From 12dc6626ab86cf5a2d6831bd8faee5e148820800 Mon Sep 17 00:00:00 2001 From: vladimir Date: Fri, 19 Apr 2024 11:25:15 -0400 Subject: [PATCH 01/22] increased version of NodeJS Image --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9e5cca51..19add593 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:20.12.0-alpine +FROM node:20.12.2-alpine3.19 ENV VERSION=v1.29.0 ENV NODE_ENV=production ENV SERVICE_ENABLE_SSHD=true From 5e649b7bac660cc5b2f602fb866a3aaa2af33a1a Mon Sep 17 00:00:00 2001 From: vladimir Date: Fri, 19 Apr 2024 12:52:09 -0400 Subject: [PATCH 02/22] increased version of NodeJS Image --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 19add593..7e3948c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:20.12.2-alpine3.19 +FROM node:21.7.3-alpine3.19 ENV VERSION=v1.29.0 ENV NODE_ENV=production ENV SERVICE_ENABLE_SSHD=true From 7a4f39800ec008e63454a20501114a842187f60f Mon Sep 17 00:00:00 2001 From: vladimir Date: Tue, 20 Aug 2024 12:33:31 -0400 Subject: [PATCH 03/22] UDXI-394 enabled Dependabot for Docker, npm, GitHub Actions --- .github/dependabot.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..a9e86246 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,26 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + # Enable Dependabot alerts for `Docker` + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" + + # Enable Dependabot alerts for `npm` + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + + # Enable Dependabot alerts for `GitHub Actions` + - package-ecosystem: "github-actions" + directory: ".github/workflows" + schedule: + interval: "weekly" + + \ No newline at end of file From a5ba62ce0e0ca38ad06a1c5f4c7a3b80852242c1 Mon Sep 17 00:00:00 2001 From: vladimir Date: Tue, 20 Aug 2024 12:34:56 -0400 Subject: [PATCH 04/22] reverted NodeJS version --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7e3948c3..9e5cca51 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:21.7.3-alpine3.19 +FROM node:20.12.0-alpine ENV VERSION=v1.29.0 ENV NODE_ENV=production ENV SERVICE_ENABLE_SSHD=true From 9bfac4d0e2694a508d9e2c6950c93bdfb7ada055 Mon Sep 17 00:00:00 2001 From: vladimir Date: Tue, 20 Aug 2024 12:52:20 -0400 Subject: [PATCH 05/22] UDXI-395 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9e5cca51..32655e66 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:20.12.0-alpine +FROM node:22.6.0-alpine ENV VERSION=v1.29.0 ENV NODE_ENV=production ENV SERVICE_ENABLE_SSHD=true From 69845f0087154c52f1b67793b72ff0bedb7a4cb4 Mon Sep 17 00:00:00 2001 From: vladimir Date: Tue, 20 Aug 2024 13:00:22 -0400 Subject: [PATCH 06/22] UDXI-395 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 32655e66..757a2e88 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ FROM node:22.6.0-alpine -ENV VERSION=v1.29.0 +ENV VERSION=v1.31.0 ENV NODE_ENV=production ENV SERVICE_ENABLE_SSHD=true ENV SERVICE_ENABLE_API=true From 783ee2f77bfb5d764d687fee7dae4e70e84a83f1 Mon Sep 17 00:00:00 2001 From: vladimir Date: Tue, 20 Aug 2024 13:22:45 -0400 Subject: [PATCH 07/22] version bump --- changes.