[Snyk] Security upgrade alpine from 3.17.1 to 3.19.4 #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PRs checks | |
on: | |
pull_request: | |
branches: | |
- '**' | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
markdownlint: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check if related files changed | |
id: changed-files | |
uses: tj-actions/changed-files@v13 | |
with: | |
files: | | |
**/*.md | |
- uses: actions/setup-ruby@v1 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
ruby-version: '2.7' | |
- name: Install markdownlint | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: gem install mdl | |
- name: Markdownlint check | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make markdownlint | |
yamllint: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install yamllint | |
run: pip install yamllint | |
- name: yamllint | |
run: make yamllint | |
markdown-link-check: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check if related files changed | |
id: changed-files | |
uses: tj-actions/changed-files@v13 | |
with: | |
files: | | |
**/*.md | |
- uses: gaurav-nelson/github-action-markdown-link-check@v1 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
config-file: '.markdown_link_check.json' | |
md-links-lint: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check if related files changed | |
id: changed-files | |
uses: tj-actions/changed-files@v13 | |
with: | |
files: | | |
**/*.md | |
- name: Lint markdown links | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: | | |
make markdown-links-lint | |
plugins-check: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install yq | |
run: | | |
sudo wget https://github.com/mikefarah/yq/releases/download/v4.12.1/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq | |
- name: Check plugins in README and builder config | |
run: ./ci/plugins_check.sh | |
pre-commit-check: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
- uses: pre-commit/[email protected] | |
check-uniform-dependencies: | |
name: Check uniform dependencies | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check uniform dependencies | |
run: make check-uniform-dependencies | |
shellcheck: | |
runs-on: ubuntu-20.04 | |
env: | |
SHELLCHECK_VERSION: 0.8.0 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: install shellcheck | |
run: | | |
curl --retry 10 --retry-max-time 120 --retry-delay 5 -Lo- https://github.com/koalaman/shellcheck/releases/download/v${{ env.SHELLCHECK_VERSION }}/shellcheck-v${{ env.SHELLCHECK_VERSION }}.linux.x86_64.tar.xz | tar -xJf - | |
sudo cp shellcheck-v${{ env.SHELLCHECK_VERSION }}/shellcheck /usr/local/bin && rm -rf shellcheck-v${{ env.SHELLCHECK_VERSION }} | |
- name: shellcheck | |
run: make shellcheck | |
test: | |
name: Test | |
runs-on: ${{ matrix.runs_on }} | |
strategy: | |
matrix: | |
include: | |
- arch_os: linux_amd64 | |
runs_on: ubuntu-20.04 | |
- arch_os: darwin_amd64 | |
runs_on: macos-latest | |
- arch_os: windows_amd64 | |
runs_on: windows-2022 | |
builder_bin_path: '${RUNNER_TEMP}\bin' | |
builder_bin_ext: .exe | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check if test related files changed | |
id: changed-files | |
uses: tj-actions/changed-files@v13 | |
with: | |
files: | | |
**/go.mod | |
**/go.sum | |
**/*.go | |
**/*.yaml | |
**/*.yml | |
**/Makefile | |
**/Makefile.common | |
scripts/install.sh | |
- name: Setup go | |
if: steps.changed-files.outputs.any_changed == 'true' | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '1.19' | |
# As described in | |
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds | |
- uses: actions/cache@v3 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
path: | | |
/home/runner/go/pkg/mod | |
/home/runner/.cache/go-build | |
/Users/runner/go/pkg/mod | |
/Users/runner/Library/Caches/go-build | |
/c/Users/runneradmin/go/pkg/mod | |
/c/Users/runneradmin/AppData/Local/go-build | |
key: ${{matrix.arch_os}}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{matrix.arch_os}}-go- | |
- name: Set default BUILDER_BIN_PATH | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: echo "BUILDER_BIN_PATH=${HOME}/bin" >> $GITHUB_ENV | |
