[Snyk] Security upgrade docker from dind to 27.1.1-dind-alpine3.20 #530
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: build-pipeline | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| shell-checker: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: checking syntax of shell script | |
| run: bash -c 'shopt -s globstar nullglob; shellcheck **/*.{sh,ksh,bash}' || true | |
| gitleaks-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Run GitLeaks | |
| run: | | |
| wget https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz && \ | |
| tar -zxvf gitleaks_8.18.2_linux_x64.tar.gz && \ | |
| sudo mv gitleaks /usr/local/bin && gitleaks detect --source . -v | |
| changes: | |
| runs-on: ubuntu-latest | |
| # Set job outputs to values from filter step | |
| # this is done to run the selective jobs based on the code change | |
| outputs: | |
| kafka-deployer: ${{ steps.filter.outputs.kafka-deployer }} | |
| forkbomb: ${{ steps.filter.outputs.forkbomb }} | |
| fio: ${{ steps.filter.outputs.fio }} | |
| mysql-client: ${{ steps.filter.outputs.mysql-client }} | |
| sysbench-client: ${{ steps.filter.outputs.sysbench-client }} | |
| tpcc-client: ${{ steps.filter.outputs.tpcc-client }} | |
| stress-ng: ${{ steps.filter.outputs.stress-ng }} | |
| mongo-client: ${{ steps.filter.outputs.mongo-client }} | |
| postgres-client: ${{ steps.filter.outputs.postgres-client }} | |
| custom-client: ${{ steps.filter.outputs.custom-client }} | |
| logger: ${{ steps.filter.outputs.logger }} | |
| dd-client: ${{ steps.filter.outputs.dd-client }} | |
| memleak: ${{ steps.filter.outputs.memleak }} | |
| elasticsearch-stress: ${{ steps.filter.outputs.elasticsearch-stress }} | |
| kafka-client: ${{ steps.filter.outputs.kafka-client }} | |
| memory-stress: ${{ steps.filter.outputs.memory-stress }} | |
| nfs-client: ${{ steps.filter.outputs.nfs-client }} | |
| cassandra-client: ${{ steps.filter.outputs.cassandra-client }} | |
| litmus-app-deployer: ${{ steps.filter.outputs.litmus-app-deployer }} | |
| litmus-qps-cmd: ${{ steps.filter.outputs.litmus-qps-cmd }} | |
| container-killer: ${{ steps.filter.outputs.container-killer }} | |
| litmus-git-app-checker: ${{ steps.filter.outputs.litmus-git-app-checker }} | |
| litmus-k8s: ${{ steps.filter.outputs.litmus-k8s }} | |
| litmus-curl: ${{ steps.filter.outputs.litmus-curl }} | |
| litmus-checker: ${{ steps.filter.outputs.litmus-checker }} | |
| litmus-argocli: ${{ steps.filter.outputs.litmus-argocli }} | |
| workflow-controller: ${{ steps.filter.outputs.workflow-controller }} | |
| argoexec: ${{ steps.filter.outputs.argoexec }} | |
| mongo: ${{ steps.filter.outputs.mongo }} | |
| litmus-pg-load: ${{ steps.filter.outputs.litmus-pg-load }} | |
| litmus-experiment-hardened-alpine: ${{ steps.filter.outputs.litmus-experiment-hardened-alpine }} | |
| litmus-infra-hardened-alpine: ${{ steps.filter.outputs.litmus-infra-hardened-alpine }} | |
| litmus-pg-jmeter: ${{ steps.filter.outputs.litmus-pg-jmeter }} | |
| mongo-utils: ${{ steps.filter.outputs.mongo-utils }} | |
| litmusctl: ${{ steps.filter.outputs.litmusctl }} | |
| litmus-redis-load: ${{ steps.filter.outputs.litmus-redis-load }} | |
| litmus-helm-agent: ${{ steps.filter.outputs.litmus-helm-agent }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: dorny/paths-filter@v2 | |
| id: filter | |
| with: | |
| filters: | | |
| forkbomb: | |
| - 'resource_stress/forkbomb/**' | |
| fio: | |
| - 'io_tools/fio/**' | |
| mysql-client: | |
| - 'app_clients/mysql-client/**' | |
| sysbench-client: | |
| - 'io_tools/sysbench/**' | |
| tpcc-client: | |
| - 'io_tools/tpcc/**' | |
| stress-ng: | |
| - 'resource_stress/stress-ng/**' | |
| mongo-client: | |
| - 'app_clients/mongo-client/**' | |
| postgres-client: | |
| - 'app_clients/postgres-client/**' | |
| custom-client: | |
| - 'custom/custom-client/**' | |
| litmus-checker: | |
| - 'custom/litmus-checker/**' | |
| litmus-experiment-hardened-alpine: | |
| - 'custom/hardened-alpine/experiment/**' | |
| litmus-infra-hardened-alpine: | |
| - 'custom/hardened-alpine/infra/**' | |
| logger: | |
| - 'log_utils/logger/**' | |
| dd-client: | |
| - 'io_tools/dd/**' | |
| memleak: | |
| - 'resource_stress/memleak/**' | |
| elasticsearch-stress: | |
| - 'app_clients/elasticsearch-stress/**' | |
| kafka-client: | |
| - 'app_clients/kafka-client/**' | |
| nfs-client: | |
| - 'app_clients/nfs-client/**' | |
| cassandra-client: | |
| - 'app_clients/cassandra-client/**' | |
| litmus-app-deployer: | |
| - 'custom/workflow-helper/app-deployer/**' | |
| litmus-qps-cmd: | |
| - 'custom/workflow-helper/app-qps-test/**' | |
| container-killer: | |
| - 'containerd/crictl/**' | |
| litmus-git-app-checker: | |
| - 'custom/workflow-helper/app-checker/**' | |
| litmus-k8s: | |
| - 'custom/k8s/**' | |
| litmus-curl: | |
| - 'custom/curl/**' | |
| litmus-argocli: | |
| - 'custom/argo-server/**' | |
| workflow-controller: | |
| - 'custom/argo-workflow-controller/**' | |
| argoexec: | |
| - 'custom/argo-workflow-executor/**' | |
| mongo: | |
| - 'custom/mongo/**' | |
| kafka-deployer: | |
| - 'custom/app-setup/kafka/**' | |
| litmus-pg-load: | |
| - 'custom/workflow-helper/postgres-helper/load-test/**' | |
| litmus-pg-jmeter: | |
| - 'custom/workflow-helper/postgres-helper/jmeter/**' | |
| mongo-utils: | |
| - 'custom/mongo-utils/**' | |
| litmusctl: | |
| - 'custom/litmusctl/**' | |
| litmus-redis-load: | |
| - 'custom/workflow-helper/redis-helper/load-gen/**' | |
| litmus-helm-agent: | |
| - 'custom/litmus-helm-agent/**' | |
| litmus-app-deployer: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-app-deployer == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-app-deployer image | |
| run: make litmus-app-deployer | |
| litmus-qps-cmd: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-qps-cmd == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-qps-cmd image | |
| run: make litmus-qps-cmd | |
| litmus-checker: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-checker == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-checker image | |
| run: make litmus-checker | |
| litmus-infra-hardened-alpine: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-infra-hardened-alpine == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-infra-hardened-alpine image | |
| run: make litmus-infra-hardened-alpine | |
| litmus-experiment-hardened-alpine: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-experiment-hardened-alpine == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-experiment-hardened-alpine image | |