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/changes.md b/changes.md index 83145635..e09e0fc8 100644 --- a/changes.md +++ b/changes.md @@ -1,3 +1,9 @@ +### 0.4.0 +* Upgraded parent Docker image to `node:22` +* Upgraded `kubectl` to `1.31.0` +* Upgaded `OpenSSH` to `9.8` +* Sorted vulnerabilities in `npm` packages and OS + ### 0.3.0 * Fixed `JavaScript` errors diff --git a/package.json b/package.json index 03dcfe1c..e350da85 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "docker-sftp", - "version": "0.3.0", + "version": "0.4.0", "description": "SSH tunnels to Kubernetes containers", "main": "bin/server.js", "scripts": { From 0e9f2e81285c6feb926c45784b9ad4d02b7e83cf Mon Sep 17 00:00:00 2001 From: vladimir Date: Tue, 20 Aug 2024 14:16:38 -0400 Subject: [PATCH 08/22] pulling latest version of openssh from openbsd --- Dockerfile | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 757a2e88..f8467c58 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,9 +5,31 @@ ENV SERVICE_ENABLE_SSHD=true ENV SERVICE_ENABLE_API=true ENV SERVICE_ENABLE_FIREBASE=false -RUN apk update --no-cache && apk upgrade --no-cache && apk add bash - -RUN apk add --no-cache git openssh nfs-utils rpcbind curl ca-certificates nano tzdata ncurses make tcpdump \ +RUN apk update --no-cache && apk upgrade --no-cache && apk add bash tar + +# Install build dependencies +RUN apk add --no-cache \ + build-base \ + linux-headers \ + openssl-dev \ + zlib-dev \ + file \ + wget + +# Download the latest OpenSSH (9.8) source +RUN wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz \ + && tar -xzf openssh-9.8p1.tar.gz \ + && cd openssh-9.8pq \ + # Configure and compile the source + && ./configure \ + && make \ + && make install + +# Cleanup build dependencies and unnecessary files +RUN apk del build-base linux-headers openssl-dev zlib-dev file wget \ + && rm -rf /openssh-9.8p1.tar.gz /openssh-9.8p1 + +RUN apk add --no-cache openssh nfs-utils rpcbind curl ca-certificates nano tzdata ncurses make tcpdump \ && curl -L https://storage.googleapis.com/kubernetes-release/release/$VERSION/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl \ && chmod +x /usr/local/bin/kubectl \ && kubectl version --client \ From e08aa9b07218aff4c59d8fa02b474292763dbc24 Mon Sep 17 00:00:00 2001 From: vladimir Date: Tue, 20 Aug 2024 14:19:48 -0400 Subject: [PATCH 09/22] pulling latest version of openssh from openbsd --- Dockerfile | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index f8467c58..47541929 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,9 +17,17 @@ RUN apk add --no-cache \ wget # Download the latest OpenSSH (9.8) source -RUN wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz \ - && tar -xzf openssh-9.8p1.tar.gz \ - && cd openssh-9.8pq \ +RUN wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz + +# print folders +RUN ls -la + +RUN tar -xzf openssh-9.8p1.tar.gz + +# print folders +RUN ls -la + +RUN cd openssh-9.8p1 \ # Configure and compile the source && ./configure \ && make \ From e56daac0bb107530900f4bfcbc187dc869c54065 Mon Sep 17 00:00:00 2001 From: vladimir Date: Tue, 20 Aug 2024 15:06:52 -0400 Subject: [PATCH 10/22] clean up --- Dockerfile | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 47541929..f3faeb5a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,18 +16,10 @@ RUN apk add --no-cache \ file \ wget -# Download the latest OpenSSH (9.8) source -RUN wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz - -# print folders -RUN ls -la - -RUN tar -xzf openssh-9.8p1.tar.gz - -# print folders -RUN ls -la - -RUN cd openssh-9.8p1 \ +# Download the latest OpenSSH (9.8p1) source +RUN wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz \ + && tar -xzf openssh-9.8p1.tar.gz \ + && cd openssh-9.8p1 \ # Configure and compile the source && ./configure \ && make \ From 3ba958910008677e0030c16469283c3b9910ecf7 Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 21 Aug 2024 09:54:46 -0400 Subject: [PATCH 11/22] removed openssh instalation using apk --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f3faeb5a..417e59c7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ RUN wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar. RUN apk del build-base linux-headers openssl-dev zlib-dev file wget \ && rm -rf /openssh-9.8p1.tar.gz /openssh-9.8p1 -RUN apk add --no-cache openssh nfs-utils rpcbind curl ca-certificates nano tzdata ncurses make tcpdump \ +RUN apk add --no-cache nfs-utils rpcbind curl ca-certificates nano tzdata ncurses make tcpdump \ && curl -L https://storage.googleapis.com/kubernetes-release/release/$VERSION/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl \ && chmod +x /usr/local/bin/kubectl \ && kubectl version --client \ From fef640e0d558d951a49e7f6b8f2de6fcf5675089 Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 21 Aug 2024 10:08:44 -0400 Subject: [PATCH 12/22] debug --- Dockerfile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 417e59c7..7dfb1516 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,15 +29,15 @@ RUN wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar. RUN apk del build-base linux-headers openssl-dev zlib-dev file wget \ && rm -rf /openssh-9.8p1.tar.gz /openssh-9.8p1 -RUN apk add --no-cache nfs-utils rpcbind curl ca-certificates nano tzdata ncurses make tcpdump \ - && curl -L https://storage.googleapis.com/kubernetes-release/release/$VERSION/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl \ - && chmod +x /usr/local/bin/kubectl \ - && kubectl version --client \ - && rm -rf /etc/ssh/* \ - && mkdir /etc/ssh/authorized_keys.d \ - && cp /usr/share/zoneinfo/America/New_York /etc/localtime \ - && echo "America/New_York" > /etc/timezone \ - && apk del tzdata +RUN apk add --no-cache openssh nfs-utils rpcbind curl ca-certificates nano tzdata ncurses make tcpdump +RUN curl -L https://storage.googleapis.com/kubernetes-release/release/$VERSION/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl +RUN chmod +x /usr/local/bin/kubectl +RUN kubectl version --client +RUN rm -rf /etc/ssh/* +RUN mkdir /etc/ssh/authorized_keys.d +RUN cp /usr/share/zoneinfo/America/New_York /etc/localtime +RUN echo "America/New_York" > /etc/timezone +RUN apk del tzdata RUN curl -sSL https://sdk.cloud.google.com > /tmp/gcl && bash /tmp/gcl --install-dir=/root --disable-prompts From 2e65eed3eee57247c9417d6f344db3dfb7c1f7c1 Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 21 Aug 2024 10:22:32 -0400 Subject: [PATCH 13/22] debug --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7dfb1516..ad1b112c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ RUN wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar. RUN apk del build-base linux-headers openssl-dev zlib-dev file wget \ && rm -rf /openssh-9.8p1.tar.gz /openssh-9.8p1 -RUN apk add --no-cache openssh nfs-utils rpcbind curl ca-certificates nano tzdata ncurses make tcpdump +RUN apk add --no-cache nfs-utils rpcbind curl ca-certificates nano tzdata ncurses make tcpdump RUN curl -L https://storage.googleapis.com/kubernetes-release/release/$VERSION/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl RUN chmod +x /usr/local/bin/kubectl RUN kubectl version --client From d7a89bc1e004610cd3ab571213d08d5d98a7c663 Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 21 Aug 2024 10:34:48 -0400 Subject: [PATCH 14/22] debug --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ad1b112c..ca3c6e07 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,7 +34,7 @@ RUN curl -L https://storage.googleapis.com/kubernetes-release/release/$VERSION/b RUN chmod +x /usr/local/bin/kubectl RUN kubectl version --client RUN rm -rf /etc/ssh/* -RUN mkdir /etc/ssh/authorized_keys.d +RUN mkdir -p /etc/ssh/authorized_keys.d RUN cp /usr/share/zoneinfo/America/New_York /etc/localtime RUN echo "America/New_York" > /etc/timezone RUN apk del tzdata From 47f823d38ac650dfc390e70c35fc6016309e1b7c Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 21 Aug 2024 11:08:46 -0400 Subject: [PATCH 15/22] change sshd path --- static/ecosystem.config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/ecosystem.config.js b/static/ecosystem.config.js index 174f9d95..e3b4b644 100644 --- a/static/ecosystem.config.js +++ b/static/ecosystem.config.js @@ -3,7 +3,7 @@ module.exports.apps = [] if( process.env.SERVICE_ENABLE_SSHD === 'true' ) { module.exports.apps.push({ - "script": "/usr/sbin/sshd", + "script": "/usr/local/sbin/sshd", "args": "-D -f /etc/ssh/sshd_config -e", "name": "sshd", "merge_logs": true, From 5605f3f2989e453aa037623ec391eb8f8188a27b Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 21 Aug 2024 11:45:50 -0400 Subject: [PATCH 16/22] change sshd path --- Dockerfile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index ca3c6e07..ca19423c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,15 +29,15 @@ RUN wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar. RUN apk del build-base linux-headers openssl-dev zlib-dev file wget \ && rm -rf /openssh-9.8p1.tar.gz /openssh-9.8p1 -RUN apk add --no-cache nfs-utils rpcbind curl ca-certificates nano tzdata ncurses make tcpdump -RUN curl -L https://storage.googleapis.com/kubernetes-release/release/$VERSION/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl -RUN chmod +x /usr/local/bin/kubectl -RUN kubectl version --client -RUN rm -rf /etc/ssh/* -RUN mkdir -p /etc/ssh/authorized_keys.d -RUN cp /usr/share/zoneinfo/America/New_York /etc/localtime -RUN echo "America/New_York" > /etc/timezone -RUN apk del tzdata +RUN apk add --no-cache nfs-utils rpcbind curl ca-certificates nano tzdata ncurses make tcpdump \ + && curl -L https://storage.googleapis.com/kubernetes-release/release/$VERSION/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl \ + && kubectl version --client \ + && rm -rf /etc/ssh/* \ + && mkdir -p /etc/ssh/authorized_keys.d \ + && cp /usr/share/zoneinfo/America/New_York /etc/localtime \ + && echo "America/New_York" > /etc/timezone \ + && apk del tzdata RUN curl -sSL https://sdk.cloud.google.com > /tmp/gcl && bash /tmp/gcl --install-dir=/root --disable-prompts From 0500aa53c3b368f0f97607924107bbcf15ba4ff4 Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 21 Aug 2024 12:07:07 -0400 Subject: [PATCH 17/22] UDXI-396 --- .github/workflows/deploy.yml | 93 ++++++++++++++++++++++++++++++++++-- 1 file changed, 90 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index bb8b9b50..d4ed326a 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -7,7 +7,7 @@ # To get a newer version, you will need to update the SHA. # You can also reference a tag or branch, but the action may change without warning. -name: Build and Deploy to GKE +name: Build, Release and Deploy to GKE on: push: @@ -25,6 +25,7 @@ env: SLACK_NOTIFICACTION_CHANNEL: ${{ secrets.SLACK_NOTIFICACTION_CHANNEL }} AR_LOCATION: ${{ vars.AR_LOCATION }} AR_REPOSITORY: ${{ vars.AR_REPOSITORY }} + IMAGE_NAME: ${{vars.AR_LOCATION}}-docker.pkg.dev/${{vars.GKE_PROJECT}}/${{vars.AR_REPOSITORY}}/${{vars.GITHUB_REF_NAME}} jobs: setup-build-publish-deploy: @@ -37,12 +38,55 @@ jobs: steps: - uses: actions/checkout@v4 + # fetch Tag from package.json version + - name: Get Tag from package.json + id: version + run: echo "TAG=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT + + # echo Tag + - name: Echo Tag + run: echo ${{ steps.version.outputs.TAG }} + + # parse the changelog to get the release description + - name: Parse Changelog Entries + uses: actions/github-script@v7 + id: changelog + with: + script: | + const { open } = require('fs/promises'); + + const version ='${{ steps.version.outputs.TAG }}'; + const delimiter = '#### '; + const file = await open('./changes.md'); + + let description = []; + let found = false; + + for await (let line of file.readLines()) { + line = line.trim(); + + if ( line.startsWith(`${delimiter}${version}`) ) { + found = true; + continue; + } + + if (!found) continue; + if ( line.startsWith(delimiter) ) break; + + description.push(line); + } + + if ( !description.length ) core.setFailed(`Release ${version} not found in the changelog!`); + + core.setOutput('description', description.join('\n') ); + # Setup gcloud CLI - id: 'auth' uses: 'google-github-actions/auth@v2' with: credentials_json: '${{ secrets.GKE_SA_KEY }}' + # Set up Cloud SDK - name: 'Set up Cloud SDK' uses: 'google-github-actions/setup-gcloud@v2' with: @@ -63,14 +107,57 @@ jobs: - name: Build run: |- docker build \ - --tag "$AR_LOCATION-docker.pkg.dev/$PROJECT_ID/$AR_REPOSITORY/$GITHUB_REF_NAME:$GITHUB_SHA" \ + --tag "${{env.IMAGE_NAME}}/${{ steps.version.outputs.TAG }}" \ --build-arg GITHUB_SHA="$GITHUB_SHA" \ --build-arg GITHUB_REF="$GITHUB_REF" \ . + # Push the Docker image to Google Container Registry - name: Publish run: |- - docker push "$AR_LOCATION-docker.pkg.dev/$PROJECT_ID/$AR_REPOSITORY/$GITHUB_REF_NAME:$GITHUB_SHA" + docker push "${{env.IMAGE_NAME}}/${{ steps.version.outputs.TAG }}" + + # Scan Docker image for vulnerabilities + - name: Scan Docker Image using Trivy + if: github.ref_name == 'master' + uses: aquasecurity/trivy-action@master + with: + image-ref: "${{env.IMAGE_NAME}}/${{ steps.version.outputs.TAG }}" + exit-code: '0' + timeout: '60m0s' + format: 'sarif' + output: 'trivy-results.sarif' + + # Upload Trivy scan results to GitHub Security tab + - name: Upload Trivy scan results to GitHub Security tab + if: github.ref_name == 'master' + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' + + # Generate SPDX SBOM + - name: Generate SBOM with Anchore Action + if: github.ref_name == 'master' + id: sbom + uses: anchore/sbom-action@v0 + with: + image: "${{env.IMAGE_NAME}}/${{ steps.version.outputs.TAG }}:site" + output-file: sbom.spdx.json + format: spdx-json + + # Create a release with the version changelog as a description and attach the sbom + - name: Create GitHub Release + if: github.ref_name == 'master' + id: create_github_release + uses: softprops/action-gh-release@v1 + with: + name: "Release ${{ steps.version.outputs.TAG }}" + body: "${{ steps.changelog.outputs.description }}" + tag_name: ${{ steps.version.outputs.TAG }} + prerelease: false + files: | + ./sbom.spdx.json + # Set up kustomize - name: Set up Kustomize run: |- From d0778d115a89a030658559c56ae927195adb7f5a Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 21 Aug 2024 12:08:42 -0400 Subject: [PATCH 18/22] UDXI-396 --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index d4ed326a..1f600a74 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -56,7 +56,7 @@ jobs: const { open } = require('fs/promises'); const version ='${{ steps.version.outputs.TAG }}'; - const delimiter = '#### '; + const delimiter = '### '; const file = await open('./changes.md'); let description = []; From 6e7261852972189b55458d511275cc2d7a2462fc Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 21 Aug 2024 12:21:50 -0400 