From 6c56f65007708f3b46f69e655519ea1275e5360e Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 12:15:55 +0100 Subject: [PATCH 01/21] upgrade golang to 1.16 --- .circleci/config.yml | 12 +++++++----- go.mod | 5 +++-- go.sum | 19 ------------------- 3 files changed, 10 insertions(+), 26 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 338e37b..806b652 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -14,11 +14,13 @@ kube-builder: &install-kube-builder # (you'll need to set the KUBEBUILDER_ASSETS env var if you put it somewhere else) sudo mv /tmp/kubebuilder_2.3.2_${os}_${arch} /usr/local/kubebuilder export PATH=$PATH:/usr/local/kubebuilder/bin +golaing_image: &golang_image + image: circleci/golang:1.16 version: 2 jobs: build: docker: - - image: circleci/golang:1.15 + - <<: *golang_image working_directory: /go/src/github.com/ory/hydra-maester steps: - checkout @@ -27,7 +29,7 @@ jobs: - run: make test: docker: - - image: circleci/golang:1.15 + - <<: *golang_image working_directory: /go/src/github.com/ory/hydra-maester steps: - checkout @@ -42,8 +44,8 @@ jobs: name: Update golang command: | sudo rm -rf /usr/local/go/ - curl -LO https://dl.google.com/go/go1.15.11.linux-amd64.tar.gz - sudo tar -C /usr/local -xzf go1.15.11.linux-amd64.tar.gz + curl -LO https://go.dev/dl/go1.16.10.linux-amd64.tar.gz + sudo tar -C /usr/local -xzf go1.16.10.linux-amd64.tar.gz sudo echo "export PATH=$PATH:/usr/local/go/bin" >> $HOME/.profile go version - run: @@ -73,7 +75,7 @@ jobs: release: docker: - - image: circleci/golang:1.15 + - <<: *golang_image working_directory: /go/src/github.com/ory/hydra-maester steps: - checkout diff --git a/go.mod b/go.mod index 660dba1..61fc078 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/ory/hydra-maester -go 1.15 +go 1.16 require ( github.com/go-logr/logr v0.4.0 @@ -10,11 +10,12 @@ require ( github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.6.1 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b + golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c // indirect + gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect k8s.io/api v0.20.2 k8s.io/apiextensions-apiserver v0.20.1 k8s.io/apimachinery v0.20.2 k8s.io/client-go v0.20.2 k8s.io/utils v0.0.0-20210305010621-2afb4311ab10 sigs.k8s.io/controller-runtime v0.8.3 - sigs.k8s.io/kind v0.11.1 // indirect ) diff --git a/go.sum b/go.sum index a375e0a..c013a19 100644 --- a/go.sum +++ b/go.sum @@ -47,8 +47,6 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= -github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= @@ -105,8 +103,6 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.2.0 h1:8ozOH5xxoMYDt5/u+yMTsVXydVCbTORFnOOoq2lumco= -github.com/evanphx/json-patch/v5 v5.2.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -196,7 +192,6 @@ github.com/go-openapi/validate v0.19.10 h1:tG3SZ5DC5KF4cyt7nqLVcQXGj5A7mpaYkAcNP github.com/go-openapi/validate v0.19.10/go.mod h1:RKEZTUWDkxKQxN2jDT7ZnZi2bhZlbNMAuKvKB+IaGx8= github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= @@ -317,9 +312,7 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.10 h1:6q5mVkdH/vYmqngx7kZQTjJ5HRsx+ImorDIEQ+beJgc= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= @@ -360,8 +353,6 @@ github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kN github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= -github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= @@ -401,8 +392,6 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.1/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.16.2 h1:HFB2fbVIlhIfCfOW81bZFbiC/RvnpXSdhbF2/DJr134= -github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E= github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= @@ -417,8 +406,6 @@ github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FI github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo= -github.com/pelletier/go-toml v1.8.1 h1:1Nf83orprkJyknT6h7zbuEGUEjcyVlCxSUGTENmNCRM= -github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -471,7 +458,6 @@ github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v1.1.1 h1:KfztREH0tPxJJ+geloSLaAkaPkr4ki2Er5quFV1TDo4= github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -653,7 +639,6 @@ golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -664,7 +649,6 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210112080510-489259a85091 h1:DMyOG0U+gKfu8JZzg2UQe9MeaC1X+xQWlAKcRnjxjCw= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -818,7 +802,6 @@ gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -865,8 +848,6 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/controller-runtime v0.8.3 h1:GMHvzjTmaWHQB8HadW+dIvBoJuLvZObYJ5YoZruPRao= sigs.k8s.io/controller-runtime v0.8.3/go.mod h1:U/l+DUopBc1ecfRZ5aviA9JDmGFQKvLf5YkZNx2e0sU= -sigs.k8s.io/kind v0.11.1 h1:pVzOkhUwMBrCB0Q/WllQDO3v14Y+o2V0tFgjTqIUjwA= -sigs.k8s.io/kind v0.11.1/go.mod h1:fRpgVhtqAWrtLB9ED7zQahUimpUXuG/iHT88xYqEGIA= sigs.k8s.io/structured-merge-diff/v4 v4.0.2 h1:YHQV7Dajm86OuqnIR6zAelnDWBRjo+YhYV9PmGrh1s8= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= From a2c9afbf3b41f7f8d37b875c94060e0b1344a35b Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 13:01:39 +0100 Subject: [PATCH 02/21] add CVE scanning pipeline --- .github/workflows/cve-scan.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/cve-scan.yaml diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml new file mode 100644 index 0000000..b6206dc --- /dev/null +++ b/.github/workflows/cve-scan.yaml @@ -0,0 +1,31 @@ +name: Docker Image Scan +on: + push: + branches: + - 'master' + tags: + - 'v*.*.*' + pull_request: + branches: + - 'master' + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Build images + shell: bash + run: | + make docker-build-notest + - name: Scan image + uses: anchore/scan-action@v3 + with: + image: controller:latest + fail-build: true + severity-cutoff: high From 92f0a228cd2547239ebbfcedfaa78e02eca6871b Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 13:11:49 +0100 Subject: [PATCH 03/21] debug --- .github/workflows/cve-scan.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index b6206dc..978bcf3 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -22,6 +22,8 @@ jobs: - name: Build images shell: bash run: | + pwd + ls -al make docker-build-notest - name: Scan image uses: anchore/scan-action@v3 From 5573929d48969f126c7408f0bef1bac79dd8e0c9 Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 13:15:35 +0100 Subject: [PATCH 04/21] debug --- .github/workflows/cve-scan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index 978bcf3..b8c8afd 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -24,6 +24,7 @@ jobs: run: | pwd ls -al + cat ./hack/boilerplate.go.txt make docker-build-notest - name: Scan image uses: anchore/scan-action@v3 From fa178501cec40048205c7eb6866e8d843b44863f Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 13:41:29 +0100 Subject: [PATCH 05/21] u --- .github/workflows/cve-scan.yaml | 4 +--- Makefile | 8 ++++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index b8c8afd..a3ff154 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -22,9 +22,7 @@ jobs: - name: Build images shell: bash run: | - pwd - ls -al - cat ./hack/boilerplate.go.txt + make kubekubebuilder make docker-build-notest - name: Scan image uses: anchore/scan-action@v3 diff --git a/Makefile b/Makefile index c9f683a..2ca0d84 100644 --- a/Makefile +++ b/Makefile @@ -92,3 +92,11 @@ CONTROLLER_GEN=$(shell which controller-gen) else CONTROLLER_GEN=$(shell which controller-gen) endif + +# Download and setup kubebuilder +kubebuilder: + os=$(go env GOOS) + arch=$(go env GOARCH) + curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${os}_${arch}.tar.gz | tar -xz -C /tmp/ + mv /tmp/kubebuilder_2.3.2_${os}_${arch} /usr/local/kubebuilder + export PATH=$PATH:/usr/local/kubebuilder/bin \ No newline at end of file From 4ac9902a4f96d641d6ed4f368d67e660bc9839e4 Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 