From 25dc0bf89efcc5b93b87583e3ed017b3ff41aab0 Mon Sep 17 00:00:00 2001 From: Miao <33612304+sunmiaoa@users.noreply.github.com> Date: Tue, 30 Nov 2021 15:52:54 +0800 Subject: [PATCH 01/13] Create sonarcloud.yml --- .github/workflows/sonarcloud.yml | 47 ++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 .github/workflows/sonarcloud.yml diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 0000000000..b83323ef95 --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,47 @@ +name: Build +on: + push: + branches: + - master + pull_request: + types: [opened, synchronize, reopened] +jobs: + build: + name: Build + runs-on: ubuntu-latest + env: + SONAR_SCANNER_VERSION: 4.4.0.2170 + SONAR_SERVER_URL: "https://sonarcloud.io" + BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: Set up JDK 11 + uses: actions/setup-java@v1 + with: + java-version: 11 + - name: Download and set up sonar-scanner + env: + SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip + run: | + mkdir -p $HOME/.sonar + curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }} + unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ + echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH + - name: Download and set up build-wrapper + env: + BUILD_WRAPPER_DOWNLOAD_URL: ${{ env.SONAR_SERVER_URL }}/static/cpp/build-wrapper-linux-x86.zip + run: | + curl -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }} + unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ + echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH + - name: Run build-wrapper + run: | + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make clean all + - name: Run sonar-scanner + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + sonar-scanner --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" From 52577ece52ef686499afec8c9cf9eb4e63487e7f Mon Sep 17 00:00:00 2001 From: Miao <33612304+sunmiaoa@users.noreply.github.com> Date: Tue, 30 Nov 2021 15:53:29 +0800 Subject: [PATCH 02/13] Create sonar-project.properties --- sonar-project.properties | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 sonar-project.properties diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000000..e594a28521 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,12 @@ +sonar.projectKey=PhoenixRedflash_keepalived +sonar.organization=phoenixredflash + +# This is the name and version displayed in the SonarCloud UI. +#sonar.projectName=keepalived +#sonar.projectVersion=1.0 + +# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. +#sonar.sources=. + +# Encoding of the source code. Default is default system encoding +#sonar.sourceEncoding=UTF-8 From 92cb4f219071ce0f9fea2fa4d65b2337ed6d312a Mon Sep 17 00:00:00 2001 From: Miao <33612304+sunmiaoa@users.noreply.github.com> Date: Tue, 30 Nov 2021 15:55:26 +0800 Subject: [PATCH 03/13] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index b83323ef95..81e082dc37 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -1,4 +1,4 @@ -name: Build +name: sonarcloud on: push: branches: @@ -38,7 +38,7 @@ jobs: echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - name: Run build-wrapper run: | - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make clean all + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make help - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 67659a3c74cd01681814d64a15baec633e6af9fd Mon Sep 17 00:00:00 2001 From: Miao <33612304+sunmiaoa@users.noreply.github.com> Date: Tue, 30 Nov 2021 15:58:58 +0800 Subject: [PATCH 04/13] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 81e082dc37..a9b13ab8cd 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -38,7 +38,7 @@ jobs: echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - name: Run build-wrapper run: | - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make help + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 7b0ad06a803f85b024bfc2dc75dd892baea0dfdb Mon Sep 17 00:00:00 2001 From: Miao <33612304+sunmiaoa@users.noreply.github.com> Date: Tue, 30 Nov 2021 16:02:53 +0800 Subject: [PATCH 05/13] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index a9b13ab8cd..85c9331a23 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -38,7 +38,7 @@ jobs: echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - name: Run build-wrapper run: | - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From b2c154a92e82eafcf22e5b9d89a4aef60a8d5ad5 Mon Sep 17 00:00:00 2001 From: Miao <33612304+sunmiaoa@users.noreply.github.com> Date: Tue, 30 Nov 2021 16:20:00 +0800 Subject: [PATCH 06/13] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 85c9331a23..de8f0d0724 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -38,7 +38,7 @@ jobs: echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - name: Run build-wrapper run: | - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} automake - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From c273ee99fa1fe61237f05c0d93df606ce5901460 Mon Sep 17 00:00:00 2001 From: Miao <33612304+sunmiaoa@users.noreply.github.com> Date: Tue, 30 Nov 2021 16:21:50 +0800 Subject: [PATCH 07/13] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index de8f0d0724..d0bf7ba076 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -38,7 +38,7 @@ jobs: echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - name: Run build-wrapper run: | - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} automake + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} autoclean - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 3a70f260aa8ef93efbc660007fd3e139ba01f7ed