "$line" echo " - targets: ['$line']" >> "prometheus.yml" done < "$1" echo Downloading PCM dashboard - curl -o grafana_volume/dashboards/pcm-dashboard.json $(head -1 $1)/dashboard/prometheus - + curl -o grafana_volume/dashboards/pcm-dashboard.json $(head -1 "$1")/dashboard/prometheus || { echo "Error downloading PCM dashboard"; exit 1; } else + validate_url "$1" echo "creating prometheus.yml for $1 "; - sed "s#PCMSENSORSERVER#$1#g" prometheus.yml.template > prometheus.yml + sed "s#PCMSENSORSERVER#$1#g" prometheus.yml.template > prometheus.yml || { echo "Error creating prometheus.yml"; exit 1; } echo Downloading PCM dashboard - curl -o grafana_volume/dashboards/pcm-dashboard.json $1/dashboard/prometheus + curl -o grafana_volume/dashboards/pcm-dashboard.json "$1"/dashboard/prometheus || { echo "Error downloading PCM dashboard"; exit 1; } fi echo "Starting prometheus network" -${CTR_RUN} network create prometheus-network +${CTR_RUN} network create prometheus-network || { echo "Error creating prometheus network"; exit 1; } echo Starting prometheus -${CTR_RUN} run --name prometheus --network=prometheus-network -d -p 9090:9090 -v $PWD/prometheus.yml:/etc/prometheus/prometheus.yml:Z -v $PWD/prometheus_volume:/prometheus:Z quay.io/prometheus/prometheus:latest +${CTR_RUN} run --name prometheus --network=prometheus-network -d -p 9090:9090 -v "$PWD"/prometheus.yml:/etc/prometheus/prometheus.yml:Z -v "$PWD"/prometheus_volume:/prometheus:Z quay.io/prometheus/prometheus:latest || { echo "Error starting prometheus"; exit 1; } echo Starting grafana -${CTR_RUN} run -d --network=prometheus-network --name=grafana -p 3000:3000 -v $PWD/grafana_volume:/var/lib/grafana:Z -v $PWD/provisioning:/etc/grafana/provisioning:Z docker.io/grafana/grafana:latest - -echo Start browser at http://localhost:3000/ and login with admin user, password admin +${CTR_RUN} run -d --network=prometheus-network --name=grafana -p 3000:3000 -v "$PWD"/grafana_volume:/var/lib/grafana:Z -v "$PWD"/provisioning:/etc/grafana/provisioning:Z docker.io/grafana/grafana:latest || { echo "Error starting grafana"; exit 1; } +echo "Start browser at http://"`hostname`":3000/ or http://localhost:3000/ and login with admin user, password admin" diff --git a/scripts/grafana/start.sh b/scripts/grafana/start.sh index 060b6124..437094b5 100755 --- a/scripts/grafana/start.sh +++ b/scripts/grafana/start.sh @@ -1,57 +1,77 @@ #!/bin/sh -if [ "$#" -ne 1 ]; -then +set -e + +usage() { echo echo "Usage: $0 http(s)://target_address:port" echo echo "target_address is the hostname or IP address of the system that runs pcm-sensor-server" exit 1 -fi +} + +# Validate the URL format and reject localhost or 127.0.0.1 +validate_url() { + local url=$1 + local regex='^https?://([a-zA-Z0-9.-]+):[0-9]+$' + local localhost_regex='^(https?://)?(localhost|127\.0\.0\.1):[0-9]+$' + + if ! [[ $url =~ $regex ]]; then + echo "Error: The URL provided is not in the correct format." + usage + fi + if [[ $url =~ $localhost_regex ]]; then + echo "Error: The target_address cannot be localhost or 127.0.0.1." + usage + fi +} -mkdir -p grafana_volume/dashboards -mkdir -p influxdb_volume +if [ "$#" -ne 1 ]; then + usage +fi + +validate_url "$1" -chmod -R 777 *_volume +mkdir -p grafana_volume/dashboards || { echo "Error creating grafana_volume/dashboards directory"; exit 1; } +mkdir -p influxdb_volume || { echo "Error creating influxdb_volume directory"; exit 1; } -mkdir -p provisioning/datasources -cp automatic_influxdb.yml provisioning/datasources/automatic.yml +chmod -R 777 *_volume || { echo "Error setting permissions on volume directories"; exit 1; } +mkdir -p provisioning/datasources || { echo "Error creating provisioning/datasources directory"; exit 1; } +cp automatic_influxdb.yml provisioning/datasources/automatic.yml || { echo "Error copying automatic_influxdb.yml"; exit 1; } CTR_RUN=${CTR_RUN:-docker} # check if argument is file, create the telegraf.conf accordingly if [ -f "$1" ]; then echo "creating telegraf.conf for hosts in targets file"; - head -n -7 "telegraf.conf.template" > telegraf.conf + head -n -7 "telegraf.conf.template" > telegraf.conf || { echo "Error creating telegraf.conf"; exit 1; } while IFS='' read -r line || [[ -n "$line" ]]; do # Split the line at the : character to get the IP and port ip=$(echo "$line" | cut -d ':' -f 1) port=$(echo "$line" | cut -d ':' -f 2) # Append the transformed line to the output file, separated by a comma echo -n "\"http://$ip:$port/persecond/\"," >> telegraf.conf - done < $1 - sed -i '$ s/,$//' telegraf.conf - tail -n -6 "telegraf.conf.template" >> telegraf.conf + done < "$1" + sed -i '$ s/,$//' telegraf.conf || { echo "Error editing telegraf.conf"; exit 1; } + tail -n -6 "telegraf.conf.template" >> telegraf.conf || { echo "Error appending to telegraf.conf"; exit 1; } echo Downloading PCM dashboard - curl -o grafana_volume/dashboards/pcm-dashboard.json $(head -1 $1)/dashboard - + curl -o grafana_volume/dashboards/pcm-dashboard.json $(head -1 "$1")/dashboard || { echo "Error downloading PCM dashboard"; exit 1; } else echo "creating telegraf.conf for $1 "; - sed "s#PCMSENSORSERVER#$1#g" telegraf.conf.template > telegraf.conf + sed "s#PCMSENSORSERVER#$1#g" telegraf.conf.template > telegraf.conf || { echo "Error creating telegraf.conf"; exit 1; } echo Downloading PCM dashboard - curl -o grafana_volume/dashboards/pcm-dashboard.json $1/dashboard + curl -o grafana_volume/dashboards/pcm-dashboard.json "$1"/dashboard || { echo "Error downloading PCM dashboard"; exit 1; } fi echo "Creating influxdb network" -${CTR_RUN} network create influxdb-network +${CTR_RUN} network create influxdb-network || { echo "Error creating influxdb network"; exit 1; } echo Starting influxdb -${CTR_RUN} run -d --name influxdb -p 8083:8083 -p 8086:8086 --network=influxdb-network -v $PWD/influxdb_volume:/var/lib/influxdb influxdb:1.8.0-alpine +${CTR_RUN} run -d --name influxdb -p 8083:8083 -p 8086:8086 --network=influxdb-network -v "$PWD"/influxdb_volume:/var/lib/influxdb influxdb:1.8.0-alpine || { echo "Error starting influxdb"; exit 1; } echo Starting telegraf -${CTR_RUN} run -d --name telegraf --network=influxdb-network -v $PWD/telegraf.conf:/etc/telegraf/telegraf.conf:ro telegraf +${CTR_RUN} run -d --name telegraf --network=influxdb-network -v "$PWD"/telegraf.conf:/etc/telegraf/telegraf.conf:ro telegraf || { echo "Error starting telegraf"; exit 1; } echo Starting grafana -${CTR_RUN} run -d --network=influxdb-network --name grafana -p 3000:3000 -v $PWD/provisioning:/etc/grafana/provisioning -v $PWD/grafana_volume:/var/lib/grafana grafana/grafana - -echo Start browser at http://localhost:3000/ and login with admin user, password admin +${CTR_RUN} run -d --network=influxdb-network --name grafana -p 3000:3000 -v "$PWD"/provisioning:/etc/grafana/provisioning -v "$PWD"/grafana_volume:/var/lib/grafana grafana/grafana || { echo "Error starting grafana"; exit 1; } +echo "Start browser at http://"`hostname`":3000/ or http://localhost:3000/ and login with admin user, password admin"