13:42:23 +0100 Subject: [PATCH 06/21] u --- .github/workflows/cve-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index a3ff154..9205443 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -22,7 +22,7 @@ jobs: - name: Build images shell: bash run: | - make kubekubebuilder + make kubebuilder make docker-build-notest - name: Scan image uses: anchore/scan-action@v3 From e054ef407f6c2e3ba7ffb9843dd078d0c75127cb Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 13:46:48 +0100 Subject: [PATCH 07/21] u --- Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 2ca0d84..a4881fe 100644 --- a/Makefile +++ b/Makefile @@ -95,8 +95,8 @@ endif # Download and setup kubebuilder kubebuilder: - os=$(go env GOOS) - arch=$(go env GOARCH) - curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${os}_${arch}.tar.gz | tar -xz -C /tmp/ - mv /tmp/kubebuilder_2.3.2_${os}_${arch} /usr/local/kubebuilder - export PATH=$PATH:/usr/local/kubebuilder/bin \ No newline at end of file + os=$$(go env GOOS) + arch=$$(go env GOARCH) + curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_$${os}_$${arch}.tar.gz | tar -xz -C /tmp/ + mv /tmp/kubebuilder_2.3.2_$${os}_$${arch} /usr/local/kubebuilder + export PATH=$PATH:/usr/local/kubebuilder/bin From f827f6e0fd04969040d47bc742ea9cb5368efef0 Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 14:02:02 +0100 Subject: [PATCH 08/21] u --- Makefile | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index a4881fe..20649d5 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,21 @@ +ifeq ($(OS),Windows_NT) + ifeq ($(PROCESSOR_ARCHITECTURE),AMD64) + ARCH=amd64 + OS=windows + endif +else + UNAME_S := $(shell uname -s) + ifeq ($(UNAME_S),Linux) + OS=linux + ARCH=amd64 + endif + ifeq ($(UNAME_S),Darwin) + OS=darwin + ARCH=amd64 + endif +endif +HELL=/bin/bash -o pipefail # Image URL to use all building/pushing image targets IMG ?= controller:latest # Produce CRDs that work back to Kubernetes 1.11 (no version conversion) @@ -95,8 +112,6 @@ endif # Download and setup kubebuilder kubebuilder: - os=$$(go env GOOS) - arch=$$(go env GOARCH) - curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_$${os}_$${arch}.tar.gz | tar -xz -C /tmp/ - mv /tmp/kubebuilder_2.3.2_$${os}_$${arch} /usr/local/kubebuilder + curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${OS}_${ARCH}.tar.gz | tar -xz -C /tmp/ + mv /tmp/kubebuilder_2.3.2_${OS}_${ARCH} /usr/local/kubebuilder export PATH=$PATH:/usr/local/kubebuilder/bin From 49dcd3403bd4c38ddd54c53341ffba05af0e46e9 Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 14:07:19 +0100 Subject: [PATCH 09/21] u --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 20649d5..c9642b1 100644 --- a/Makefile +++ b/Makefile @@ -113,5 +113,5 @@ endif # Download and setup kubebuilder kubebuilder: curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${OS}_${ARCH}.tar.gz | tar -xz -C /tmp/ - mv /tmp/kubebuilder_2.3.2_${OS}_${ARCH} /usr/local/kubebuilder - export PATH=$PATH:/usr/local/kubebuilder/bin + mv /tmp/kubebuilder_2.3.2_${OS}_${ARCH} ${PWD}/kubebuilder + export PATH=${PATH}:${PWD}/kubebuilder/bin From f2fd5326fd225a27d5960b18c3cb05b3a4b74d9d Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 14:07:53 +0100 Subject: [PATCH 10/21] u --- .bin/.gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .bin/.gitignore diff --git a/.bin/.gitignore b/.bin/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/.bin/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore From 3f283c6519d9179442e20de7660b42af27ace21d Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 14:19:21 +0100 Subject: [PATCH 11/21] ugh --- Makefile | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index c9642b1..213caee 100644 --- a/Makefile +++ b/Makefile @@ -23,22 +23,27 @@ CRD_OPTIONS ?