- name: Override BUILDER_BIN_PATH if set in matrix | |
if: matrix.builder_bin_path != '' && steps.changed-files.outputs.any_changed == 'true' | |
run: echo "BUILDER_BIN_PATH=${{matrix.builder_bin_path}}" >> $GITHUB_ENV | |
- name: Add opentelemetry-collector-builder installation dir to PATH | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: echo "$BUILDER_BIN_PATH" >> $GITHUB_PATH | |
- name: Run tests | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make gotest | |
# pipeline to test using Go+BoringCrypto | |
test-go-boringcrypto: | |
name: Test | |
runs-on: ${{ matrix.runs_on }} | |
strategy: | |
matrix: | |
include: | |
- arch_os: linux_amd64 | |
runs_on: ubuntu-20.04 | |
go: [ '1.18.7b7' ] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check if test related files changed | |
id: changed-files | |
uses: tj-actions/changed-files@v13 | |
with: | |
files: | | |
**/go.mod | |
**/go.sum | |
**/*.go | |
**/*.yaml | |
**/*.yml | |
**/Makefile | |
**/Makefile.common | |
scripts/install.sh | |
- name: Install Go+BoringCrypto | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: | | |
curl -LJ "https://go-boringcrypto.storage.googleapis.com/go${{ matrix.go }}.linux-amd64.tar.gz" -o go.linux-amd64.tar.gz \ | |
&& sudo rm -rf /usr/local/go \ | |
&& sudo tar -C /usr/local -xzf go.linux-amd64.tar.gz \ | |
&& sudo rm go.linux-amd64.tar.gz \ | |
&& sudo ln -s /usr/local/go/bin/go /usr/local/bin | |
# As described in | |
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds | |
- uses: actions/cache@v3 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
path: | | |
/home/runner/go/pkg/mod | |
/home/runner/.cache/go-build | |
/Users/runner/go/pkg/mod | |
/Users/runner/Library/Caches/go-build | |
key: ${{matrix.arch_os}}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{matrix.arch_os}}-go- | |
- name: Add opentelemetry-collector-builder installation dir to PATH | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: echo "$HOME/bin" >> $GITHUB_PATH | |
- name: Run tests | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make gotest | |
test-wixext: | |
name: Test (SumoLogic.wixext) | |
runs-on: windows-2019 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Fetch current branch | |
run: ./ci/fetch_current_branch.sh | |
- name: Add msbuild to PATH | |
uses: microsoft/[email protected] | |
- name: Restore NuGet packages | |
working-directory: ./packaging/msi/SumoLogic.wixext/SumoLogicTests | |
run: nuget.exe restore -PackagesDirectory ../packages | |
- name: Build unit tests | |
working-directory: ./packaging/msi/SumoLogic.wixext/SumoLogicTests | |
run: msbuild.exe -p:Configuration=Release -p:Platform=AnyCPU -Restore | |
- name: Run unit tests | |
working-directory: ./packaging/msi/SumoLogic.wixext/SumoLogicTests/bin/Release | |
run: dotnet test -v:n ./SumoLogicTests.dll | |
lint: | |
name: Lint (golangci-lint) | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
arch_os: [ 'linux_amd64' ] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check if files changed that need linting | |
id: changed-files | |
uses: tj-actions/changed-files@v13 | |
with: | |
files: | | |
**/go.mod | |
**/go.sum | |
**/*.go | |
**/*.yaml | |
**/*.yml | |
**/Makefile | |
**/Makefile.common | |
- name: Setup go | |
if: steps.changed-files.outputs.any_changed == 'true' | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '1.19' | |
# As described in | |
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds | |
- uses: actions/cache@v3 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
path: | | |
/home/runner/go/pkg/mod | |
/home/runner/.cache/go-build | |
key: ${{matrix.arch_os}}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{matrix.arch_os}}-go- | |
- uses: actions/cache@v3 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
path: | | |
/home/runner/.cache/golangci-lint | |
key: ${{matrix.arch_os}}-golangcilint-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{matrix.arch_os}}-golangcilint- | |
- name: Install golangci-lint | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make install-golangci-lint | |
