From 79283fae4d990424f5349214500001595ad5fab9 Mon Sep 17 00:00:00 2001 From: florian Date: Mon, 15 Jul 2024 19:03:35 +0200 Subject: [PATCH 01/10] ci/cd - fix prestashop link --- examples/prestashop/tests.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/prestashop/tests.json b/examples/prestashop/tests.json index 354b54baf..ad419e293 100644 --- a/examples/prestashop/tests.json +++ b/examples/prestashop/tests.json @@ -6,7 +6,7 @@ "tests": [ { "type": "string", - "url": "https://www.example.com/administration", + "url": "https://www.example.com", "string": "prestashop", "tls": "www.example.com" } From 5428baea5c8394fa06a70d6628f91dc3863d6bc8 Mon Sep 17 00:00:00 2001 From: florian Date: Mon, 15 Jul 2024 20:41:25 +0200 Subject: [PATCH 02/10] ci/cd - increase prestashop delay --- examples/prestashop/tests.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/prestashop/tests.json b/examples/prestashop/tests.json index ad419e293..219a48655 100644 --- a/examples/prestashop/tests.json +++ b/examples/prestashop/tests.json @@ -2,7 +2,7 @@ "name": "prestashop", "kinds": ["docker", "autoconf", "swarm", "kubernetes"], "timeout": 240, - "delay": 240, + "delay": 300, "tests": [ { "type": "string", From 352170a53e6b0a1d32967422e52aec29abb0be63 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Jul 2024 07:42:25 +0000 Subject: [PATCH 03/10] deps/gha: Bump docker/build-push-action from 6.3.0 to 6.4.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/1a162644f9a7e87d8f4b053101d1d9a712edc18c...a254f8ca60a858f3136a2f1f23a60969f2c402dd) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/container-build.yml | 4 ++-- .github/workflows/linux-build.yml | 6 +++--- .github/workflows/push-docker.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index 192c14e0d..7612d3f06 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -92,7 +92,7 @@ jobs: # Build cached image - name: Build image if: inputs.CACHE == true - uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 + uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 with: context: . file: ${{ inputs.DOCKERFILE }} @@ -105,7 +105,7 @@ jobs: # Build non-cached image - name: Build image if: inputs.CACHE != true - uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 + uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 with: context: . file: ${{ inputs.DOCKERFILE }} diff --git a/.github/workflows/linux-build.yml b/.github/workflows/linux-build.yml index 5300e7ae2..41766a5e4 100644 --- a/.github/workflows/linux-build.yml +++ b/.github/workflows/linux-build.yml @@ -94,7 +94,7 @@ jobs: # Build testing package image - name: Build package image if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui' - uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 + uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 with: context: . load: true @@ -106,7 +106,7 @@ jobs: # Build non-testing package image - name: Build package image if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev' - uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 + uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 with: context: . load: true @@ -142,7 +142,7 @@ jobs: images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }} - name: Build test image if: inputs.TEST == true - uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 + uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 with: context: . file: tests/linux/Dockerfile-${{ inputs.LINUX }} diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index 94b87bab8..bd0ecb3eb 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -70,7 +70,7 @@ jobs: images: bunkerity/${{ inputs.IMAGE }} # Build and push - name: Build and push - uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 + uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 with: context: . file: ${{ inputs.DOCKERFILE }} From 7a1aac61a42ca88d233d4af1f9de74d187e524c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Tue, 16 Jul 2024 09:31:26 +0100 Subject: [PATCH 04/10] Refactor Dockerfile permissions for bwcli files --- src/linux/Dockerfile-debian | 1 + src/linux/Dockerfile-fedora | 1 + src/linux/Dockerfile-rhel | 1 + src/linux/Dockerfile-rhel9 | 1 + src/linux/Dockerfile-ubuntu | 1 + src/linux/Dockerfile-ubuntu-jammy | 1 + src/scheduler/Dockerfile | 1 + 7 files changed, 7 insertions(+) diff --git a/src/linux/Dockerfile-debian b/src/linux/Dockerfile-debian index 49afb5d20..bf4cbe960 100644 --- a/src/linux/Dockerfile-debian +++ b/src/linux/Dockerfile-debian @@ -87,6 +87,7 @@ RUN cp helpers/bwcli /usr/bin/ && \ chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \ chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \ find core/*/jobs/* -type f -exec chmod 750 {} \; && \ + find core/*/bwcli/* -type f -exec chmod 750 {} \; && \ chmod 755 . # Cleanup diff --git a/src/linux/Dockerfile-fedora b/src/linux/Dockerfile-fedora index 099c214ef..ccaff0c3b 100644 --- a/src/linux/Dockerfile-fedora +++ b/src/linux/Dockerfile-fedora @@ -83,6 +83,7 @@ RUN cp helpers/bwcli /usr/bin/ && \ chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \ chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \ find core/*/jobs/* -type f -exec chmod 750 {} \; && \ + find core/*/bwcli/* -type f -exec chmod 750 {} \; && \ chmod 755 . # Cleanup diff --git a/src/linux/Dockerfile-rhel b/src/linux/Dockerfile-rhel index 12d89d814..45e5a7e94 100644 --- a/src/linux/Dockerfile-rhel +++ b/src/linux/Dockerfile-rhel @@ -95,6 +95,7 @@ RUN cp helpers/bwcli /usr/bin/ && \ chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \ chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \ find core/*/jobs/* -type f -exec chmod 750 {} \; && \ + find core/*/bwcli/* -type f -exec chmod 750 {} \; && \ chmod 755 . # Cleanup diff --git a/src/linux/Dockerfile-rhel9 b/src/linux/Dockerfile-rhel9 index 9eb5a2d5f..5d4222b75 100644 --- a/src/linux/Dockerfile-rhel9 +++ b/src/linux/Dockerfile-rhel9 @@ -100,6 +100,7 @@ RUN cp helpers/bwcli /usr/bin/ && \ chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \ chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \ find core/*/jobs/* -type f -exec chmod 750 {} \; && \ + find core/*/bwcli/* -type f -exec chmod 750 {} \; && \ chmod 755 . # Cleanup diff --git a/src/linux/Dockerfile-ubuntu b/src/linux/Dockerfile-ubuntu index c875fc051..0213a0a00 100644 --- a/src/linux/Dockerfile-ubuntu +++ b/src/linux/Dockerfile-ubuntu @@ -87,6 +87,7 @@ RUN cp helpers/bwcli /usr/bin/ && \ chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \ chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \ find core/*/jobs/* -type f -exec chmod 750 {} \; && \ + find core/*/bwcli/* -type f -exec chmod 750 {} \; && \ chmod 755 . # Cleanup diff --git a/src/linux/Dockerfile-ubuntu-jammy b/src/linux/Dockerfile-ubuntu-jammy index 68b48aba9..23c6b9764 100644 --- a/src/linux/Dockerfile-ubuntu-jammy +++ b/src/linux/Dockerfile-ubuntu-jammy @@ -87,6 +87,7 @@ RUN cp helpers/bwcli /usr/bin/ && \ chmod 770 /var/cache/bunkerweb/ /var/tmp/bunkerweb/ /var/run/bunkerweb/ && \ chmod 750 gen/*.py scheduler/*.py cli/*.py ui/*.py ui/src/*.py helpers/*.sh /var/www/ && \ find core/*/jobs/* -type f -exec chmod 750 {} \; && \ + find core/*/bwcli/* -type f -exec chmod 750 {} \; && \ chmod 755 . # Cleanup diff --git a/src/scheduler/Dockerfile b/src/scheduler/Dockerfile index 776b04530..325665024 100644 --- a/src/scheduler/Dockerfile +++ b/src/scheduler/Dockerfile @@ -59,6 +59,7 @@ RUN apk add --no-cache bash unzip libgcc libstdc++ libpq openssl libmagic mariad chown -R root:scheduler INTEGRATION /data /etc/nginx /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /usr/bin/bwcli && \ chmod -R 770 /data /etc/nginx /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb && \ find core/*/jobs/* -type f -exec chmod 750 {} \; && \ + find core/*/bwcli/* -type f -exec chmod 750 {} \; && \ chmod 750 cli/main.py gen/*.py scheduler/main.py scheduler/entrypoint.sh helpers/*.sh deps/python/bin/* /usr/bin/bwcli && \ chmod 660 INTEGRATION From b7776bf3f5c2d997f923ec7f6024ed815b79ee91 Mon Sep 17 00:00:00 2001 From: florian Date: Tue, 16 Jul 2024 18:13:01 +0200 Subject: [PATCH 05/10] ci/cd - temp disable prestashop tests --- examples/prestashop/{tests.json => tests.json.backup} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename examples/prestashop/{tests.json => tests.json.backup} (100%) diff --git a/examples/prestashop/tests.json b/examples/prestashop/tests.json.backup similarity index 100% rename from examples/prestashop/tests.json rename to examples/prestashop/tests.json.backup From 6c3e8a42b8d2fbec47bf450f89a0c76a6eef7fab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Wed, 17 Jul 2024 09:58:19 +0100 Subject: [PATCH 06/10] Add more logs when fetching docker/kubernetes logs in web UI --- src/ui/main.