Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(ci): update go and add cve check #375

Merged
merged 57 commits into from
Sep 18, 2024
Merged

refactor(ci): update go and add cve check #375

merged 57 commits into from
Sep 18, 2024

Conversation

universal-itengineer
Copy link
Member

@universal-itengineer universal-itengineer commented Sep 17, 2024
edited
Loading

Description

Added CI weekly CVE check via trivy
Updated go version to 1.22.7 to prevent recent CVEs.
Remove unnecessary base go images
Updated base image alpine image to 3.17.10
Updated base image debian:bookworm-slim

Why do we need it, and what problem does it solve?

Improved protection of images against various vulnerabilities
Improved ci

What is the expected result?

All pods will be restarted.
VMs will be migrated, if workload settings set to livemigration in other case you should manually restart them.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

@universal-itengineer universal-itengineer changed the title refactor(ci): update go and add trivy check refactor(ci): update go and add cve check Sep 17, 2024
@universal-itengineer universal-itengineer force-pushed the refactor/ci/update-go-add-trivy branch 4 times, most recently from 9faafb2 to 907e4b2 Compare September 17, 2024 07:14
@universal-itengineer universal-itengineer force-pushed the refactor/ci/update-go-add-trivy branch 2 times, most recently from c343e41 to 2f3a860 Compare September 17, 2024 09:55
diafour
diafour reviewed Sep 17, 2024
View reviewed changes
Taskfile.yaml Outdated Show resolved Hide resolved
diafour
diafour reviewed Sep 17, 2024
View reviewed changes
Taskfile.yaml Outdated Show resolved Hide resolved
diafour
diafour reviewed Sep 17, 2024
View reviewed changes
tools/cve/scan-main.sh Outdated Show resolved Hide resolved
@universal-itengineer
chore(module):virtualization api go 1.22.6
11f5cb9 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore(module): api/list-resources go 1.22.6
6e0dd40 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore(module): base image BASE_GOLANG_22_BOOKWORM to 1.22.6
ade8140 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore(module): dvcr-artifact image to BASE_GOLANG_22_BOOKWORM
4ac7c2f 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore(module): kube-api-proxy update image go to BASE_GOLANG_22_BOOKWORM
4441ff5 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
resolve conflict
ba286dc 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore(module): vm-route-forge, update image to BASE_GOLANG_22_BOOKWORM
17f3f60 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore(module): update go version in workflows
565c282 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore(ci): temporary add curent branch to ci
027fa6c 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: update qemu to 8.2.6-alt0.p10.1:p10+353259.100.4.1
516c5bf 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: kube-api-proxy golang.org/x/net,sys,term to 0.23.0
83bdc2e 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore update github.com/docker/docker to v25.0.6+incompatible
9d18d31 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: exclude dvcr-art from final images
f38f940 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: virt-launcher add python3 setuptools==1:69.5.1-alt1
ce07676 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: change qemu-img version
3ff98d9 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: setuptools to 70.3.0
6146923 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: update setuptools in libguestfs,virt-handler
53758bb 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: refactor cve task and ci
209ea9c 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: delete temp cve-check taskfile
eca7e0a 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: cleanup ci
8dd538c 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: update go for shatal
6b33e56 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: temporary add dev branch
f1f1383 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: resolve comments
2a318fb 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer @diafour
Update tools/cve/scan-main.sh
edd55a4 
Co-authored-by: Ivan Mikheykin <ivan.mikheykin@flant.com>
Signed-off-by: Nikita Korolev <141920865+universal-itengineer@users.noreply.github.com>
@universal-itengineer
chore: update scan script
024423c 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
resolve conflict final
26adb57 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
resolve conflict final
0cec76a 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: remove exclude builder and artifact from script
8cee6e3 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: remove unnecessary images from base images
7cd22f1 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: update alpine image
c2dcc05 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: rm pkg versions from edk2-builder
5314750 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@universal-itengineer
chore: pkg versions back for img edk2-builder
2c83f4a 
Signed-off-by: Nikita korolev <nikita.korolev@flant.com>
@diafour
++ revert changes in edk2 builder
a7a41df 
Signed-off-by: Ivan Mikheykin <ivan.mikheykin@flant.com>
@universal-itengineer universal-itengineer merged commit a435890 into main Sep 18, 2024
10 checks passed
@universal-itengineer universal-itengineer deleted the refactor/ci/update-go-add-trivy branch September 18, 2024 12:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diafour diafour diafour approved these changes

@hardcoretime hardcoretime Awaiting requested review from hardcoretime

Assignees

@universal-itengineer universal-itengineer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@universal-itengineer @diafour