= "crd:trivialVersions=true,crdVersions=v1" run-with-cleanup = $(1) && $(2) || (ret=$$?; $(2) && exit $$ret) +.PHONY: all all: manager # Run tests +.PHONY: test test: generate fmt vet manifests go test ./api/... ./controllers/... ./hydra/... ./helpers/... -coverprofile cover.out # Start KIND pseudo-cluster +.PHONY: kind-start kind-start: GO111MODULE=on go get "sigs.k8s.io/kind@v0.11.1" && kind create cluster # Stop KIND pseudo-cluster +.PHONY: kind-stop kind-stop: GO111MODULE=on go get "sigs.k8s.io/kind@v0.11.1" && kind delete cluster # Deploy on KIND # Ensures the controller image is built, deploys the image to KIND cluster along with necessary configuration +.PHONY: kind-deploy kind-deploy: manager manifests docker-build-notest kind-start kubectl config set-context kind-kind kind load docker-image controller:latest @@ -46,62 +51,76 @@ kind-deploy: manager manifests docker-build-notest kind-start kustomize build config/default | kubectl apply -f - # private +.PHONY: kind-test kind-test: kind-deploy kubectl config set-context kind-kind go get github.com/onsi/ginkgo/ginkgo ginkgo -v ./controllers/... # Run integration tests on local KIND cluster +.PHONY: test-integration test-integration: $(call run-with-cleanup, $(MAKE) kind-test, $(MAKE) kind-stop) # Build manager binary +.PHONY: manager manager: generate fmt vet CGO_ENABLED=0 GO111MODULE=on GOOS=linux GOARCH=amd64 go build -a -o manager main.go # Run against the configured Kubernetes cluster in ~/.kube/config +.PHONY: run run: generate fmt vet go run ./main.go --hydra-url ${HYDRA_URL} # Install CRDs into a cluster +.PHONY: install install: manifests kubectl apply -f config/crd/bases # Deploy controller in the configured Kubernetes cluster in ~/.kube/config +.PHONY: deploy deploy: manifests kubectl apply -f config/crd/bases kustomize build config/default | kubectl apply -f - # Generate manifests e.g. CRD, RBAC etc. +.PHONY: manifests manifests: controller-gen $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases # Run go fmt against code +.PHONY: fmt fmt: go fmt ./... # Run go vet against code +.PHONY: vet vet: go vet ./... # Generate code +.PHONY: generate generate: controller-gen $(CONTROLLER_GEN) object:headerFile=./hack/boilerplate.go.txt paths=./api/... # Build the docker image +.PHONY: docker-build-notest docker-build-notest: manager docker build . -t ${IMG} @echo "updating kustomize image patch file for manager resource" sed -i'' -e 's@image: .*@image: '"${IMG}"'@' ./config/default/manager_image_patch.yaml +.PHONY: docker-build docker-build: test docker-build-notest # Push the docker image +.PHONY: docker-push docker-push: docker push ${IMG} # find or download controller-gen # download controller-gen if necessary +.PHONY: controller-gen controller-gen: ifeq (, $(shell which controller-gen)) go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.5.0 @@ -111,7 +130,8 @@ CONTROLLER_GEN=$(shell which controller-gen) endif # Download and setup kubebuilder +.PHONY: kubebuilder kubebuilder: curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${OS}_${ARCH}.tar.gz | tar -xz -C /tmp/ - mv /tmp/kubebuilder_2.3.2_${OS}_${ARCH} ${PWD}/kubebuilder + mv /tmp/kubebuilder_2.3.2_${OS}_${ARCH} ${PWD}/.bin/kubebuilder export PATH=${PATH}:${PWD}/kubebuilder/bin From 76283b406c664b7a911adffeaf7e5d5c7ca1c485 Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 14:23:14 +0100 Subject: [PATCH 12/21] fix path --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 213caee..e1561d3 100644 --- a/Makefile +++ b/Makefile @@ -134,4 +134,4 @@ endif kubebuilder: curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${OS}_${ARCH}.tar.gz | tar -xz -C /tmp/ mv /tmp/kubebuilder_2.3.2_${OS}_${ARCH} ${PWD}/.bin/kubebuilder - export PATH=${PATH}:${PWD}/kubebuilder/bin + export PATH=${PATH}:${PWD}/.bin/kubebuilder/bin From 0b549cbcc4ad0a2302968edc85fadfb202300c13 Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 14:27:16 +0100 Subject: [PATCH 13/21] i give up --- .github/workflows/cve-scan.