Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade golang from 1.14 to 1.17.13 #46

Open
wants to merge 34 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
572d395
Circle CI (#1)
mjallday Nov 11, 2017
a76538c
Add Docker Compose (#2)
mjallday Nov 11, 2017
e6bc43c
Circle CI (#1)
mjallday Nov 11, 2017
3a4bbdd
Add Docker Compose (#2)
mjallday Nov 11, 2017
abe715e
VAULT-893 Supervisord
Iapetus999 Jan 22, 2021
4f20c4a
VAULT-893 Fix docker-compose.yml
Iapetus999 Jan 22, 2021
1965020
VAULT-893 Fix docker-compose.yml
Iapetus999 Jan 22, 2021
d75e005
Rebase 2021-01-08 (#4)
Iapetus999 Jan 26, 2021
662c34b
Merge remote-tracking branch 'upstream/master' into rebase_2021_01_08
Iapetus999 Jan 26, 2021
777cee9
Merge branch 'rebase_2021_01_08' into VAULT-893_supervisord
Iapetus999 Jan 26, 2021
40f3dc1
VAULT-893 some docker fixes
Iapetus999 Feb 4, 2021
572ef69
Add build/push
Iapetus999 Feb 5, 2021
30908a5
Dummy commit
Iapetus999 Feb 10, 2021
3949b29
Dummy commit
Iapetus999 Feb 10, 2021
c9c77d5
VAULT-893 Fix circleci
Iapetus999 Feb 10, 2021
ea219ef
VAULT-893 Fix circleci
Iapetus999 Feb 10, 2021
7ddb470
VAULT-893 Fix circleci
Iapetus999 Feb 10, 2021
b1c76a9
Merge pull request #3 from Iapetus999/VAULT-893_supervisord
Iapetus999 Feb 10, 2021
0f5f08d
Update config.yml
Iapetus999 Feb 11, 2021
e52bd90
fix :
Iapetus999 Feb 11, 2021
8d07402
Merge pull request #5 from verygoodsecurity/update_cci_yaml
Iapetus999 Feb 11, 2021
e8e0a93
VAULT-893 More build fixes
Iapetus999 Feb 11, 2021
75f07da
Merge pull request #6 from Iapetus999/more_build_fixes
Iapetus999 Feb 11, 2021
81e30e5
VAULT-893 Another build fix
Iapetus999 Feb 11, 2021
cd65c23
Merge pull request #7 from Iapetus999/another_build_fix
Iapetus999 Feb 11, 2021
979c3bf
VAULT-893 Attach workspace
Iapetus999 Feb 11, 2021
7cf78ff
Merge pull request #8 from Iapetus999/try_attach_workspace
Iapetus999 Feb 11, 2021
8edcc28
Update (#9)
Iapetus999 Feb 17, 2021
8787de7
Tag Latest (#11)
Iapetus999 Feb 17, 2021
5e4078e
Log path
Iapetus999 Mar 1, 2021
05f6e87
Merge pull request #12 from Iapetus999/Fix_log_path
Jul 15, 2021
557e8bb
Fix memory leak related to stats collection
zdmytriv Aug 2, 2021
df167d4
Merge pull request #14 from verygoodsecurity/override-stats-fix
Aug 2, 2021
13242a9
fix: Dockerfile.integration to reduce vulnerabilities
snyk-bot Aug 3, 2022
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 76 additions & 0 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
version: 2.1

job-defaults: &job-defaults
working_directory: &working_directory
~/app
environment:
- AWS_DEFAULT_REGION: us-west-2
- AWS_REGION: us-west-2
- AWS_ACCOUNT_ID: "883127560329"
- AWS_PROFILE: dev/vault

attach-workspace: &attach-workspace
attach_workspace:
at: *working_directory

jobs:
build:
<<: *job-defaults
environment:
- USE_STATSD=false
- LOG_LEVEL=debug
- REDIS_SOCKET_TYPE=tcp
- REDIS_URL=localhost:6379
docker:
- image: circleci/golang:1.14
- image: redis:alpine
steps:
- checkout
- setup_remote_docker
- run:
name: Compile
command: |
make compile

release-image-quay:
machine:
docker_layer_caching: true
<<: *job-defaults
steps:
- checkout
- run:
name: push to Quay
command: |
unset AWS_ACCESS_KEY_ID; unset AWS_SECRET_ACCESS_KEY;
./ops/docker-login-quay.sh