| run: make litmus-experiment-hardened-alpine | |
| litmus-git-app-checker: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-git-app-checker == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-git-app-checker image | |
| run: make litmus-git-app-checker | |
| litmus-k8s: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-k8s == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-k8s image | |
| run: make litmus-k8s | |
| litmus-curl: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-curl == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-curl image | |
| run: make litmus-curl | |
| kafka-client: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.kafka-client == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building kafka-client image | |
| run: make kafka-client | |
| cassandra-client: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.cassandra-client == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building cassandra-client image | |
| run: make cassandra-client | |
| litmus-argocli: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-argocli == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-argocli image | |
| run: make litmus-argocli | |
| litmus-argo-workflow-controller: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.workflow-controller == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building workflow-controller image | |
| run: make litmus-argo-workflow-controller | |
| litmus-argo-workflow-executor: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.argoexec == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building argoexec image | |
| run: make litmus-argo-workflow-executor | |
| mongo: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.mongo == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building mongo image | |
| run: make litmus-mongo | |
| kafka-deployer: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.kafka-deployer == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building kafka-deployer image | |
| run: make litmus-kafka-deployer | |
| mysql-client: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.mysql-client == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building mysql-client image | |
| run: make mysql-client | |
| sysbench-client: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.sysbench-client == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building sysbench-client image | |
| run: make sysbench | |
| tpcc-client: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.tpcc-client == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building tpcc-client image | |
| run: make tpcc | |
| stress-ng: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.stress-ng == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building stress-ng image | |
| run: make stress-ng | |
| mongo-client: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.mongo-client == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building mongo-client image | |
| run: make mongo-client | |
| postgres-client: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.postgres-client == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building postgres-client image | |
| run: make postgres-client | |
| custom-client: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.custom-client == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building custom-client image | |
| run: make custom-client | |
| logger: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.logger == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building logger image | |
| run: make logger | |
| dd-client: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.dd-client == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building dd-client image | |
| run: make dd | |
| memleak: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.memleak == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building memleak image | |
| run: make memleak | |
| elasticsearch-stress: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.elasticsearch-stress == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building elasticsearch-stress image | |
| run: make elasticsearch-stress | |
| memory-stress: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.memory-stress == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building memory-stress image | |
| run: make memory-stress | |
| nfs-client: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.nfs-client == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building nfs-client image | |
| run: make nfs-client | |
| container-killer: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.container-killer == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building container-killer image | |
| run: make container-killer | |
| forkbomb: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.forkbomb == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building forkbomb image | |
| run: make forkbomb | |
| fio: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.fio == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building fio image | |
| run: make fio | |
| litmus-pg-load: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-pg-load == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-pg-load image | |
| run: make litmus-pg-load | |
| litmus-pg-jmeter: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-pg-jmeter == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-pg-jmeter image | |
| run: make litmus-pg-jmeter | |
| mongo-utils: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.mongo-utils == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building mongo-utils image | |
| run: | | |
| make litmus-mongo-utils | |
| litmusctl: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmusctl == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmusctl image | |
| run: | | |
| make litmusctl | |
| litmus-redis-load: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-redis-load == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-redis-load image | |
| run: | | |
| make litmus-redis-load | |
| litmus-helm-agent: | |
| runs-on: ubuntu-latest | |
| needs: changes | |
| if: needs.changes.outputs.litmus-helm-agent == 'true' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Building litmus-helm-agent image | |
| run: | | |
| make docker.buildx | |
| make litmus-helm-agent |