- name: Add opentelemetry-collector-builder installation dir to PATH | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: echo "$HOME/bin" >> $GITHUB_PATH | |
- name: Run golangci-lint | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make golint | |
build: | |
name: Build | |
runs-on: ${{ matrix.runs_on }} | |
strategy: | |
matrix: | |
include: | |
- arch_os: linux_amd64 | |
runs_on: ubuntu-20.04 | |
- arch_os: linux_arm64 | |
runs_on: ubuntu-20.04 | |
- arch_os: darwin_amd64 | |
runs_on: macos-latest | |
- arch_os: darwin_arm64 | |
runs_on: macos-latest | |
- arch_os: windows_amd64 | |
runs_on: windows-2022 | |
builder_bin_path: '${RUNNER_TEMP}\bin' | |
builder_bin_ext: .exe | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check if build related files changed | |
id: changed-files | |
uses: tj-actions/changed-files@v13 | |
with: | |
files: | | |
otelcolbuilder/.gon_config.json | |
**/go.mod | |
**/go.sum | |
**/*.go | |
**/*.yaml | |
**/*.yml | |
**/Makefile | |
**/Makefile.common | |
**/Dockerfile* | |
- name: Fetch current branch | |
run: ./ci/fetch_current_branch.sh | |
- name: Setup go | |
if: steps.changed-files.outputs.any_changed == 'true' | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '1.19' | |
# As described in | |
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds | |
- uses: actions/cache@v3 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
path: | | |
/home/runner/go/pkg/mod | |
/home/runner/.cache/go-build | |
/Users/runner/go/pkg/mod | |
/Users/runner/Library/Caches/go-build | |
/c/Users/runneradmin/go/pkg/mod | |
/c/Users/runneradmin/AppData/Local/go-build | |
key: ${{matrix.arch_os}}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{matrix.arch_os}}-go- | |
- name: Set default BUILDER_BIN_PATH | |
run: echo "BUILDER_BIN_PATH=${HOME}/bin" >> $GITHUB_ENV | |
- name: Override BUILDER_BIN_PATH if set in matrix | |
run: echo "BUILDER_BIN_PATH=${{matrix.builder_bin_path}}" >> $GITHUB_ENV | |
if: matrix.builder_bin_path != '' | |
- name: Add opentelemetry-collector-builder installation dir to PATH | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: echo "$BUILDER_BIN_PATH" >> $GITHUB_PATH | |
- name: Install opentelemetry-collector-builder | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make install-builder | |
working-directory: ./otelcolbuilder | |
- name: Build | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make otelcol-sumo-${{matrix.arch_os}} | |
working-directory: ./otelcolbuilder | |
# TODO: | |
# Move that out to a separate job and run on a corresponding's OS runner. | |
# - name: Run the binary | |
# run: ./otelcol-sumo-${{matrix.arch_os}} --version | |
# working-directory: ./otelcolbuilder/cmd/ | |
- name: Show included modules | |
if: steps.changed-files.outputs.any_changed == 'true' | |
working-directory: ./otelcolbuilder/cmd | |
run: | | |
go version -m otelcol-sumo-${{matrix.arch_os}}${{matrix.builder_bin_ext}} | \ | |
grep -E "/(receiver|exporter|processor|extension)/" | |
- name: Store binary as action artifact | |
if: steps.changed-files.outputs.any_changed == 'true' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: otelcol-sumo-${{matrix.arch_os}} | |
path: ./otelcolbuilder/cmd/otelcol-sumo-${{matrix.arch_os}}${{matrix.builder_bin_ext}} | |
if-no-files-found: error | |
# pipeline to build FIPS compliance binary on Go+BoringCrypto for linux | |
build-fips: | |
name: Build | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
go: [ '1.18.7b7' ] | |
arch_os: [ 'linux_amd64'] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check if build related files changed | |
id: changed-files | |
uses: tj-actions/changed-files@v13 | |
with: | |
files: | | |
otelcolbuilder/.gon_config.json | |
**/go.mod | |
**/go.sum | |
**/*.go | |
**/*.yaml | |
**/*.yml | |
**/Makefile | |
**/Makefile.common | |
**/Dockerfile* | |
- name: Fetch current branch | |
run: ./ci/fetch_current_branch.sh | |
- name: Install Go+BoringCrypto | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: | | |
curl -LJ "https://go-boringcrypto.storage.googleapis.com/go${{ matrix.go }}.linux-amd64.tar.gz" -o go.linux-amd64.tar.gz \ | |