export VERSION=${CIRCLE_TAG}

docker-compose build
docker-compose push

if [[ $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
docker tag quay.io/verygoodsecurity/ratelimit:${VERSION} quay.io/verygoodsecurity/ratelimit:latest
VERSION=latest docker-compose push
fi

workflows:
version: 2
test_and_build:
jobs:
- build:
context: circleci
filters:
tags:
only: /^\d+\.\d+\.\d+(?:-\w+){0,1}$/
branches:
only: /.*/
- release-image-quay:
context: circleci
requires:
- build
filters:
tags:
only: /^\d+\.\d+\.\d+(?:-\w+){0,1}$/
branches:
ignore: /.*/
46 changes: 0 additions & 46 deletions .github/stale.yml

This file was deleted.

27 changes: 0 additions & 27 deletions .github/workflows/master.yaml

This file was deleted.

21 changes: 0 additions & 21 deletions .github/workflows/pullrequest.yaml

This file was deleted.

26 changes: 0 additions & 26 deletions .github/workflows/release.yaml

This file was deleted.

9 changes: 8 additions & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,13 @@ COPY script script

RUN CGO_ENABLED=0 GOOS=linux go build -o /go/bin/ratelimit -ldflags="-w -s" -v github.com/envoyproxy/ratelimit/src/service_cmd

FROM alpine:3.11 AS final
FROM alpine:3.11
RUN apk --no-cache add ca-certificates

FROM ubuntu:latest
RUN apt-get update && apt-get install -y supervisor
COPY --from=build /go/bin/ratelimit /bin/ratelimit
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
RUN mkdir -p /var/log/supervisor

ENTRYPOINT ["/usr/bin/supervisord"]
2 changes: 1 addition & 1 deletion Dockerfile.integration
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Running this docker image runs the integration tests.
FROM golang:1.14
FROM golang:1.17.13

RUN apt-get update -y && apt-get install sudo stunnel4 redis memcached -y && rm -rf /var/lib/apt/lists/*

Expand Down
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@

# Overview

[![CircleCI](https://circleci.com/gh/verygoodsecurity/ratelimit.svg?style=svg)](https://circleci.com/gh/verygoodsecurity/ratelimit)

The rate limit service is a Go/gRPC service designed to enable generic rate limit scenarios from different types of
applications. Applications request a rate limit decision based on a domain and a set of descriptors. The service
reads the configuration from disk via [runtime](https://github.com/lyft/goruntime), composes a cache key, and talks to the Redis cache. A
Expand Down
7 changes: 4 additions & 3 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,10 @@ services:
- binary:/usr/local/bin/

ratelimit:
image: alpine:3.6
command: >
sh -c "until test -f /usr/local/bin/ratelimit; do sleep 5; done; /usr/local/bin/ratelimit"
image: quay.io/verygoodsecurity/ratelimit:${VERSION:-latest}
build:
context: .
dockerfile: Dockerfile
ports:
- 8080:8080
- 8081:8081
Expand Down
3 changes: 3 additions & 0 deletions ops/docker-login-quay.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/usr/bin/env bash

docker login quay.io --username "$QUAY_DOCKER_LOGIN" --password "$QUAY_DOCKER_LOGIN_PASSWORD"
4 changes: 3 additions & 1 deletion src/config/config_impl.go
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,9 @@ func (this *rateLimitConfigImpl) GetLimit(
}

if descriptor.GetLimit() != nil {
rateLimitKey := domain + "." + this.descriptorToKey(descriptor)
//rateLimitKey := domain + "." + this.descriptorToKey(descriptor)
// when ip is unique for each request it generates too many stats counters and never cleans them up
rateLimitKey := domain + ".override"
rateLimitOverrideUnit := pb.RateLimitResponse_RateLimit_Unit(descriptor.GetLimit().GetUnit())
rateLimit = NewRateLimit(
descriptor.GetLimit().GetRequestsPerUnit(),
Expand Down
16 changes: 16 additions & 0 deletions supervisord.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
[supervisord]
logfile=/var/log/supervisor/supervisord.log
pidfile=/var/run/supervisord.pid
nodaemon=true

[unix_http_server]
file = /var/tmp/supervisor.sock

[supervisorctl]
serverurl=unix:///var/tmp/supervisor.sock

[program:app]
command=/bin/ratelimit
redirect_stderr=true
stdout_logfile=/dev/stdout ; Just dump to stdout, Docker should find it
stdout_logfile_maxbytes = 0