Skip to content

Commit

Permalink
Merge branch 'main' into resolve-eslint-max-depth
Browse files Browse the repository at this point in the history
  • Loading branch information
samayer12 authored Oct 15, 2024
2 parents f13a9b5 + 7d265d2 commit e9d8bb4
Show file tree
Hide file tree
Showing 22 changed files with 607 additions and 196 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,17 +40,17 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
with:
languages: ${{ matrix.language }}

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
with:
category: "/language:${{matrix.language}}"

2 changes: 1 addition & 1 deletion .github/workflows/container-scan.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
- name: Build Pepr Controller Image
run: npm run build:image
- name: Vulnerability Scan
uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5 # v4.1.2
uses: anchore/scan-action@4e08a16a68fb1b35d2fca00f0607db0b5b5120a7 # v5.0.0
with:
image: "pepr:dev"
fail-build: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
node-version: 20
cache-dependency-path: pepr
- name: 'Checkout Repository'
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Circular Dependency Check
run: |
npx madge --circular --ts-config tsconfig.json --extensions ts,js src/ > tmp.log || true # Force exit 0 for post-processing
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
steps:
- name: Get token to trigger defenseunicorns/pepr-docs workflow
id: get_workflow_trigger_token
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 # v3.0.0
uses: peter-murray/workflow-application-token-action@baa1ef2638c3d9e5967b7c8b86219f8fc919e1bb # v3.0.1
with:
application_id: ${{ secrets.DOCS_WORKFLOW_GITHUB_APP_ID }}
application_private_key: ${{ secrets.DOCS_WORKFLOW_GITHUB_APP_SECRET }}
Expand Down
26 changes: 23 additions & 3 deletions .github/workflows/pepr-excellent-examples.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,12 @@ name: E2E - Pepr Excellent Examples
permissions: read-all
on:
workflow_dispatch:
inputs:
kfcBranch:
description: 'KFC dev branch'
required: false
type: string
default: 'none'
schedule:
- cron: '0 4 * * *' # 12AM EST/9PM PST
push:
Expand Down Expand Up @@ -46,20 +52,34 @@ jobs:
npm ci
- name: build pepr package and container image
if: ${{ (github.event.inputs.kfcBranch || 'none') == 'none' }}
run: |
cd "$PEPR"
npm run build:image
mv pepr-0.0.0-development.tgz ${GITHUB_WORKSPACE}/pepr-0.0.0-development.tgz
ls -l ${GITHUB_WORKSPACE}
- name: build pepr package and kfc dev container image
if: ${{ (github.event.inputs.kfcBranch || 'none') != 'none' }}
run: |
cd "$PEPR"
node hack/kfc-dev.js build -b "${{ github.event.inputs.kfcBranch }}"
rm -rf "$PEPR/node_modules/kubernetes-fluent-client/src"
rm -rf "$PEPR/node_modules/kubernetes-fluent-client/dist"
cp -R "$PEPR/kubernetes-fluent-client/src" "$PEPR/node_modules/kubernetes-fluent-client/src"
cp -R "$PEPR/kubernetes-fluent-client/dist" "$PEPR/node_modules/kubernetes-fluent-client/dist"
npm run build
mv pepr-0.0.0-development.tgz ${GITHUB_WORKSPACE}/pepr-0.0.0-development.tgz
ls -l ${GITHUB_WORKSPACE}
- name: tar pepr image
run: |
PEPR_TAR="${GITHUB_WORKSPACE}/pepr-img.tar"
echo "PEPR_TAR=${PEPR_TAR}" >> "$GITHUB_ENV"
docker image save --output "$PEPR_TAR" pepr:dev
- name: upload artifacts
uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: pepr-package-and-controller-image
path: |
Expand Down Expand Up @@ -174,12 +194,12 @@ jobs:
--custom-package ../pepr-0.0.0-development.tgz
- name: upload artifacts (troubleshooting)
uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always()
with:
name: "troubleshooting_logs_${{matrix.name}}"
path: |
pepr-excellent-examples/package.json
pepr-excellent-examples/package-lock.json
if-no-files-found: error
retention-days: 1
retention-days: 1
4 changes: 2 additions & 2 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -52,14 +52,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v2.2.4
uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v2.2.4
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion .github/workflows/secret-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0
- name: Default Secret Scanning
Expand Down
20 changes: 17 additions & 3 deletions .github/workflows/soak.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,16 @@ permissions: read-all
on:
workflow_dispatch:
inputs:
kfcBranch:
description: 'KFC dev branch'
required: false
type: string
default: 'none'
branch:
description: 'Soak test branch'
required: true
default: 'main'

