From c6b297dc82064f785b6cb32986d578b01e4f1c9c Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Wed, 6 Nov 2024 15:05:04 +1300 Subject: [PATCH 1/4] Update database for transaction counter fixes with retries --- composer.json | 4 +-- composer.lock | 72 +++++++++++++++++++++++++-------------------------- 2 files changed, 38 insertions(+), 38 deletions(-) diff --git a/composer.json b/composer.json index 5a2df912fd..dbd1575919 100644 --- a/composer.json +++ b/composer.json @@ -48,10 +48,10 @@ "utopia-php/abuse": "0.43.0", "utopia-php/analytics": "0.10.*", "utopia-php/audit": "0.43.0", - "utopia-php/cache": "0.10.*", + "utopia-php/cache": "0.11.*", "utopia-php/cli": "0.15.*", "utopia-php/config": "0.2.*", - "utopia-php/database": "0.53.13", + "utopia-php/database": "0.53.15", "utopia-php/domains": "0.5.*", "utopia-php/dsn": "0.2.1", "utopia-php/framework": "0.33.*", diff --git a/composer.lock b/composer.lock index 452aefd26f..995afcd426 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "f6eb364e8504ebc2f6c9fe38d75f7e86", + "content-hash": "fb924a3640fb2c2e6e273718415f8205", "packages": [ { "name": "adhocore/jwt", @@ -1574,16 +1574,16 @@ }, { "name": "utopia-php/cache", - "version": "0.10.2", + "version": "0.11.0", "source": { "type": "git", "url": "https://github.com/utopia-php/cache.git", - "reference": "b22c6eb6d308de246b023efd0fc9758aee8b8247" + "reference": "8ebcab5aac7606331cef69b0081f6c9eff2e58bc" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/cache/zipball/b22c6eb6d308de246b023efd0fc9758aee8b8247", - "reference": "b22c6eb6d308de246b023efd0fc9758aee8b8247", + "url": "https://api.github.com/repos/utopia-php/cache/zipball/8ebcab5aac7606331cef69b0081f6c9eff2e58bc", + "reference": "8ebcab5aac7606331cef69b0081f6c9eff2e58bc", "shasum": "" }, "require": { @@ -1594,7 +1594,7 @@ }, "require-dev": { "laravel/pint": "1.2.*", - "phpstan/phpstan": "1.9.x-dev", + "phpstan/phpstan": "^1.12", "phpunit/phpunit": "^9.3", "vimeo/psalm": "4.13.1" }, @@ -1618,9 +1618,9 @@ ], "support": { "issues": "https://github.com/utopia-php/cache/issues", - "source": "https://github.com/utopia-php/cache/tree/0.10.2" + "source": "https://github.com/utopia-php/cache/tree/0.11.0" }, - "time": "2024-06-25T20:36:35+00:00" + "time": "2024-11-05T16:53:58+00:00" }, { "name": "utopia-php/cli", @@ -1724,23 +1724,23 @@ }, { "name": "utopia-php/database", - "version": "0.53.13", + "version": "0.53.15", "source": { "type": "git", "url": "https://github.com/utopia-php/database.git", - "reference": "a7e5de257e36e1b804d35b307865dd4036baa33e" + "reference": "2ed56d0e889f4612e54339cf55c1b751e5fe8d8f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/database/zipball/a7e5de257e36e1b804d35b307865dd4036baa33e", - "reference": "a7e5de257e36e1b804d35b307865dd4036baa33e", + "url": "https://api.github.com/repos/utopia-php/database/zipball/2ed56d0e889f4612e54339cf55c1b751e5fe8d8f", + "reference": "2ed56d0e889f4612e54339cf55c1b751e5fe8d8f", "shasum": "" }, "require": { "ext-mbstring": "*", "ext-pdo": "*", "php": ">=8.3", - "utopia-php/cache": "0.10.*", + "utopia-php/cache": "0.11.*", "utopia-php/framework": "0.33.*", "utopia-php/mongo": "0.3.*" }, @@ -1774,9 +1774,9 @@ ], "support": { "issues": "https://github.com/utopia-php/database/issues", - "source": "https://github.com/utopia-php/database/tree/0.53.13" + "source": "https://github.com/utopia-php/database/tree/0.53.15" }, - "time": "2024-11-05T10:08:05+00:00" + "time": "2024-11-06T01:48:19+00:00" }, { "name": "utopia-php/domains", @@ -2495,16 +2495,16 @@ }, { "name": "utopia-php/queue", - "version": "0.7.0", + "version": "0.7.1", "source": { "type": "git", "url": "https://github.com/utopia-php/queue.git", - "reference": "917565256eb94bcab7246f7a746b1a486813761b" + "reference": "94c240d9f6383829807ce7b2d737f04b159fd3e8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/queue/zipball/917565256eb94bcab7246f7a746b1a486813761b", - "reference": "917565256eb94bcab7246f7a746b1a486813761b", + "url": "https://api.github.com/repos/utopia-php/queue/zipball/94c240d9f6383829807ce7b2d737f04b159fd3e8", + "reference": "94c240d9f6383829807ce7b2d737f04b159fd3e8", "shasum": "" }, "require": { @@ -2550,9 +2550,9 @@ ], "support": { "issues": "https://github.com/utopia-php/queue/issues", - "source": "https://github.com/utopia-php/queue/tree/0.7.0" + "source": "https://github.com/utopia-php/queue/tree/0.7.1" }, - "time": "2024-01-17T19:00:43+00:00" + "time": "2024-11-05T17:00:38+00:00" }, { "name": "utopia-php/registry", @@ -2770,22 +2770,22 @@ }, { "name": "utopia-php/vcs", - "version": "0.8.2", + "version": "0.8.3", "source": { "type": "git", "url": "https://github.com/utopia-php/vcs.git", - "reference": "eb9b7eade1a46a4f660e0d5a6304f7fa26ec9d18" + "reference": "a032ed0611a8f4467aeaa9484f73223074457337" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/vcs/zipball/eb9b7eade1a46a4f660e0d5a6304f7fa26ec9d18", - "reference": "eb9b7eade1a46a4f660e0d5a6304f7fa26ec9d18", + "url": "https://api.github.com/repos/utopia-php/vcs/zipball/a032ed0611a8f4467aeaa9484f73223074457337", + "reference": "a032ed0611a8f4467aeaa9484f73223074457337", "shasum": "" }, "require": { "adhocore/jwt": "^1.1", "php": ">=8.0", - "utopia-php/cache": "^0.10.0", + "utopia-php/cache": "^0.11.0", "utopia-php/framework": "0.*.*" }, "require-dev": { @@ -2813,9 +2813,9 @@ ], "support": { "issues": "https://github.com/utopia-php/vcs/issues", - "source": "https://github.com/utopia-php/vcs/tree/0.8.2" + "source": "https://github.com/utopia-php/vcs/tree/0.8.3" }, - "time": "2024-08-13T14:36:30+00:00" + "time": "2024-11-05T17:10:09+00:00" }, { "name": "utopia-php/websocket", @@ -4004,16 +4004,16 @@ }, { "name": "phpdocumentor/reflection-docblock", - "version": "5.4.1", + "version": "5.5.0", "source": { "type": "git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", - "reference": "9d07b3f7fdcf5efec5d1609cba3c19c5ea2bdc9c" + "reference": "54e10d44fc1a84e2598d26f70d4f6f1f233e228a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/9d07b3f7fdcf5efec5d1609cba3c19c5ea2bdc9c", - "reference": "9d07b3f7fdcf5efec5d1609cba3c19c5ea2bdc9c", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/54e10d44fc1a84e2598d26f70d4f6f1f233e228a", + "reference": "54e10d44fc1a84e2598d26f70d4f6f1f233e228a", "shasum": "" }, "require": { @@ -4026,13 +4026,13 @@ "webmozart/assert": "^1.9.1" }, "require-dev": { - "mockery/mockery": "~1.3.5", + "mockery/mockery": "~1.3.5 || ~1.6.0", "phpstan/extension-installer": "^1.1", "phpstan/phpstan": "^1.8", "phpstan/phpstan-mockery": "^1.1", "phpstan/phpstan-webmozart-assert": "^1.2", "phpunit/phpunit": "^9.5", - "vimeo/psalm": "^5.13" + "psalm/phar": "^5.26" }, "type": "library", "extra": { @@ -4062,9 +4062,9 @@ "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", "support": { "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues", - "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.4.1" + "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.5.0" }, - "time": "2024-05-21T05:55:05+00:00" + "time": "2024-11-04T21:26:31+00:00" }, { "name": "phpdocumentor/type-resolver", From 0f6aa3d5b1ebfef6b8f8536b5cf204f13d32853b Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Wed, 6 Nov 2024 15:45:26 +1300 Subject: [PATCH 2/4] Fix trivy scans --- .github/workflows/nightly.yml | 45 +++++++++++++++++++++++++++++++++-- .github/workflows/pr-scan.yml | 10 ++++++-- 2 files changed, 51 insertions(+), 4 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 80d880244c..22e28f01b8 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -5,6 +5,36 @@ on: workflow_dispatch: jobs: + update-trivy-db: + runs-on: ubuntu-latest + steps: + - name: Setup oras + uses: oras-project/setup-oras@v1 + + - name: Get current date + id: date + run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT + + - name: Download and extract the