Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upstream pull #438

Closed
wants to merge 25 commits into from
Closed

Upstream pull #438

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
5a1180b
use golang 1.17.3 to fix xray issue (#1)
ooms97 Nov 8, 2021
3419e8e
update packages
ooms97 Nov 9, 2021
c107842
combine require block
ooms97 Nov 9, 2021
5198bac
upgrade x/text package
ooms97 Nov 9, 2021
b7f741b
Merge pull request #1 from nuance-mix/upgrade-go-1.17
ooms97 Nov 9, 2021
57c6616
Replacing Circle CI with GH actions
OmegaVVeapon Dec 21, 2021
c4c8538
Merge pull request #3 from nuance-mix/feature/build-and-push-image
OmegaVVeapon Jan 6, 2022
0a481f6
Bumping to golang:1.17.5
OmegaVVeapon Jan 6, 2022
a8ef2eb
Merge pull request #4 from nuance-mix/fix/xmixdevops-1029-bump-golang
OmegaVVeapon Jan 6, 2022
8e31a73
Fixing latest tag not having the JFrog artifactory URL
OmegaVVeapon Jan 6, 2022
a47c834
Merge pull request #5 from nuance-mix/fix/latest-tag
OmegaVVeapon Jan 6, 2022
9d72b2d
updated base image
tanujbhatia1708 Feb 25, 2022
cf56025
Merge pull request #7 from nuance-mix/fix/xray-issues
tanujbhatia1708 Feb 25, 2022
0c7bdf5
updated the go version
tanujbhatia1708 Mar 31, 2022
e0ceced
Merge pull request #8 from nuance-mix/XMIXSRE-203-go-version-update
tanujbhatia1708 Mar 31, 2022
87a5807
updated golang version
tanujbhatia1708 May 27, 2022
8058d7e
Merge pull request #9 from nuance-mix/XMIXSRE-336-Fix-xray-issues
tanujbhatia1708 May 27, 2022
9d1f423
updated go lang version
tanujbhatia1708 Aug 30, 2022
8672787
Merge pull request #10 from nuance-mix/XMIXSRE-551-fix-xray-issues
tanujbhatia1708 Aug 30, 2022
059d8e6
updated golang to latest version (#11)
tanujbhatia1708 Aug 31, 2022
45c7f75
fix: XMIXDEVOPS-1290 updating Image artifacts to DEV ACR (#12)
tanujbhatia1708 Sep 16, 2022
5b1c746
update go version to 1.19.2
ooms97 Oct 12, 2022
f9ceefc
fix some deps
ooms97 Oct 12, 2022
faa296a
Merge pull request #13 from nuance-mix/fix/update-go
ooms97 Oct 12, 2022
d259749
fix : updated golang image (#14)
tanujbhatia1708 May 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 0 additions & 62 deletions .circleci/config.yml
View file
Open in desktop

This file was deleted.

125 changes: 125 additions & 0 deletions .github/workflows/docker_build_push.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
---
on:
push:
branches:
- '**' # matches every branch
tags:
- '*' # matches every tag that doesn't contain a '/'


jobs:
build_and_push_image:
runs-on: self-hosted
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Prepare
id: prep
run: |
REPOSITORY_NAME=$(echo "$GITHUB_REPOSITORY" | awk -F / '{print $2}')
REGISTRY_PATH="${{ secrets.ARTIFACTORY_URL }}/xmix-docker-dev/${REPOSITORY_NAME}"
VERSION=edge
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
elif [[ $GITHUB_REF == refs/heads/* ]]; then
VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
elif [[ $GITHUB_REF == refs/pull/* ]]; then
VERSION=pr-${{ github.event.number }}
fi
TAGS="${REGISTRY_PATH}:${VERSION}"
# TODO: Refine... was creating too many hashes
# if [ "${{ github.event_name }}" = "push" ]; then
# TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
# fi
# if we pushed a tag, we also want publish a new latest image
if [[ $GITHUB_REF == refs/tags/* ]]; then
TAGS="$TAGS,${REGISTRY_PATH}:latest"
fi
echo "TAGS to build and push are ${TAGS}"
echo ::set-output name=version::${VERSION}
echo ::set-output name=tags::${TAGS}
echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to Nuance JFrog Artifactory
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
registry: ${{ secrets.ARTIFACTORY_URL }}
username: ${{ secrets.XMIX_PUBLISH_USERNAME }}
password: ${{ secrets.XMIX_PUBLISH_PASSWORD }}
-
name: Build and push to artifactory
uses: docker/build-push-action@v2
with:
build-args: VERSION=${{ steps.prep.outputs.version }}
context: .
file: ./Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.prep.outputs.tags }}
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}