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ui/main.py b/src/ui/main.py index 4894f58fd..1332bbfb9 100755 --- a/src/ui/main.py +++ b/src/ui/main.py @@ -2022,7 +2022,7 @@ def logs_container(container_id): logs = [] tmp_logs = [] - if docker_client: + if INTEGRATION in ("Docker", "Swarm", "Autoconf"): try: if INTEGRATION != "Swarm": docker_logs = docker_client.containers.get(container_id).logs( # type: ignore @@ -2041,6 +2041,7 @@ def logs_container(container_id): tmp_logs = docker_logs.decode("utf-8", errors="replace").split("\n")[0:-1] except docker_NotFound: + app.logger.exception(f"Could not get logs for container {container_id}") return ( jsonify( { @@ -2050,7 +2051,7 @@ def logs_container(container_id): ), 404, ) - elif kubernetes_client: + elif INTEGRATION == "Kubernetes": try: kubernetes_logs = kubernetes_client.read_namespaced_pod_log( container_id, @@ -2060,6 +2061,7 @@ def logs_container(container_id): ) tmp_logs = kubernetes_logs.split("\n")[0:-1] except kube_ApiException: + app.logger.exception(f"Could not get logs for pod {container_id}") return ( jsonify( { From de5f37bf67d1a2182a5a4c8cd6673c4e97268175 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Wed, 17 Jul 2024 10:39:46 +0100 Subject: [PATCH 07/10] feat: Add role to allow web UI to read bunkerweb pods logs in Kubernetes examples in documentation --- docs/integrations.md | 2 ++ docs/web-ui.md | 83 ++++++++++++++++++++++++++++++++++++-------- 2 files changed, 71 insertions(+), 14 deletions(-) diff --git a/docs/integrations.md b/docs/integrations.md index edf642c4b..c20b6689b 100644 --- a/docs/integrations.md +++ b/docs/integrations.md @@ -714,6 +714,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: sa-bunkerweb + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -745,6 +746,7 @@ spec: annotations: bunkerweb.io/INSTANCE: "yes" spec: + serviceAccountName: sa-bunkerweb containers: # using bunkerweb as name is mandatory - name: bunkerweb diff --git a/docs/web-ui.md b/docs/web-ui.md index 914ea9f97..4b1cdbf52 100644 --- a/docs/web-ui.md +++ b/docs/web-ui.md @@ -418,10 +418,21 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th resources: ["ingresses"] verbs: ["get", "watch", "list"] --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + namespace: default + name: role-bunkerweb-logs + rules: + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get"] + --- apiVersion: v1 kind: ServiceAccount metadata: name: sa-bunkerweb + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -437,6 +448,20 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th name: cr-bunkerweb apiGroup: rbac.authorization.k8s.io --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: rolebinding-bunkerweb-logs + namespace: default + subjects: + - kind: ServiceAccount + name: sa-bunkerweb + namespace: default + roleRef: + kind: Role + name: role-bunkerweb-logs + apiGroup: rbac.authorization.k8s.io + --- apiVersion: apps/v1 kind: DaemonSet metadata: @@ -453,6 +478,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th annotations: bunkerweb.io/INSTANCE: "yes" spec: + serviceAccountName: sa-bunkerweb containers: # using bunkerweb as name is mandatory - name: bunkerweb @@ -534,7 +560,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th env: - name: KUBERNETES_MODE value: "yes" - - name: "DATABASE_URI" + - name: DATABASE_URI value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db" --- apiVersion: apps/v1 @@ -561,7 +587,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th env: - name: KUBERNETES_MODE value: "yes" - - name: "DATABASE_URI" + - name: DATABASE_URI value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db" --- apiVersion: apps/v1 @@ -608,14 +634,14 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th env: - name: MYSQL_RANDOM_ROOT_PASSWORD value: "yes" - - name: "MYSQL_DATABASE" + - name: MYSQL_DATABASE value: "db" - - name: "MYSQL_USER" + - name: MYSQL_USER value: "bunkerweb" - - name: "MYSQL_PASSWORD" + - name: MYSQL_PASSWORD