-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'release/v6.2.17-1' into main
- Loading branch information
Showing
23 changed files
with
285 additions
and
39 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# This zlib1g CVE is falsely detected. It is not present in the Debian 12 | ||
# package and thus ignored as "not affected". The trivy project however | ||
# interprets this as ignored as "wont fix" and causes a detection. | ||
# See: https://github.com/madler/zlib/pull/843#issuecomment-2130408505 | ||
CVE-2023-45853 | ||
|
||
# This CVE is contained in the upstream debian:12-slim base image. | ||
# In this Dogu, all args to wget are static and not modifiable by the user. | ||
CVE-2024-38428 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,31 +1,50 @@ | ||
FROM registry.cloudogu.com/official/base:3.15.11-2 | ||
# Stage 1: Base image to copy the doguctl binary | ||
FROM registry.cloudogu.com/official/base:3.15.11-4 AS doguctlbinary | ||
|
||
# Stage 2: Build gosu from source because of CVEs | ||
# stdlib │ CVE-2023-24538 │ CRITICAL │ fixed │ v1.18.2 │ 1.19.8, 1.20.3 │ golang: html/template: backticks not treated as string │ | ||
# | CVE-2023-24540 │ │ │ │ 1.19.9, 1.20.4 │ Not all valid JavaScript whitespace characters are │ | ||
# │ CVE-2024-24790 │ │ │ │ 1.21.11, 1.22.4 │ golang: net/netip: Unexpected behavior from Is methods for │ | ||
FROM golang:1.21.12 AS gosu-builder | ||
|
||
WORKDIR /gosu-src | ||
|
||
# Clone the `gosu` source code and build it | ||
RUN apt-get update && apt-get install -y git \ | ||
&& git clone https://github.com/tianon/gosu.git . \ | ||
&& git checkout 1.17 \ | ||
&& go build -o /usr/local/bin/gosu . \ | ||
&& chmod +x /usr/local/bin/gosu | ||
|
||
# Stage 3: Final Redis image | ||
FROM redis:6.2.17 | ||
LABEL NAME="official/redis" \ | ||
VERSION="6.2.14-4" \ | ||
VERSION="6.2.17-1" \ | ||
maintainer="info@cloudogu.com" | ||
|
||
# set environment variables | ||
USER root | ||
|
||
# Copy the `gosu` binary built with the latest Go version | ||
COPY --from=gosu-builder /usr/local/bin/gosu /usr/local/bin/gosu | ||
|
||
# Copy the `doguctl` binary from the base image | ||
COPY --from=doguctlbinary /usr/bin/doguctl /usr/bin/ | ||
|
||
# Set environment variables | ||
ENV SERVICE_TAGS=webapp \ | ||
CONF_DIR=/usr/local/etc/redis \ | ||
USER=redis \ | ||
USER_ID=1000 \ | ||
REDIS_VERSION="6.2.14-r0" \ | ||
STARTUP_DIR=/ | ||
|
||
RUN set -o errexit \ | ||
&& set -o nounset \ | ||
&& set -o pipefail \ | ||
&& apk update \ | ||
&& apk upgrade \ | ||
&& apk add redis="${REDIS_VERSION}" bash | ||
|
||
# copy resources files | ||
# Copy additional resource files (if any) | ||
COPY resources/ / | ||
|
||
# expose application port | ||
# Expose Redis port | ||
EXPOSE 6379 | ||
|
||
# Healthcheck using `doguctl` | ||
HEALTHCHECK CMD doguctl healthy redis || exit 1 | ||
|
||
# start | ||
# Start Redis | ||
CMD ["/startup.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
apiVersion: k8s.cloudogu.com/v1 | ||
apiVersion: k8s.cloudogu.com/v2 | ||
kind: Dogu | ||
metadata: | ||
name: NAME | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
# used to create switch the dogu to a prerelease namespace | ||
# e.g. official/usermgmt -> prerelease_official/usermgmt | ||
|
||
.PHONY: prerelease_namespace | ||