build_and_push_acrimage:
runs-on: self-hosted
steps:
-
name: Checkout
uses: actions/checkout@v2
-
name: Prepare
id: prep
run: |
ACR_REPOSITORY_NAME=$(echo "$GITHUB_REPOSITORY" | awk -F / '{print $2}')
ACR_REGISTRY_PATH="${{ secrets.DEVACR_URL }}/docker/base-images/${ACR_REPOSITORY_NAME}"
VERSION=edge
if [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
elif [[ $GITHUB_REF == refs/heads/* ]]; then
VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
elif [[ $GITHUB_REF == refs/pull/* ]]; then
VERSION=pr-${{ github.event.number }}
fi
TAGS="${ACR_REGISTRY_PATH}:${VERSION}"
# TODO: Refine... was creating too many hashes
# if [ "${{ github.event_name }}" = "push" ]; then
# TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
# fi
# if we pushed a tag, we also want publish a new latest image
if [[ $GITHUB_REF == refs/tags/* ]]; then
TAGS="$TAGS,${ACR_REGISTRY_PATH}:latest"
fi
echo "TAGS to build and push are ${TAGS}"
echo ::set-output name=version::${VERSION}
echo ::set-output name=tags::${TAGS}
echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
-
name: Login to ACR Docker
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
registry: ${{ secrets.DEVACR_URL }}
username: ${{ secrets.XMIX_DEVACR_USERNAME }}
password: ${{ secrets.XMIX_DEVACR_PASSWORD }}
-
name: Build and push to acr
uses: docker/build-push-action@v2
with:
build-args: VERSION=${{ steps.prep.outputs.version }}
context: .
file: ./Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.prep.outputs.tags }}
labels: |
org.opencontainers.image.source=${{ github.event.repository.html_url }}
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
9 changes: 6 additions & 3 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,22 @@
FROM golang:1.15-alpine as builder

FROM golang:1.20.4-alpine3.16 as builder

ARG ${VERSION:-1.0.0}
MAINTAINER FullStory Engineering

# create non-privileged group and user
RUN addgroup -S grpcurl && adduser -S grpcurl -G grpcurl

WORKDIR /tmp/fullstorydev/grpcurl
# copy just the files/sources we need to build grpcurl
COPY VERSION *.go go.* /tmp/fullstorydev/grpcurl/
COPY *.go go.* /tmp/fullstorydev/grpcurl/
COPY cmd /tmp/fullstorydev/grpcurl/cmd
# and build a completely static binary (so we can use
# scratch as basis for the final image)
ENV CGO_ENABLED=0
ENV GO111MODULE=on
RUN go build -o /grpcurl \
-ldflags "-w -extldflags \"-static\" -X \"main.version=$(cat VERSION)\"" \
-ldflags "-w -extldflags \"-static\" -X \"main.version=${VERSION}\"" \
./cmd/grpcurl

# New FROM so we have a nice'n'tiny image
Expand Down
29 changes: 21 additions & 8 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,27 @@
module github.com/fullstorydev/grpcurl