value: "changeme" volumeMounts: - - mountPath: "/var/lib/mysql" + - mountPath: /var/lib/mysql name: vol-db volumes: - name: vol-db @@ -646,7 +672,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th env: - name: KUBERNETES_MODE value: "YES" - - name: "DATABASE_URI" + - name: DATABASE_URI value: "mariadb+pymysql://bunkerweb:testor@svc-bunkerweb-db:3306/db" --- apiVersion: v1 @@ -1264,10 +1290,21 @@ After a successful login/password combination, you will be prompted to enter you resources: ["ingresses"] verbs: ["get", "watch", "list"] --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + namespace: default + name: role-bunkerweb-logs + rules: + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get"] + --- apiVersion: v1 kind: ServiceAccount metadata: name: sa-bunkerweb + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -1283,6 +1320,20 @@ After a successful login/password combination, you will be prompted to enter you name: cr-bunkerweb apiGroup: rbac.authorization.k8s.io --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: rolebinding-bunkerweb-logs + namespace: default + subjects: + - kind: ServiceAccount + name: sa-bunkerweb + namespace: default + roleRef: + kind: Role + name: role-bunkerweb-logs + apiGroup: rbac.authorization.k8s.io + --- apiVersion: apps/v1 kind: DaemonSet metadata: @@ -1299,6 +1350,7 @@ After a successful login/password combination, you will be prompted to enter you annotations: bunkerweb.io/INSTANCE: "yes" spec: + serviceAccountName: sa-bunkerweb containers: # using bunkerweb as name is mandatory - name: bunkerweb @@ -1377,7 +1429,7 @@ After a successful login/password combination, you will be prompted to enter you env: - name: KUBERNETES_MODE value: "yes" - - name: "DATABASE_URI" + - name: DATABASE_URI value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db" --- apiVersion: apps/v1 @@ -1404,7 +1456,7 @@ After a successful login/password combination, you will be prompted to enter you env: - name: KUBERNETES_MODE value: "yes" - - name: "DATABASE_URI" + - name: DATABASE_URI value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db" --- apiVersion: apps/v1 @@ -1451,14 +1503,14 @@ After a successful login/password combination, you will be prompted to enter you env: - name: MYSQL_RANDOM_ROOT_PASSWORD value: "yes" - - name: "MYSQL_DATABASE" + - name: MYSQL_DATABASE value: "db" - - name: "MYSQL_USER" + - name: MYSQL_USER value: "bunkerweb" - - name: "MYSQL_PASSWORD" + - name: MYSQL_PASSWORD value: "changeme" volumeMounts: - - mountPath: "/var/lib/mysql" + - mountPath: /var/lib/mysql name: vol-db volumes: - name: vol-db @@ -1493,7 +1545,7 @@ After a successful login/password combination, you will be prompted to enter you value: "changeme" - name: KUBERNETES_MODE value: "YES" - - name: "DATABASE_URI" + - name: DATABASE_URI value: "mariadb+pymysql://bunkerweb:testor@svc-bunkerweb-db:3306/db" --- apiVersion: v1 @@ -1564,6 +1616,9 @@ After a successful login/password combination, you will be prompted to enter you metadata: name: ingress annotations: + bunkerweb.io/www.example.com_SERVE_FILES: "no" + bunkerweb.io/www.example.com_USE_CLIENT_CACHE: "yes" + bunkerweb.io/www.example.com_USE_GZIP: "yes" bunkerweb.io/www.example.com_USE_UI: "yes" bunkerweb.io/www.example.com_INTERCEPTED_ERROR_CODES: '400 404 405 413 429 500 501 502 503 504' bunkerweb.io/www.example.com_MAX_CLIENT_SIZE: '50m' From 38deb50eec06126dcea413eda492a84e2755d5f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Jul 2024 07:27:55 +0000 Subject: [PATCH 08/10] deps/gha: Bump docker/build-push-action from 6.4.0 to 6.4.1 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.4.0 to 6.4.1. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/a254f8ca60a858f3136a2f1f23a60969f2c402dd...1ca370b3a9802c92e886402e0dd88098a2533b12) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/container-build.yml | 4 ++-- .github/workflows/linux-build.yml | 6 +++--- .github/workflows/push-docker.