vulnerability DB + run: | + mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db + oras pull ghcr.io/aquasecurity/trivy-db:2 + tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db + rm db.tar.gz + + - name: Download and extract the Java DB + run: | + mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db + oras pull ghcr.io/aquasecurity/trivy-java-db:1 + tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db + rm javadb.tar.gz + + - name: Cache DBs + uses: actions/cache/save@v4 + with: + path: ${{ github.workspace }}/.cache/trivy + key: cache-trivy-${{ steps.date.outputs.date }} + scan-image: name: Scan Docker Image runs-on: ubuntu-latest @@ -13,16 +43,22 @@ jobs: uses: actions/checkout@v4 with: submodules: recursive + - name: Build the Docker image run: docker build . -t appwrite_image:latest + - name: Run Trivy vulnerability scanner on image - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.28.0 with: image-ref: 'appwrite_image:latest' format: 'sarif' output: 'trivy-image-results.sarif' ignore-unfixed: 'false' severity: 'CRITICAL,HIGH' + env: + TRIVY_SKIP_DB_UPDATE: true + TRIVY_SKIP_JAVA_DB_UPDATE: true + - name: Upload Docker Image Scan Results uses: github/codeql-action/upload-sarif@v2 with: @@ -34,13 +70,18 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 + - name: Run Trivy vulnerability scanner on filesystem - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.28.0 with: scan-type: 'fs' format: 'sarif' output: 'trivy-fs-results.sarif' severity: 'CRITICAL,HIGH' + env: + TRIVY_SKIP_DB_UPDATE: true + TRIVY_SKIP_JAVA_DB_UPDATE: true + - name: Upload Code Scan Results uses: github/codeql-action/upload-sarif@v2 with: diff --git a/.github/workflows/pr-scan.yml b/.github/workflows/pr-scan.yml index eded58985d..1289efce11 100644 --- a/.github/workflows/pr-scan.yml +++ b/.github/workflows/pr-scan.yml @@ -26,21 +26,27 @@ jobs: tags: pr_image:${{ github.sha }} - name: Run Trivy vulnerability scanner on image - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.28.0 with: image-ref: 'pr_image:${{ github.sha }}' format: 'json' output: 'trivy-image-results.json' severity: 'CRITICAL,HIGH' + env: + TRIVY_SKIP_DB_UPDATE: true + TRIVY_SKIP_JAVA_DB_UPDATE: true - name: Run Trivy vulnerability scanner on source code - uses: aquasecurity/trivy-action@0.20.0 + uses: aquasecurity/trivy-action@0.28.0 with: scan-type: 'fs' scan-ref: '.' format: 'json' output: 'trivy-fs-results.json' severity: 'CRITICAL,HIGH' + env: + TRIVY_SKIP_DB_UPDATE: true + TRIVY_SKIP_JAVA_DB_UPDATE: true - name: Process Trivy scan results id: process-results From 90f63a30f61097d1c33ace3eac284953209c8956 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Wed, 6 Nov 2024 16:24:55 +1300 Subject: [PATCH 3/4] Revert "Fix trivy scans" This reverts commit 0f6aa3d5b1ebfef6b8f8536b5cf204f13d32853b. --- .github/workflows/nightly.yml | 45 ++--------------------------------- .github/workflows/pr-scan.yml | 10 ++------ 2 files changed, 4 insertions(+), 51 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 22e28f01b8..80d880244c 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -5,36 +5,6 @@ on: workflow_dispatch: jobs: - update-trivy-db: - runs-on: ubuntu-latest - steps: - - name: Setup oras - uses: oras-project/setup-oras@v1 - - - name: Get current date - id: date - run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT - - - name: Download and extract the vulnerability DB - run: | - mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db - oras pull ghcr.io/aquasecurity/trivy-db:2 - tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db - rm db.tar.gz - - - name: Download and extract the Java DB - run: | - mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db - oras pull ghcr.io/aquasecurity/trivy-java-db:1 - tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db - rm javadb.tar.gz - - - name: Cache DBs - uses: actions/cache/save@v4 - with: - path: ${{ github.workspace }}/.cache/trivy - key: cache-trivy-${{ steps.date.outputs.date }} - scan-image: name: Scan Docker Image runs-on: ubuntu-latest @@ -43,22 +13,16 @@ jobs: uses: actions/checkout@v4 with: submodules: recursive - - name: Build the Docker image run: docker build . -t appwrite_image:latest - - name: Run Trivy vulnerability scanner on image - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'appwrite_image:latest' format: 'sarif' output: 'trivy-image-results.sarif' ignore-unfixed: 'false' severity: 'CRITICAL,HIGH' - env: - TRIVY_SKIP_DB_UPDATE: true - TRIVY_SKIP_JAVA_DB_UPDATE: true - - name: Upload Docker Image Scan Results uses: github/codeql-action/upload-sarif@v2 with: @@ -70,18 +34,13 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - - name: Run Trivy vulnerability scanner on filesystem - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@0.20.0 with: scan-type: 'fs' format: 'sarif' output: 'trivy-fs-results.sarif' severity: 'CRITICAL,HIGH' - env: - TRIVY_SKIP_DB_UPDATE: true - TRIVY_SKIP_JAVA_DB_UPDATE: true - - name: Upload Code Scan Results uses: github/codeql-action/upload-sarif@v2 with: diff --git a/.github/workflows/pr-scan.yml b/.github/workflows/pr-scan.yml index 1289efce11..eded58985d 100644 --- a/.github/workflows/pr-scan.yml +++ b/.github/workflows/pr-scan.yml @@ -26,27 +26,21 @@ jobs: tags: pr_image:${{ github.sha }} - name: Run Trivy vulnerability scanner on image - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'pr_image:${{ github.sha }}' format: 'json' output: 'trivy-image-results.json' severity: 'CRITICAL,HIGH' - env: - TRIVY_SKIP_DB_UPDATE: true - TRIVY_SKIP_JAVA_DB_UPDATE: true - name: Run Trivy vulnerability scanner on source code - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@0.20.0 with: scan-type: 'fs' scan-ref: '.' format: 'json' output: 'trivy-fs-results.json' severity: 'CRITICAL,HIGH' - env: - TRIVY_SKIP_DB_UPDATE: true - TRIVY_SKIP_JAVA_DB_UPDATE: true - name: Process Trivy scan results id: process-results From 59674fa90891f6065f79499432916e6d3c883e79 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Wed, 6 Nov 2024 16:32:31 +1300 Subject: [PATCH 4/4] Update database --- composer.json | 2 +- composer.lock | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/composer.json b/composer.json index dbd1575919..a04ca51d43 100644 --- a/composer.json +++ b/composer.json @@ -51,7 +51,7 @@ "utopia-php/cache": "0.11.*", "utopia-php/cli": "0.15.*", "utopia-php/config": "0.2.*", - "utopia-php/database": "0.53.15", + "utopia-php/database": "0.53.16", "utopia-php/domains": "0.5.*", "utopia-php/dsn": "0.2.1", "utopia-php/framework": "0.33.*", diff --git a/composer.lock b/composer.lock index 995afcd426..6dce436601 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "fb924a3640fb2c2e6e273718415f8205", + "content-hash": "b358198535c1867eabed7c0f99135a57", "packages": [ { "name": "adhocore/jwt", @@ -1724,16 +1724,16 @@ }, { "name": "utopia-php/database", - "version": "0.53.15", + "version": "0.53.16", "source": { "type": "git", "url": "https://github.com/utopia-php/database.git", - "reference": "2ed56d0e889f4612e54339cf55c1b751e5fe8d8f" + "reference": "6661edffeef05b59e16d102b989a72f7f78cf7de" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/database/zipball/2ed56d0e889f4612e54339cf55c1b751e5fe8d8f", - "reference": "2ed56d0e889f4612e54339cf55c1b751e5fe8d8f", + "url": "https://api.github.com/repos/utopia-php/database/zipball/6661edffeef05b59e16d102b989a72f7f78cf7de", + "reference": "6661edffeef05b59e16d102b989a72f7f78cf7de", "shasum": "" }, "require": { @@ -1774,9 +1774,9 @@ ], "support": { "issues": "https://github.com/utopia-php/database/issues", - "source": "https://github.com/utopia-php/database/tree/0.53.15" + "source": "https://github.com/utopia-php/database/tree/0.53.16" }, - "time": "2024-11-06T01:48:19+00:00" + "time": "2024-11-06T03:07:16+00:00" }, { "name": "utopia-php/domains",