From 8ceb07a5715df986d4ecd8b2378e53d12526d6ef Mon Sep 17 00:00:00 2001 From: fsl <1171313930@qq.com> Date: Mon, 26 Dec 2022 22:47:58 +0800 Subject: [PATCH] fix: high-risk vulnerabilities caused by low version of yq Signed-off-by: fsl <1171313930@qq.com> --- Makefile | 8 ++++++-- test/image/Dockerfile | 21 +++++++++------------ 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 48de3ddf276..554d09655da 100644 --- a/Makefile +++ b/Makefile @@ -15,13 +15,14 @@ VERSION := v3.12.0-beta.0 KIND_VERSION ?= 0.17.0 # note: k8s version pinned since KIND image availability lags k8s releases KUBERNETES_VERSION ?= 1.26.0 +KUBEBUILDER_VERSION ?= 3.8.0 KUSTOMIZE_VERSION ?= 3.8.9 BATS_VERSION ?= 1.8.2 ORAS_VERSION ?= 0.16.0 BATS_TESTS_FILE ?= test/bats/test.bats HELM_VERSION ?= 3.7.2 NODE_VERSION ?= 16-bullseye-slim -YQ_VERSION ?= 4.2.0 +YQ_VERSION ?= 4.30.6 FRAMEWORKS_VERSION ?= $(shell go list -f '{{ .Version }}' -m github.com/open-policy-agent/frameworks/constraint) OPA_VERSION ?= $(shell go list -f '{{ .Version }}' -m github.com/open-policy-agent/opa) @@ -447,7 +448,10 @@ __test-image: -t gatekeeper-test \ --build-arg YQ_VERSION=$(YQ_VERSION) \ --build-arg BATS_VERSION=$(BATS_VERSION) \ - --build-arg ORAS_VERSION=$(ORAS_VERSION) + --build-arg ORAS_VERSION=$(ORAS_VERSION) \ + --build-arg KUSTOMIZE_VERSION=$(KUSTOMIZE_VERSION) \ + --build-arg KUBEBUILDER_VERSION=$(KUBEBUILDER_VERSION) \ + --build-arg TARGETARCH="arm64" .PHONY: vendor vendor: diff --git a/test/image/Dockerfile b/test/image/Dockerfile index 8dc488eea87..4403ba40e31 100644 --- a/test/image/Dockerfile +++ b/test/image/Dockerfile @@ -4,25 +4,22 @@ FROM golang:1.19-bullseye as builder ARG BATS_VERSION ARG ORAS_VERSION ARG YQ_VERSION +ARG KUSTOMIZE_VERSION +ARG KUBEBUILDER_VERSION +ARG TARGETARCH RUN apt-get update &&\ apt-get install -y apt-utils make # Install kubebuilder WORKDIR /scratch -ENV version=2.3.1 -ENV arch=amd64 -RUN curl -L -O "https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${version}/kubebuilder_${version}_linux_${arch}.tar.gz" &&\ - tar -zxvf kubebuilder_${version}_linux_${arch}.tar.gz &&\ - mv kubebuilder_${version}_linux_${arch} /usr/local/kubebuilder &&\ - rm kubebuilder_${version}_linux_${arch}.tar.gz +RUN curl -L -O "https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${KUBEBUILDER_VERSION}/kubebuilder_linux_${TARGETARCH}" &&\ + mv kubebuilder_linux_${TARGETARCH} /usr/local/kubebuilder ENV PATH=$PATH:/usr/local/kubebuilder/bin:/usr/bin # Install kustomize -ENV version=3.7.0 -ENV arch=amd64 -RUN curl -L -O "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${version}/kustomize_v${version}_linux_${arch}.tar.gz" &&\ - tar -zxvf kustomize_v${version}_linux_${arch}.tar.gz &&\ +RUN curl -L -O "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_${TARGETARCH}.tar.gz" &&\ + tar -zxvf kustomize_v${KUSTOMIZE_VERSION}_linux_${TARGETARCH}.tar.gz &&\ chmod +x kustomize &&\ mv kustomize /usr/local/bin @@ -32,12 +29,12 @@ RUN curl -sSLO https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.t bash bats-core-${BATS_VERSION}/install.sh /usr/local # Install ORAS -RUN curl -SsLO https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz && \ +RUN curl -SsLO https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_${TARGETARCH}.tar.gz && \ mkdir -p oras-install/ && tar -zxf oras_${ORAS_VERSION}_*.tar.gz -C oras-install/ && \ mv oras-install/oras /usr/local/bin/ && rm -rf oras_${ORAS_VERSION}_*.tar.gz oras-install/ # Install yq and jq -RUN curl -LsS https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64 -o /usr/local/bin/yq \ +RUN curl -LsS https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_${TARGETARCH} -o /usr/local/bin/yq \ && chmod +x /usr/local/bin/yq RUN apt-get update && yes | apt-get install jq