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index 7612d3f06..d333c1de5 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -92,7 +92,7 @@ jobs: # Build cached image - name: Build image if: inputs.CACHE == true - uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 + uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 with: context: . file: ${{ inputs.DOCKERFILE }} @@ -105,7 +105,7 @@ jobs: # Build non-cached image - name: Build image if: inputs.CACHE != true - uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 + uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 with: context: . file: ${{ inputs.DOCKERFILE }} diff --git a/.github/workflows/linux-build.yml b/.github/workflows/linux-build.yml index 41766a5e4..aaf289125 100644 --- a/.github/workflows/linux-build.yml +++ b/.github/workflows/linux-build.yml @@ -94,7 +94,7 @@ jobs: # Build testing package image - name: Build package image if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui' - uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 + uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 with: context: . load: true @@ -106,7 +106,7 @@ jobs: # Build non-testing package image - name: Build package image if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev' - uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 + uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 with: context: . load: true @@ -142,7 +142,7 @@ jobs: images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }} - name: Build test image if: inputs.TEST == true - uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 + uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 with: context: . file: tests/linux/Dockerfile-${{ inputs.LINUX }} diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index bd0ecb3eb..adbe20e1f 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -70,7 +70,7 @@ jobs: images: bunkerity/${{ inputs.IMAGE }} # Build and push - name: Build and push - uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0 + uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 with: context: . file: ${{ inputs.DOCKERFILE }} From e283f9e7f4523a192dc21344a0a7043d287b94e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Jul 2024 07:20:51 +0000 Subject: [PATCH 09/10] deps/gha: Bump softprops/action-gh-release from 2.0.6 to 2.0.8 Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.6 to 2.0.8. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/a74c6b72af54cfa997e81df42d94703d6313a2d0...c062e08bd532815e2082a85e87e3ef29c3e6d191) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/push-github.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push-github.yml b/.github/workflows/push-github.yml index 73acddc88..39fb49cc8 100644 --- a/.github/workflows/push-github.yml +++ b/.github/workflows/push-github.yml @@ -51,7 +51,7 @@ jobs: # Create release - name: Create release if: inputs.VERSION != 'testing' - uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 with: body: | Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/ @@ -75,7 +75,7 @@ jobs: # Create release - name: Create release if: inputs.VERSION == 'testing' - uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 with: body: | **The testing version of BunkerWeb should not be used in production, please use the latest stable version instead.** From bae78df2a8623638316a9edaeb811e046e8887e0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 07:13:26 +0000 Subject: [PATCH 10/10] deps/gha: Bump github/codeql-action from 3.25.12 to 3.25.13 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.13. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4fa2a7953630fd2f3fb380f21be14ede0169dd4f...2d790406f505036ef40ecba973cc774a50395aac) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6375ebf79..729a9f8f3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -35,12 +35,12 @@ jobs: python -m pip install --no-cache-dir --require-hashes -r src/common/db/requirements.txt echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV - name: Initialize CodeQL - uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 with: languages: ${{ matrix.language }} config-file: ./.github/codeql.yml setup-python-dependencies: false - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 4d35e34c0..64f533707 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -25,6 +25,6 @@ jobs: results_format: sarif publish_results: true - name: "Upload SARIF results to code scanning" - uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 with: sarif_file: results.sarif