fix: custom/hardened-alpine/infra/Dockerfile to reduce vulnerabilitie… #74
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: push-pipeline | |
on: | |
push: | |
branches: | |
- master | |
defaults: | |
run: | |
shell: bash | |
env: | |
DNAME: ${{ secrets.DNAME }} | |
DPASS: ${{ secrets.DPASS }} | |
jobs: | |
shell-checker: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: checking syntax of shell script | |
run: bash -c 'shopt -s globstar nullglob; shellcheck **/*.{sh,ksh,bash}' || true | |
changes: | |
runs-on: ubuntu-latest | |
# Set job outputs to values from filter step | |
# this is done to run the selective jobs based on the code change | |
outputs: | |
kafka-deployer: ${{ steps.filter.outputs.kafka-deployer }} | |
forkbomb: ${{ steps.filter.outputs.forkbomb }} | |
fio: ${{ steps.filter.outputs.fio }} | |
mysql-client: ${{ steps.filter.outputs.mysql-client }} | |
sysbench-client: ${{ steps.filter.outputs.sysbench-client }} | |
tpcc-client: ${{ steps.filter.outputs.tpcc-client }} | |
stress-ng: ${{ steps.filter.outputs.stress-ng }} | |
mongo-client: ${{ steps.filter.outputs.mongo-client }} | |
postgres-client: ${{ steps.filter.outputs.postgres-client }} | |
custom-client: ${{ steps.filter.outputs.custom-client }} | |
logger: ${{ steps.filter.outputs.logger }} | |
dd-client: ${{ steps.filter.outputs.dd-client }} | |
memleak: ${{ steps.filter.outputs.memleak }} | |
elasticsearch-stress: ${{ steps.filter.outputs.elasticsearch-stress }} | |
kafka-client: ${{ steps.filter.outputs.kafka-client }} | |
memory-stress: ${{ steps.filter.outputs.memory-stress }} | |
nfs-client: ${{ steps.filter.outputs.nfs-client }} | |
cassandra-client: ${{ steps.filter.outputs.cassandra-client }} | |
litmus-app-deployer: ${{ steps.filter.outputs.litmus-app-deployer }} | |
litmus-qps-cmd: ${{ steps.filter.outputs.litmus-qps-cmd }} | |
pod-delete: ${{ steps.filter.outputs.pod-delete }} | |
pod-delete-helper: ${{ steps.filter.outputs.pod-delete-helper }} | |
container-killer: ${{ steps.filter.outputs.container-killer }} | |
container-kill-helper: ${{ steps.filter.outputs.pod-delete }} | |
litmus-git-app-checker: ${{ steps.filter.outputs.litmus-git-app-checker }} | |
litmus-k8s: ${{ steps.filter.outputs.litmus-k8s }} | |
litmus-curl: ${{ steps.filter.outputs.litmus-curl }} | |
litmus-checker: ${{ steps.filter.outputs.litmus-checker }} | |
litmus-argocli: ${{ steps.filter.outputs.litmus-argocli }} | |
workflow-controller: ${{ steps.filter.outputs.workflow-controller }} | |
argoexec: ${{ steps.filter.outputs.argoexec }} | |
mongo: ${{ steps.filter.outputs.mongo }} | |
litmus-pg-load: ${{ steps.filter.outputs.litmus-pg-load }} | |
litmus-pg-jmeter: ${{ steps.filter.outputs.litmus-pg-jmeter }} | |
litmus-experiment-hardened-alpine: ${{ steps.filter.outputs.litmus-experiment-hardened-alpine }} | |
litmus-infra-hardened-alpine: ${{ steps.filter.outputs.litmus-infra-hardened-alpine }} | |
mongo-utils: ${{ steps.filter.outputs.mongo-utils }} | |
litmusctl: ${{ steps.filter.outputs.litmusctl }} | |
litmus-redis-load: ${{ steps.filter.outputs.litmus-redis-load }} | |
litmus-helm-agent: ${{ steps.filter.outputs.litmus-helm-agent }} | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: dorny/paths-filter@v2 | |
id: filter | |
with: | |
filters: | | |
forkbomb: | |
- 'resource_stress/forkbomb/**' | |
fio: | |
- 'io_tools/fio/**' | |
mysql-client: | |
- 'app_clients/mysql-client/**' | |
sysbench-client: | |
- 'io_tools/sysbench/**' | |
tpcc-client: | |
- 'io_tools/tpcc/**' | |
stress-ng: | |
- 'resource_stress/stress-ng/**' | |
mongo-client: | |
- 'app_clients/mongo-client/**' | |
postgres-client: | |
- 'app_clients/postgres-client/**' | |
custom-client: | |
- 'custom/custom-client/**' | |
litmus-checker: | |
- 'custom/litmus-checker/**' | |
litmus-experiment-hardened-alpine: | |
- 'custom/hardened-alpine/experiment/**' | |
litmus-infra-hardened-alpine: | |
- 'custom/hardened-alpine/infra/**' | |
logger: | |
- 'log_utils/logger/**' | |
dd-client: | |
- 'io_tools/dd/**' | |
memleak: | |
- 'resource_stress/memleak/**' | |
elasticsearch-stress: | |
- 'app_clients/elasticsearch-stress/**' | |
kafka-client: | |
- 'app_clients/kafka-client/**' | |
nfs-client: | |
- 'app_clients/nfs-client/**' | |
cassandra-client: | |
- 'app_clients/cassandra-client/**' | |
litmus-app-deployer: | |
- 'custom/workflow-helper/app-deployer/**' | |
litmus-qps-cmd: | |
- 'custom/workflow-helper/app-qps-test/**' | |
pod-delete: | |
- 'experiments/pod-delete/**' | |
pod-delete-helper: | |
- 'experiments/generic/pod-delete/**' | |
container-killer: | |
- 'containerd/crictl/**' | |
container-kill-helper: | |
- 'experiments/generic/container-kill/**' | |
litmus-git-app-checker: | |
- 'custom/workflow-helper/app-checker/**' | |
litmus-k8s: | |
- 'custom/k8s/**' | |