Check failure on line 1 in go.mod

View check run for this annotation

Wiz Inc. (e194d921e3) - fullstorydev / Wiz Vulnerability Scanner

golang.org/x/net:0.10.0 

Detected Vulnerabilities:
  CVE-2023-3978, Severity: Medium, Source: https://github.com/advisories/GHSA-2wrh-6pvc-2jm9
    CVSS score: 6.1, CVSS exploitability score: 2.8
    🩹 Fixed version: 0.13.0
    💥 Has public exploit
    🧨 Has CISA KEV exploit
  CVE-2023-39325, Severity: High, Source: https://github.com/advisories/GHSA-4374-p667-p6c8
    CVSS score: 7.5, CVSS exploitability score: 3.9
    🩹 Fixed version: 0.17.0
    💥 Has public exploit
    🧨 Has CISA KEV exploit
  CVE-2023-44487, Severity: Medium, Source: https://github.com/advisories/GHSA-qppj-fm5r-hxr3
    CVSS score: 7.5, CVSS exploitability score: 3.9
    🩹 Fixed version: 0.17.0
    💥 Has public exploit
    🧨 Has CISA KEV exploit

Check failure on line 1 in go.mod

View check run for this annotation

Wiz Inc. (e194d921e3) - fullstorydev / Wiz Vulnerability Scanner

google.golang.org/grpc:1.50.0 

Detected Vulnerabilities:
  CVE-2023-44487, Severity: Medium, Source: https://github.com/advisories/GHSA-qppj-fm5r-hxr3
    CVSS score: 7.5, CVSS exploitability score: 3.9
    🩹 Fixed version: 1.56.3
    💥 Has public exploit
    🧨 Has CISA KEV exploit
  GHSA-m425-mq94-257g, Severity: High, Source: https://github.com/advisories/GHSA-m425-mq94-257g
    CVSS score: 7.5
    🩹 Fixed version: 1.56.3
    💥 Has public exploit
    🧨 Has CISA KEV exploit

go 1.15
go 1.17

require (
github.com/jhump/protoreflect v1.13.0
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency Risk: google.golang.org/[email protected] has 2 vulnerabilities

Upgrade to version 1.56.3 to mitigate all risks. This is a minor change from the installed version.

Severity: High 🚨
Status: Open 🔴

Vulnerabilities:

  1. GHSA-m425-mq94-257g - Severity: high - Fix: 1.56.3, 1.57.1, 1.58.3
  2. CVE-2023-44487 - Severity: medium - Fix: 1.58.3, 1.57.1, 1.56.3

You received this notification because a new code risk has been identified

google.golang.org/grpc v1.50.0
google.golang.org/protobuf v1.30.0
)

require (
cloud.google.com/go v0.56.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/golang/protobuf v1.4.2
github.com/jhump/protoreflect v1.10.1
google.golang.org/grpc v1.37.0
google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
gopkg.in/yaml.v2 v2.2.8 // indirect
github.com/census-instrumentation/opencensus-proto v0.2.1 // indirect
github.com/cespare/xxhash/v2 v2.1.1 // indirect
github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 // indirect
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1 // indirect
github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1 // indirect
github.com/envoyproxy/protoc-gen-validate v0.1.0 // indirect
github.com/golang/protobuf v1.5.2 // indirect
golang.org/x/net v0.10.0 // indirect
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency Risk: golang.org/x/[email protected] has 3 vulnerabilities

Upgrade to version 0.17.0 to mitigate all risks. This is a minor change from the installed version.

Severity: Medium ⚠️
Status: Open 🔴

Vulnerabilities:

  1. CVE-2023-39325 - Severity: medium - Fix: 0.17.0
  2. CVE-2023-3978 - Severity: medium - Fix: 0.13.0
  3. CVE-2023-44487 - Severity: medium - Fix: 0.17.0

You received this notification because a new code risk has been identified

golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/term v0.8.0 // indirect
golang.org/x/text v0.9.0 // indirect
google.golang.org/appengine v1.6.5 // indirect
google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e // indirect
)
Loading