&& sudo rm -rf /usr/local/go \ | |
&& sudo tar -C /usr/local -xzf go.linux-amd64.tar.gz \ | |
&& sudo rm go.linux-amd64.tar.gz \ | |
&& sudo ln -s /usr/local/go/bin/go /usr/local/bin | |
# As described in | |
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds | |
- uses: actions/cache@v3 | |
if: steps.changed-files.outputs.any_changed == 'true' | |
with: | |
path: | | |
/home/runner/go/pkg/mod | |
/home/runner/.cache/go-build | |
/Users/runner/go/pkg/mod | |
/Users/runner/Library/Caches/go-build | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Add opentelemetry-collector-builder installation dir to PATH | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: echo "$HOME/bin" >> $GITHUB_PATH | |
- name: Install opentelemetry-collector-builder | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make install-builder | |
working-directory: ./otelcolbuilder | |
- name: Build | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make otelcol-sumo-${{matrix.arch_os}} FIPS_SUFFIX="-fips" CGO_ENABLED=1 | |
working-directory: ./otelcolbuilder | |
- name: Show included modules | |
if: steps.changed-files.outputs.any_changed == 'true' | |
working-directory: ./otelcolbuilder/cmd | |
run: | | |
go version -m otelcol-sumo-fips-${{matrix.arch_os}} | \ | |
grep -E "/(receiver|exporter|processor|extension)/" | |
- name: Show BoringSSL symbols | |
if: steps.changed-files.outputs.any_changed == 'true' | |
working-directory: ./otelcolbuilder/cmd | |
run: | | |
go tool nm otelcol-sumo-fips-${{matrix.arch_os}} | \ | |
grep "_Cfunc__goboringcrypto_" | |
- name: Store binary as action artifact | |
if: steps.changed-files.outputs.any_changed == 'true' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: otelcol-sumo-fips-${{matrix.arch_os}} | |
path: ./otelcolbuilder/cmd/otelcol-sumo-fips-${{matrix.arch_os}} | |
if-no-files-found: error | |
build-and-test-container-images: | |
name: Build container | |
runs-on: ubuntu-20.04 | |
needs: | |
- build | |
- build-fips | |
strategy: | |
matrix: | |
arch_os: [ 'linux_amd64', 'linux_arm64'] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check if build related files changed | |
id: changed-files | |
uses: tj-actions/changed-files@v13 | |
with: | |
files: | | |
**/go.mod | |
**/go.sum | |
**/*.go | |
**/*.yaml | |
**/*.yml | |
**/Makefile | |
**/Makefile.common | |
**/Dockerfile* | |
- name: Set up QEMU | |
if: steps.changed-files.outputs.any_changed == 'true' | |
uses: docker/[email protected] | |
- name: Set up Buildx | |
if: steps.changed-files.outputs.any_changed == 'true' | |
id: buildx | |
uses: docker/[email protected] | |
- name: Show Buildx platforms | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: echo ${{ steps.buildx.outputs.platforms }} | |
- name: Download binary action artifact from build phase | |
if: steps.changed-files.outputs.any_changed == 'true' | |
uses: actions/download-artifact@v3 | |
with: | |
name: otelcol-sumo-${{matrix.arch_os}} | |
path: artifacts/ | |
- name: Build the container image | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: | | |
cp artifacts/otelcol-sumo-${{matrix.arch_os}} otelcol-sumo | |
make build-container-multiplatform \ | |
PLATFORM=${{ matrix.arch_os }} | |
- name: Test built image | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make test-built-image | |
- name: Download FIPS binary action artifact from build phase | |
if: steps.changed-files.outputs.any_changed == 'true' && matrix.arch_os == 'linux_amd64' | |
uses: actions/download-artifact@v3 | |
with: | |
name: otelcol-sumo-fips-${{matrix.arch_os}} | |
path: artifacts/ | |
- name: Build the FIPS container image | |
if: steps.changed-files.outputs.any_changed == 'true' && matrix.arch_os == 'linux_amd64' | |
run: | | |
cp artifacts/otelcol-sumo-fips-${{matrix.arch_os}} otelcol-sumo | |
make build-container-multiplatform \ | |
PLATFORM=${{ matrix.arch_os }} LATEST_TAG_FIPS_SUFFIX="-fips" | |
- name: Test built FIPS image | |
if: steps.changed-files.outputs.any_changed == 'true' && matrix.arch_os == 'linux_amd64' | |
run: make test-built-image BUILD_TAG="latest-fips" |