Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade alpine from latest to 3.15.4 #4

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade alpine from latest to 3.15.4 #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
25dc0bf
Create sonarcloud.yml
sunmiaoa Nov 30, 2021
52577ec
Create sonar-project.properties
sunmiaoa Nov 30, 2021
92cb4f2
Update sonarcloud.yml
sunmiaoa Nov 30, 2021
67659a3
Update sonarcloud.yml
sunmiaoa Nov 30, 2021
7b0ad06
Update sonarcloud.yml
sunmiaoa Nov 30, 2021
b2c154a
Update sonarcloud.yml
sunmiaoa Nov 30, 2021
c273ee9
Update sonarcloud.yml
sunmiaoa Nov 30, 2021
3a70f26
Update sonarcloud.yml
sunmiaoa Nov 30, 2021
42b5931
Update sonarcloud.yml
sunmiaoa Nov 30, 2021
992e32b
Update sonarcloud.yml
sunmiaoa Nov 30, 2021
42fefbd
Update sonarcloud.yml
sunmiaoa Nov 30, 2021
45a3cef
Update sonarcloud.yml
sunmiaoa Nov 30, 2021
c55ecff
fix: Dockerfile.in to reduce vulnerabilities
snyk-bot Apr 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions .github/workflows/sonarcloud.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
name: sonarcloud
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
jobs:
build:
name: Build
runs-on: ubuntu-latest
env:
SONAR_SCANNER_VERSION: 4.4.0.2170
SONAR_SERVER_URL: "https://sonarcloud.io"
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
strategy:
matrix:
cmdline:
- ""
- "--enable-snmp --enable-snmp-rfc --enable-json --enable-dbus --disable-checksum-compat --enable-bfd --enable-asserts --disable-systemd"
- "--enable-dbus --enable-dbus-create-instance --disable-dynamic-linking --disable-fwmark --disable-lvs-syncd --enable-snmp-vrrp --enable-timer-check --disable-iptables --disable-nftables --disable-track-process"
- "--enable-dynamic-linking --disable-vrrp-auth --enable-snmp-rfc --disable-snmp-reply-v3-for-v2 --disable-nftables"
- "--disable-libnl --enable-snmp-checker"
- "--enable-conversion-checks --enable-stacktrace --enable-mem-check --enable-mem-check-log --disable-lvs-64bit-stats --enable-snmp-rfcv2"
- "--disable-lvs --enable-snmp-vrrp --enable-snmp-rfc --enable-json --enable-dbus --disable-routes --enable-bfd --disable-iptables --disable-linkbeat"
- "--disable-vrrp --enable-snmp-checker --enable-regex"
- "--disable-hardening --enable-dump-threads --enable-epoll-debug --enable-snmp-rfcv3 --enable-log-file --disable-libipset"
- "--enable-snmp-rfc --enable-snmp --enable-dbus --enable-json --enable-bfd --enable-regex --enable-sockaddr-storage"
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Download and set up sonar-scanner
env:
SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip
run: |
mkdir -p $HOME/.sonar
curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }}
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH
- name: Download and set up build-wrapper
env:
BUILD_WRAPPER_DOWNLOAD_URL: ${{ env.SONAR_SERVER_URL }}/static/cpp/build-wrapper-linux-x86.zip
run: |
curl -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }}
unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH
- name: Install Dependencies # added
run: sudo apt update && sudo apt install libsnmp-dev libxtables-dev libip4tc-dev libip6tc-dev libipset-dev libnfnetlink-dev libnl-3-dev libnl-genl-3-dev libnl-route-3-dev libssl-dev libmagic-dev libglib2.0-dev libpcre2-dev libmnl-dev libnftnl-dev libsystemd-dev
- name: Configure # added
run: |
./autogen.sh
./configure ${{ matrix.cmdline }}
- name: Run build-wrapper
run: |
build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make
- name: Run sonar-scanner
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
sonar-scanner --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}"
2 changes: 1 addition & 1 deletion Dockerfile.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:latest
FROM alpine:3.15.4
ARG GIT_VER=
ENV VER=@VERSION@
LABEL version=@VERSION@${GIT_VER}
Expand Down
12 changes: 12 additions & 0 deletions sonar-project.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
sonar.projectKey=PhoenixRedflash_keepalived
sonar.organization=phoenixredflash

# This is the name and version displayed in the SonarCloud UI.
#sonar.projectName=keepalived
#sonar.projectVersion=1.0

# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
#sonar.sources=.

# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8