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index 9205443..20ae8b1 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -22,7 +22,11 @@ jobs: - name: Build images shell: bash run: | - make kubebuilder + os=$(go env GOOS) + arch=$(go env GOARCH) + curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${os}_${arch}.tar.gz | tar -xz -C /tmp/ + mv /tmp/kubebuilder_2.3.2_${os}_${arch} .bin/kubebuilder + export PATH=${PATH}:${PWD}/.bin/kubebuilder/bin make docker-build-notest - name: Scan image uses: anchore/scan-action@v3 From 99b7536016c8b63b4dc1c68264459e4eaed2dfa4 Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 14:31:12 +0100 Subject: [PATCH 14/21] u --- .github/workflows/cve-scan.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index 20ae8b1..afe10d8 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -19,14 +19,18 @@ jobs: uses: docker/setup-qemu-action@v1 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 - - name: Build images + - name: Fetch kube-builder shell: bash run: | os=$(go env GOOS) arch=$(go env GOARCH) curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${os}_${arch}.tar.gz | tar -xz -C /tmp/ - mv /tmp/kubebuilder_2.3.2_${os}_${arch} .bin/kubebuilder - export PATH=${PATH}:${PWD}/.bin/kubebuilder/bin + sudo mv /tmp/kubebuilder_2.3.2_${os}_${arch} /usr/local/kubebuilder + export PATH=$PATH:/usr/local/kubebuilder/bin + kubebuilder version + - name: Build images + shell: bash + run: | make docker-build-notest - name: Scan image uses: anchore/scan-action@v3 From 902dd3dce128ef79eae1dab88d8700c21ebd4bf3 Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 14:54:27 +0100 Subject: [PATCH 15/21] u --- .github/workflows/cve-scan.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index afe10d8..9a2a898 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -15,6 +15,10 @@ jobs: steps: - name: Checkout uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + name: Setup Golang + with: + go-version: '^1.16' - name: Set up QEMU uses: docker/setup-qemu-action@v1 - name: Set up Docker Buildx @@ -22,6 +26,8 @@ jobs: - name: Fetch kube-builder shell: bash run: | + set -x + set -o pipefail os=$(go env GOOS) arch=$(go env GOARCH) curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${os}_${arch}.tar.gz | tar -xz -C /tmp/ From caccb1d5aa635d2ca27bcd1d4d84f067e183a25e Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Mon, 29 Nov 2021 15:02:39 +0100 Subject: [PATCH 16/21] cleanup --- .github/workflows/cve-scan.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index 9a2a898..5bdffcb 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -26,8 +26,6 @@ jobs: - name: Fetch kube-builder shell: bash run: | - set -x - set -o pipefail os=$(go env GOOS) arch=$(go env GOARCH) curl -sL https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.2/kubebuilder_2.3.2_${os}_${arch}.tar.gz | tar -xz -C /tmp/ From c1851a65745d38dfeec588843a0201213db8d358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20B=C5=82aszczyk?= Date: Tue, 30 Nov 2021 09:41:31 +0100 Subject: [PATCH 17/21] Update .github/workflows/cve-scan.yaml --- .github/workflows/cve-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index 5bdffcb..f6cfdea 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -41,4 +41,4 @@ jobs: with: image: controller:latest fail-build: true - severity-cutoff: high + # severity-cutoff: high From b1ca15d6a9b3b1785c6d444573ba0d3b3ce0aaa1 Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Tue, 30 Nov 2021 10:49:06 +0100 Subject: [PATCH 18/21] use multistage dockerfile --- Dockerfile | 7 ++++++- Makefile | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8fdb03c..c671e23 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,11 @@ +FROM golang:1.16 as builder +WORKDIR /go/src/app +COPY . . +RUN make manager + # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details FROM gcr.io/distroless/static:latest -COPY manager . +COPY --from=builder /go/src/app/manager . USER 1000 ENTRYPOINT ["/manager"] diff --git a/Makefile b/Makefile index e1561d3..ec59abf 100644 --- a/Makefile +++ b/Makefile @@ -105,7 +105,7 @@ generate: controller-gen # Build the docker image .PHONY: docker-build-notest -docker-build-notest: manager +docker-build-notest: docker build . -t ${IMG} @echo "updating kustomize image patch file for manager resource" sed -i'' -e 's@image: .