litmus-curl: | |
- 'custom/curl/**' | |
litmus-argocli: | |
- 'custom/argo-server/**' | |
workflow-controller: | |
- 'custom/argo-workflow-controller/**' | |
argoexec: | |
- 'custom/argo-workflow-executor/**' | |
mongo: | |
- 'custom/mongo/**' | |
kafka-deployer: | |
- 'custom/app-setup/kafka/**' | |
litmus-pg-load: | |
- 'custom/workflow-helper/postgres-helper/load-test/**' | |
litmus-pg-jmeter: | |
- 'custom/workflow-helper/postgres-helper/jmeter/**' | |
mongo-utils: | |
- 'custom/mongo-utils/**' | |
litmusctl: | |
- 'custom/litmusctl/**' | |
litmus-redis-load: | |
- 'custom/workflow-helper/redis-helper/load-gen/**' | |
litmus-helm-agent: | |
- 'custom/litmus-helm-agent/**' | |
litmus-app-deployer: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-app-deployer == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: latest | |
- name: Build and Push litmus-app-deployer image | |
run: | | |
make docker.buildx | |
make _push_litmus_app_deployer | |
litmus-qps-cmd: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-qps-cmd == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: latest | |
- name: Build and Push litmus-qps-cmd image | |
run: | | |
make docker.buildx | |
make _push_litmus_qps_cmd | |
litmus-checker: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-checker == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: latest | |
- name: Build and Push litmus-checker image | |
run: | | |
make docker.buildx | |
make _push_litmus_checker | |
litmus-infra-hardened-alpine: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-infra-hardened-alpine == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: latest | |
- name: Building litmus-infra-hardened-alpine image | |
run: | | |
make docker.buildx | |
make _push_litmus_infra_hardened_alpine | |
litmus-experiment-hardened-alpine: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-experiment-hardened-alpine == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: latest | |
- name: Building litmus-experiment-hardened-alpine image | |
run: | | |
make docker.buildx | |
make _push_litmus_experiment_hardened_alpine | |
litmus-git-app-checker: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-git-app-checker == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: latest | |
- name: Build and Push litmus-git-app-checker image | |
run: | | |
make docker.buildx | |
make _push_litmus_git_app_checker | |
litmus-k8s: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-k8s == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: latest | |
- name: Build and Push litmus-k8s image | |
run: | | |
make docker.buildx | |
make _push_litmus_k8s | |
litmus-curl: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-curl == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: latest | |
- name: Build and Push litmus-curl image | |
run: | | |
make docker.buildx | |
make _push_litmus_curl | |
kafka-client: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.kafka-client == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push kafka-client image | |
run: make kafka-client | |
cassandra-client: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.cassandra-client == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push cassandra-client image | |
run: make cassandra-client | |
litmus-argocli: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-argocli == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: latest | |
- name: Build and Push litmus-argocli image | |
run: | | |
make docker.buildx | |
make _push_litmus_argocli | |
litmus-argo-workflow-controller: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.workflow-controller == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: latest | |
- name: Build and Push workflow-controller image | |
run: | | |
make docker.buildx | |
make _push_litmus_argo_workflow_controller | |
litmus-argo-workflow-executor: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.argoexec == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: latest | |
- name: Build and Push argoexec image | |
run: | | |
make docker.buildx | |
make _push_litmus_argo_workflow_executor | |
mongo: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.mongo == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
version: latest | |
- name: Build and Push mongo image | |
run: | | |
make docker.buildx | |
make _push_litmus_mongo | |
kafka-deployer: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.kafka-deployer == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push kafka-deployer image | |
run: make litmus-kafka-deployer | |
mysql-client: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.mysql-client == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push mysql-client image | |
run: make mysql-client | |