prerelease_namespace: | ||
build/make/prerelease.sh prerelease_namespace |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
#!/bin/bash | ||
set -o errexit | ||
set -o nounset | ||
set -o pipefail | ||
|
||
prerelease_namespace() { | ||
|
||
TIMESTAMP=$(date +"%Y%m%d%H%M%S") | ||
|
||
# Update version in dogu.json | ||
if [ -f "dogu.json" ]; then | ||
echo "Updating name in dogu.json..." | ||
ORIG_NAME="$(jq -r ".Name" ./dogu.json)" | ||
ORIG_VERSION="$(jq -r ".Version" ./dogu.json)" | ||
PRERELEASE_NAME="prerelease_${ORIG_NAME}" | ||
PRERELEASE_VERSION="${ORIG_VERSION}${TIMESTAMP}" | ||
jq ".Name = \"${PRERELEASE_NAME}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json | ||
jq ".Version = \"${PRERELEASE_VERSION}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json | ||
jq ".Image = \"registry.cloudogu.com/${PRERELEASE_NAME}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json | ||
fi | ||
|
||
# Update version in Dockerfile | ||
if [ -f "Dockerfile" ]; then | ||
echo "Updating version in Dockerfile..." | ||
ORIG_NAME="$(grep -oP ".*[ ]*NAME=\"([^\"]*)" Dockerfile | awk -F "\"" '{print $2}')" | ||
ORIG_VERSION="$(grep -oP ".*[ ]*VERSION=\"([^\"]*)" Dockerfile | awk -F "\"" '{print $2}')" | ||
PRERELEASE_NAME="prerelease_$( echo -e "$ORIG_NAME" | sed 's/\//\\\//g' )" | ||
PRERELEASE_VERSION="${ORIG_VERSION}${TIMESTAMP}" | ||
sed -i "s/\(.*[ ]*NAME=\"\)\([^\"]*\)\(.*$\)/\1${PRERELEASE_NAME}\3/" Dockerfile | ||
sed -i "s/\(.*[ ]*VERSION=\"\)\([^\"]*\)\(.*$\)/\1${PRERELEASE_VERSION}\3/" Dockerfile | ||
fi | ||
|
||
} | ||
|
||
|
||
TYPE="${1}" | ||
|
||
echo ${TYPE} | ||
if [[ "${TYPE}" == "prerelease_namespace" ]];then | ||
prerelease_namespace | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
#!/bin/bash | ||
set -o errexit | ||
set -o nounset | ||
set -o pipefail | ||
|
||
TYPE="${1}" | ||
|
||
update_build_libs() { | ||
echo "Get newest version of ces-build-lib and dogu-build-lib" | ||
update_jenkinsfile | ||
echo "Newest Versions set. Please check your Jenkinsfile" | ||
} | ||
|
||
get_highest_version() { | ||
local target="${1}" | ||
local gitCesBuildLib | ||
# getting tags from ces-build.libs OR dogu-build-libs | ||
gitCesBuildLib="$(git ls-remote --tags --refs https://github.com/cloudogu/${target}-build-lib)" | ||
local highest | ||
# Flagfile for getting results out of while-loop | ||
rm -rf .versions | ||
while IFS= read -r line; do | ||
local version | ||
version="$(awk -F'/tags/' '{ for(i=1;i<=NF;i++) print $i }' <<< $line | tail -n 1 | sed 's/[^0-9\.]*//g')" | ||
if [[ $version == *"."* ]] ; then | ||
echo $version >> ".versions" | ||
fi | ||
done <<< "$gitCesBuildLib" | ||
highest=$(sort .versions | tail -n 1) | ||
rm -rf .versions | ||
echo "${highest}" | ||
} | ||
|
||
# Patch Jenkinsfile | ||
update_jenkinsfile() { | ||
sed -i "s/ces-build-lib@[[:digit:]].[[:digit:]].[[:digit:]]/ces-build-lib@$(get_highest_version ces)/g" Jenkinsfile | ||
sed -i "s/dogu-build-lib@v[[:digit:]].[[:digit:]].[[:digit:]]/dogu-build-lib@v$(get_highest_version dogu)/g" Jenkinsfile | ||
} | ||
|
||
# switch for script entrypoint | ||
if [[ "${TYPE}" == "buildlibs" ]];then | ||
update_build_libs | ||
else | ||
echo "Unknown target ${TYPE}" | ||
fi | ||
|
||
|
||
|
Oops, something went wrong.