Subject: [PATCH 19/22] UDXI-396 --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 1f600a74..15a98d77 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -25,7 +25,7 @@ env: SLACK_NOTIFICACTION_CHANNEL: ${{ secrets.SLACK_NOTIFICACTION_CHANNEL }} AR_LOCATION: ${{ vars.AR_LOCATION }} AR_REPOSITORY: ${{ vars.AR_REPOSITORY }} - IMAGE_NAME: ${{vars.AR_LOCATION}}-docker.pkg.dev/${{vars.GKE_PROJECT}}/${{vars.AR_REPOSITORY}}/${{vars.GITHUB_REF_NAME}} + IMAGE_NAME: ${{vars.AR_LOCATION}}-docker.pkg.dev/${{secrets.GKE_PROJECT}}/${{vars.AR_REPOSITORY}}/${{github.ref_name}} jobs: setup-build-publish-deploy: From 8f312af157344849b7461e956a46f1627023ef88 Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 21 Aug 2024 12:29:37 -0400 Subject: [PATCH 20/22] UDXI-396 --- .github/workflows/deploy.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 15a98d77..6f5c8936 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -107,7 +107,7 @@ jobs: - name: Build run: |- docker build \ - --tag "${{env.IMAGE_NAME}}/${{ steps.version.outputs.TAG }}" \ + --tag "${{env.IMAGE_NAME}}:${{ steps.version.outputs.TAG }}" \ --build-arg GITHUB_SHA="$GITHUB_SHA" \ --build-arg GITHUB_REF="$GITHUB_REF" \ . @@ -115,14 +115,14 @@ jobs: # Push the Docker image to Google Container Registry - name: Publish run: |- - docker push "${{env.IMAGE_NAME}}/${{ steps.version.outputs.TAG }}" + docker push "${{env.IMAGE_NAME}}:${{ steps.version.outputs.TAG }}" # Scan Docker image for vulnerabilities - name: Scan Docker Image using Trivy if: github.ref_name == 'master' uses: aquasecurity/trivy-action@master with: - image-ref: "${{env.IMAGE_NAME}}/${{ steps.version.outputs.TAG }}" + image-ref: "${{env.IMAGE_NAME}}:${{ steps.version.outputs.TAG }}" exit-code: '0' timeout: '60m0s' format: 'sarif' @@ -141,7 +141,7 @@ jobs: id: sbom uses: anchore/sbom-action@v0 with: - image: "${{env.IMAGE_NAME}}/${{ steps.version.outputs.TAG }}:site" + image: "${{env.IMAGE_NAME}}:${{ steps.version.outputs.TAG }}" output-file: sbom.spdx.json format: spdx-json From 170f68ed723c1853121f3adcb374054863f82b89 Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 21 Aug 2024 12:36:45 -0400 Subject: [PATCH 21/22] UDXI-396 --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 6f5c8936..9f2dc52f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -176,7 +176,7 @@ jobs: sed -i.bak "s|ACCESS_TOKEN_VALUE|${{ secrets.ACCESS_TOKEN }}|g" ci/deployment-v2.yml sed -i.bak "s|SLACK_NOTIFICACTION_URL_VALUE|${{ secrets.SLACK_NOTIFICACTION_URL }}|g" ci/deployment-v2.yml sed -i.bak "s|SLACK_NOTIFICACTION_CHANNEL_VALUE|${{ secrets.SLACK_NOTIFICACTION_CHANNEL }}|g" ci/deployment-v2.yml - sed -i.bak "s|IMAGE_VERSION|$GITHUB_SHA|g" ci/deployment-v2.yml + sed -i.bak "s|IMAGE_VERSION|${{ steps.version.outputs.TAG }}|g" ci/deployment-v2.yml sed -i.bak "s|GITHUB_ORG|$GITHUB_REPOSITORY_OWNER|g" ci/service.yml sed -i.bak "s|GITHUB_ORG|$GITHUB_REPOSITORY_OWNER|g" ci/deployment-v2.yml sed -i.bak "s|GITHUB_BRANCH|$GITHUB_REF_NAME|g" ci/service.yml From 5f7aee381d0475f257d1ef10cae115710e2a43ff Mon Sep 17 00:00:00 2001 From: vladimir Date: Wed, 21 Aug 2024 12:46:17 -0400 Subject: [PATCH 22/22] small fix --- changes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changes.md b/changes.md index e09e0fc8..4a12534a 100644 --- a/changes.md +++ b/changes.md @@ -2,7 +2,7 @@ * Upgraded parent Docker image to `node:22` * Upgraded `kubectl` to `1.31.0` * Upgaded `OpenSSH` to `9.8` -* Sorted vulnerabilities in `npm` packages and OS +* Solved vulnerabilities in `npm` packages and OS ### 0.3.0 * Fixed `JavaScript` errors