*@image: '"${IMG}"'@' ./config/default/manager_image_patch.yaml From 1afa60fe5aa8f3bc9aad234a2e415798887a099a Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Tue, 30 Nov 2021 10:55:32 +0100 Subject: [PATCH 19/21] expand scanning --- .github/workflows/cve-scan.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index f6cfdea..6317d46 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -41,4 +41,12 @@ jobs: with: image: controller:latest fail-build: true - # severity-cutoff: high + - name: Security Scan Image + uses: aquasecurity/trivy-action@master + with: + image-ref: controller:latest + format: 'table' + exit-code: '42' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' From eda542a93336807bf6beee54f0bdb0ddd19564b1 Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Tue, 30 Nov 2021 11:01:17 +0100 Subject: [PATCH 20/21] bump dependencies --- go.mod | 2 ++ go.sum | 14 +++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 61fc078..9a93232 100644 --- a/go.mod +++ b/go.mod @@ -5,10 +5,12 @@ go 1.16 require ( github.com/go-logr/logr v0.4.0 github.com/go-openapi/runtime v0.19.28 + github.com/gogo/protobuf v1.3.2 // indirect github.com/onsi/ginkgo v1.16.4 github.com/onsi/gomega v1.10.2 github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.6.1 + golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f // indirect golang.org/x/net v0.0.0-20201110031124-69a78807bb2b golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect diff --git a/go.sum b/go.sum index c013a19..ade9db5 100644 --- a/go.sum +++ b/go.sum @@ -219,8 +219,9 @@ github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/V github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -327,6 +328,7 @@ github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaR github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -528,8 +530,9 @@ golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0 h1:hb9wdF1z5waM+dSIICn1l0DkLVDT3hqhhQsDNUmHPRE= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f h1:aZp0e2vLN4MToVqnjNEYEtrEA8RH8U8FN1CU7JgqsPU= +golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -634,6 +637,7 @@ golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -652,6 +656,8 @@ golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c h1:VwygUrnw9jn88c4u8GD3rZQbqrP/tgas88tPUbBxQrk= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -711,8 +717,10 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e h1:4nW4NLDYnU28ojHaHO8OVxFHk/aQ33U01a9cjED+pzE= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a h1:CB3a9Nez8M13wwlr/E2YtwoU+qYHKfC+JrDa45RXXoQ= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 09a529f8477fb45b170d30099f9a61aa959db522 Mon Sep 17 00:00:00 2001 From: Demonsthere Date: Tue, 30 Nov 2021 11:09:17 +0100 Subject: [PATCH 21/21] cleanup --- .circleci/config.yml | 2 +- .github/workflows/cve-scan.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 806b652..2e953b7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,7 +15,7 @@ kube-builder: &install-kube-builder sudo mv /tmp/kubebuilder_2.3.2_${os}_${arch} /usr/local/kubebuilder export PATH=$PATH:/usr/local/kubebuilder/bin golaing_image: &golang_image - image: circleci/golang:1.16 + image: circleci/golang:1.16.10 version: 2 jobs: build: diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml index 6317d46..02a952c 100644 --- a/.github/workflows/cve-scan.yaml +++ b/.github/workflows/cve-scan.yaml @@ -36,12 +36,12 @@ jobs: shell: bash run: | make docker-build-notest - - name: Scan image + - name: Anchore Scan uses: anchore/scan-action@v3 with: image: controller:latest fail-build: true - - name: Security Scan Image + - name: Trivy Scan uses: aquasecurity/trivy-action@master with: image-ref: controller:latest