Mon Sep 17 00:00:00 2001 From: Miao <33612304+sunmiaoa@users.noreply.github.com> Date: Tue, 30 Nov 2021 16:26:14 +0800 Subject: [PATCH 08/13] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index d0bf7ba076..f92c071f65 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -38,7 +38,7 @@ jobs: echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - name: Run build-wrapper run: | - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} autoclean + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ./configure --prefix=/usr/local/keepalived && make && make install - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 42b5931b5a8895244fa8e8224f0344b5c4e89f28 Mon Sep 17 00:00:00 2001 From: Miao <33612304+sunmiaoa@users.noreply.github.com> Date: Tue, 30 Nov 2021 16:44:46 +0800 Subject: [PATCH 09/13] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index f92c071f65..03cfb5e021 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -38,7 +38,7 @@ jobs: echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - name: Run build-wrapper run: | - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ./configure --prefix=/usr/local/keepalived && make && make install + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ./configure.ac && make - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 992e32be9dafd483bde61a11b8d8ab24943e1274 Mon Sep 17 00:00:00 2001 From: Miao <33612304+sunmiaoa@users.noreply.github.com> Date: Tue, 30 Nov 2021 16:48:43 +0800 Subject: [PATCH 10/13] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 03cfb5e021..4943a122d6 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -38,7 +38,7 @@ jobs: echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - name: Run build-wrapper run: | - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ./configure.ac && make + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} aclocal && autoconf && automake --add-missing && ./configure && make - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 42fefbd54ec9b78cc9feab8ff866f88b02a9895d Mon Sep 17 00:00:00 2001 From: Miao <33612304+sunmiaoa@users.noreply.github.com> Date: Tue, 30 Nov 2021 17:03:27 +0800 Subject: [PATCH 11/13] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 4943a122d6..2276b5a4a3 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -36,9 +36,14 @@ jobs: curl -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }} unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH + - name: Install Dependencies # added + run: sudo apt update && sudo apt install libsnmp-dev libxtables-dev libip4tc-dev libip6tc-dev libipset-dev libnfnetlink-dev libnl-3-dev libnl-genl-3-dev libnl-route-3-dev libssl-dev libmagic-dev libglib2.0-dev libpcre2-dev libmnl-dev libnftnl-dev libsystemd-dev + - name: Configure # added + run: | + ./autogen.sh - name: Run build-wrapper run: | - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} aclocal && autoconf && automake --add-missing && ./configure && make + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 45a3cef96c21c3ad9b12b97913e9a3bb0631494e Mon Sep 17 00:00:00 2001 From: Miao <33612304+sunmiaoa@users.noreply.github.com> Date: Tue, 30 Nov 2021 17:06:33 +0800 Subject: [PATCH 12/13] Update sonarcloud.yml --- .github/workflows/sonarcloud.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 2276b5a4a3..819d3ab33a 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -13,6 +13,19 @@ jobs: SONAR_SCANNER_VERSION: 4.4.0.2170 SONAR_SERVER_URL: "https://sonarcloud.io" BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed + strategy: + matrix: + cmdline: + - "" + - "--enable-snmp --enable-snmp-rfc --enable-json --enable-dbus --disable-checksum-compat --enable-bfd --enable-asserts --disable-systemd" + - "--enable-dbus --enable-dbus-create-instance --disable-dynamic-linking --disable-fwmark --disable-lvs-syncd --enable-snmp-vrrp --enable-timer-check --disable-iptables --disable-nftables --disable-track-process" + - "--enable-dynamic-linking --disable-vrrp-auth --enable-snmp-rfc --disable-snmp-reply-v3-for-v2 --disable-nftables" + - "--disable-libnl --enable-snmp-checker" + - "--enable-conversion-checks --enable-stacktrace --enable-mem-check --enable-mem-check-log --disable-lvs-64bit-stats --enable-snmp-rfcv2" + - "--disable-lvs --enable-snmp-vrrp --enable-snmp-rfc --enable-json --enable-dbus --disable-routes --enable-bfd --disable-iptables --disable-linkbeat" + - "--disable-vrrp --enable-snmp-checker --enable-regex" + - "--disable-hardening --enable-dump-threads --enable-epoll-debug --enable-snmp-rfcv3 --enable-log-file --disable-libipset" + - "--enable-snmp-rfc --enable-snmp --enable-dbus --enable-json --enable-bfd --enable-regex --enable-sockaddr-storage" steps: - uses: actions/checkout@v2 with: @@ -41,6 +54,7 @@ jobs: - name: Configure # added run: | ./autogen.sh + ./configure ${{ matrix.cmdline }} - name: Run build-wrapper run: | build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make From c55ecff5943bc90ab051bb90adba99719e50a428 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 6 Apr 2022 05:43:30 +0000 Subject: [PATCH 13/13] fix: Dockerfile.in to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE315-BUSYBOX-2440607 - https://snyk.io/vuln/SNYK-ALPINE315-BUSYBOX-2440607 --- Dockerfile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.in b/Dockerfile.in index bb00a17b0c..63a97a9130 100644 --- a/Dockerfile.in +++ b/Dockerfile.in @@ -1,4 +1,4 @@ -FROM alpine:latest +FROM alpine:3.15.4 ARG GIT_VER= ENV VER=@VERSION@ LABEL version=@VERSION@${GIT_VER}