schedule:
- cron: '0 4 * * *' # 12AM EST/9PM PST

Expand Down Expand Up @@ -43,9 +49,16 @@ jobs:
npm ci
- name: build pepr image
if: ${{ (github.event.inputs.kfcBranch || 'none') == 'none' }}
run: |
cd "$PEPR"
npm run build:image
- name: build kfc pepr image
if: ${{ (github.event.inputs.kfcBranch || 'none') != 'none' }}
run: |
cd "$PEPR"
node hack/kfc-dev.js build -b "${{ github.event.inputs.kfcBranch }}"
- name: tar pepr image
run: |
Expand All @@ -54,7 +67,7 @@ jobs:
docker image save --output "$PEPR_TAR" pepr:dev
- name: upload image tar artifact
uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: pepr-img.tar
path: pepr-img.tar
Expand Down Expand Up @@ -165,7 +178,8 @@ jobs:
update_pod_map
kubectl get pods -n pepr-demo
kubectl top po -n pepr-system
# Verify that no pod's count exceeds 1
for pod in "${!pod_map[@]}"; do
echo "$pod: ${pod_map[$pod]}"
Expand All @@ -183,7 +197,7 @@ jobs:
shell: bash

- name: Upload logs
uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: soak-test-logs
path: logs
2 changes: 1 addition & 1 deletion .github/workflows/uds.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:
docker image save --output "$PEPR_TAR" pepr:dev
- name: upload image tar artifact
uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: pepr-img.tar
path: pepr-img.tar
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
# Any other changes to Dockerfile should be reflected in Publish

# crane digest cgr.dev/chainguard/node-lts:latest-dev
FROM cgr.dev/chainguard/node:latest-dev@sha256:0d0083bc6d94414b485cba43d3d240622648ba358da1fae30b9848423a5b47f8 AS build
FROM cgr.dev/chainguard/node:latest-dev@sha256:b0b04bbb69f6d39a65a341cfcaf3989c993a51a5fd26f0d6a818b970ada7d7d8 AS build

WORKDIR /app

Expand Down Expand Up @@ -38,7 +38,7 @@ RUN npm run build && \
##### DELIVER #####

# crane digest cgr.dev/chainguard/node-lts:latest
FROM cgr.dev/chainguard/node:latest@sha256:e0b651471ea55846dbfe9f820a871b88448e43066bab0c2e0700c3c5cc1e6686
FROM cgr.dev/chainguard/node:latest@sha256:f771505c29d1f766c1dc4d3b2ed0f8660a76553685b9d886728bc55d6f430ce8

WORKDIR /app

Expand Down
53 changes: 53 additions & 0 deletions Dockerfile.kfc
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
### BUILD ###

# NOTE:
# Used to build Controller image
# In this file, we delete the *.ts intentionally
# Any other changes to Dockerfile should be reflected in Publish

# crane digest cgr.dev/chainguard/node-lts:latest-dev
FROM cgr.dev/chainguard/node:latest-dev@sha256:8a604e50086fdfa5c6298722bdf86bfbffd82e64e3ecc736b133bc0dbcb9d121 AS build

WORKDIR /app

# Copy the node config files
COPY --chown=node:node ./package*.json ./

# Install deps
RUN npm ci

COPY --chown=node:node ./hack/ ./hack/

COPY --chown=node:node ./tsconfig.json ./build.mjs ./

COPY --chown=node:node ./src/ ./src/
COPY --chown=node:node kubernetes-fluent-client/ ./kubernetes-fluent-client/
RUN cp -r kubernetes-fluent-client/src node_modules/kubernetes-fluent-client/src && \
cp -r kubernetes-fluent-client/dist node_modules/kubernetes-fluent-client/dist && \
npm run build && \
npm ci --omit=dev --omit=peer && \
cp -r kubernetes-fluent-client/src node_modules/kubernetes-fluent-client/src && \
cp -r kubernetes-fluent-client/dist node_modules/kubernetes-fluent-client/dist && \
npm cache clean --force && \
# Remove @types
rm -rf node_modules/@types && \
# Remove Ramda unused Ramda files
rm -rf node_modules/ramda/dist && \
rm -rf node_modules/ramda/es && \
rm -rf node_modules/kubernetes-fluent-client/src && \
rm -rf node_modules/kubernetes-fluent-client/dist && \
find . -name "*.ts" -type f -delete && \
mkdir node_modules/pepr && \
cp -r dist node_modules/pepr/dist && \
cp -r kubernetes-fluent-client/dist node_modules/kubernetes-fluent-client/dist && \
cp -r kubernetes-fluent-client/src node_modules/kubernetes-fluent-client/src && \
cp package.json node_modules/pepr

##### DELIVER #####

# crane digest cgr.dev/chainguard/node-lts:latest
FROM cgr.dev/chainguard/node:latest@sha256:2ec55b47bddaa173fbcd6283d492b10e903da51dc7da12988024829ad0454dd7

WORKDIR /app

COPY --from=build --chown=node:node /app/node_modules/ ./node_modules/
Loading

0 comments on commit e9d8bb4

Please sign in to comment.