sysbench-client: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.sysbench-client == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push sysbench-client image | |
run: make sysbench | |
tpcc-client: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.tpcc-client == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push tpcc-client image | |
run: make tpcc | |
stress-ng: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.stress-ng == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push stress-ng image | |
run: make stress-ng | |
mongo-client: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.mongo-client == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push mongo-client image | |
run: make mongo-client | |
postgres-client: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.postgres-client == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push postgres-client image | |
run: make postgres-client | |
custom-client: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.custom-client == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push custom-client image | |
run: make custom-client | |
logger: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.logger == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push logger image | |
run: make logger | |
dd-client: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.dd-client == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push dd-client image | |
run: make dd | |
memleak: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.memleak == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push memleak image | |
run: make memleak | |
elasticsearch-stress: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.elasticsearch-stress == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push elasticsearch-stress image | |
run: make elasticsearch-stress | |
memory-stress: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.memory-stress == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push memory-stress image | |
run: make memory-stress | |
nfs-client: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.nfs-client == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push nfs-client image | |
run: make nfs-client | |
pod-delete: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.pod-delete == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push pod-delete image | |
run: make pod-delete | |
pod-delete-helper: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.pod-delete-helper == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push pod-delete-helper image | |
run: make pod-delete-go | |
container-killer: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.container-killer == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push container-killer image | |
run: make container-killer | |
container-kill-helper: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.container-kill-helper == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push container-kill-helper image | |
run: make container-kill-go | |
forkbomb: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.forkbomb == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push forkbomb image | |
run: make forkbomb | |
fio: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.fio == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build and Push fio image | |
run: make fio | |
litmus-pg-load: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-pg-load == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Building litmus-pg-load image | |
run: | | |
make docker.buildx | |
make _push_litmus_pg_load | |
litmus-pg-jmeter: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-pg-jmeter == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Building litmus-pg-jmeter image | |
run: | | |
make docker.buildx | |
make _push_litmus_pg_jmeter | |
mongo-utils: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.mongo-utils == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Building mongo-utils image | |
run: | | |
make docker.buildx | |
make _push_litmus_mongo_utils | |
litmusctl: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmusctl == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Building litmusctl image | |
run: | | |
make docker.buildx | |
make _push_litmusctl | |
litmus-redis-load: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-redis-load == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Building litmus-redis-load image | |
run: | | |
make docker.buildx | |
make _push_litmus_redis_load | |
litmus-helm-agent: | |
runs-on: ubuntu-latest | |
needs: changes | |
if: needs.changes.outputs.litmus-helm-agent == 'true' | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Building litmus-helm-agent image | |
run: | | |
make docker.buildx | |
make _push_litmus_helm_agent |