⚡ update: sanitizer, lint, govulncheck, docker, workflow | fix lint P…

…OSIX sh | fix build and publish docker image

.github/workflows/ci.yaml

@@ -0,0 +1,48 @@
+#
+name: Create and publish a Docker image
+
+# Configures this workflow to run every time a change is pushed to the branch called `release`.
+on:
+  push:
+    branches: ["release-1.26-vngcloud-v2"]
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+      # 
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: ./docker
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/docker-image.yml

@@ -0,0 +1,22 @@
+name: Test build Docker Image CI
+
+on:
+  push:
+    branches: ["release-1.26-vngcloud-v2"]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build the Docker image
+        run: docker build -f ./docker/Dockerfile ./docker --tag my-image-name:$(date +%s)
+
+  build-alpine:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build the Docker image Alpine
+        run: docker build -f ./docker/alpine/Dockerfile ./docker/alpine --tag my-image-name-alpine:$(date +%s)

.github/workflows/golangci-lint.yml

@@ -2,16 +2,7 @@ name: golangci-lint
 on:
   push:
     branches:
-      - master
-  pull_request:
-    branches:
-      - master
-  schedule:
-    # Trigger every day at 16:00 UTC
-    - cron: '0 16 * * *'
-permissions:
-  contents: read # to fetch code (actions/checkout)
-  pull-requests: read # to fetch pull requests (golangci/golangci-lint-action)
+      - release-1.26-vngcloud-v2
 
 jobs:
   golangci:
@@ -20,7 +11,7 @@ jobs:
     steps:
       - uses: actions/setup-go@v3
         with:
-          go-version: '1.20'
+          go-version: "1.20"
       - uses: actions/checkout@v3
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3

.github/workflows/govulncheck.yml

@@ -2,18 +2,16 @@ name: govulncheck
 on:
   push:
     branches:
-      - master
-  schedule:
-    # Trigger every day at 16:00 UTC
-    - cron: '0 16 * * *'
+      - release-1.26-vngcloud-v2
+
 jobs:
   analyze:
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Scan for Vulnerabilities in Code
-        uses: Templum/govulncheck-action@v0.10.0
+        uses: golang/govulncheck-action@v1
         with:
-          go-version: '1.20'
-          vulncheck-version: v0.0.0-20230320232729-bfc1eaef17a4
-          package: ./...
+          go-version-input: 1.21.8
+          go-package: ./...

.github/workflows/linter.yml

@@ -16,10 +16,7 @@ name: Lint Code Base
 #############################
 on:
   push:
-    branches-ignore: [master, main]
-    # Remove the line above to run when pushing to master
-  pull_request:
-    branches: [master, main]
+    branches: ["release-1.26-vngcloud-v2"]
 
 ###############
 # Set the Job #
@@ -45,7 +42,7 @@ jobs:
       # Checkout the code base #
       ##########################
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0
@@ -54,12 +51,12 @@ jobs:
       # Run Linter against code base #
       ################################
       - name: Lint Code Base
-        uses: github/super-linter@v4.9.2
+        uses: super-linter/super-linter@v6.3.0
         env:
           VALIDATE_ALL_CODEBASE: false
-          DEFAULT_BRANCH: master
+          DEFAULT_BRANCH: release-1.26-vngcloud-v2
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          LINTER_RULES_PATH: '.'
+          LINTER_RULES_PATH: "."
           MARKDOWN_CONFIG_FILE: .markdownlint.yml
           VALIDATE_MARKDOWN: true
           VALIDATE_BASH: true

.github/workflows/readme-linter.yml

@@ -1,21 +1,22 @@
 name: Lint plugin readmes
 on:
-#  push:
-#    branches-ignore: master
-  pull_request:
-    branches: # Names of target branches, not source branches
-      - master
+  push:
+    branches:
+      - release-1.26-vngcloud-v2
+
 jobs:
   run-readme-linter:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v3
-      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21.8"
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v34.4.2
+        uses: tj-actions/changed-files@v42
         with:
           base_sha: ${{ github.event.pull_request.base.sha }}
           files: ./plugins/**/README.md

.github/workflows/semantic.yml

@@ -12,4 +12,3 @@ jobs:
     uses: influxdata/validate-semantic-github-messages/.github/workflows/semantic.yml@main
     with:
       CHECK_PR_TITLE_OR_ONE_COMMIT: true
-

Makefile

@@ -1,3 +1,12 @@
+.PHONY: build-package
+build-package:
+	rm -rf ./build/
+	NIGHTLY=vmonitor make package include_packages="amd64.deb"
+
+runn:
+	# ./telegraf --config telegraf_pro.conf
+	make build && ./telegraf --config telegraf_pro.conf
+
 ifneq (,$(filter $(OS),Windows_NT Windows))
 	EXEEXT=.exe
 endif
@@ -124,11 +133,12 @@ config:
 
 	rm -rf etc/telegraf.conf
 	cp -rf etc/telegraf_linux.conf etc/telegraf.conf
+	# cp -rf etc/telegraf_windows.conf etc/telegraf.conf
 
-	@if [ $(GOOS) = "windows" ]; then \
-		rm -rf etc/telegraf.conf \
-		cp -rf etc/telegraf_windows.conf etc/telegraf.conf; \
-	fi
+	# @if [ $(GOOS) = "windows" ]; then \
+	# 	rm -rf etc/telegraf.conf \
+	# 	cp -rf etc/telegraf_windows.conf etc/telegraf.conf; \
+	# fi
 
 .PHONY: docs
 docs: build_tools embed_readme_inputs embed_readme_outputs embed_readme_processors embed_readme_aggregators embed_readme_secretstores

docker/Dockerfile

@@ -0,0 +1,24 @@
+FROM buildpack-deps:bullseye-curl
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends iputils-ping snmp procps lm-sensors libcap2-bin && \
+    rm -rf /var/lib/apt/lists/*
+
+ENV TELEGRAF_VERSION 1.26.0-2.0.2
+RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" && \
+    case "${dpkgArch##*-}" in \
+      amd64) ARCH='amd64';; \
+      arm64) ARCH='arm64';; \
+      armhf) ARCH='armhf';; \
+      armel) ARCH='armel';; \
+      *)     echo "Unsupported architecture: ${dpkgArch}"; exit 1;; \
+    esac && \
+    wget --no-verbose https://github.com/vngcloud/vmonitor-metrics-agent/releases/download/${TELEGRAF_VERSION}/telegraf_nightly_${ARCH}.deb && \
+    dpkg -i telegraf_nightly_${ARCH}.deb && \
+    rm -f telegraf_nightly_${ARCH}.deb*
+
+EXPOSE 8125/udp 8092/udp 8094
+
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["telegraf"]

docker/alpine/Dockerfile

@@ -0,0 +1,36 @@
+FROM alpine:3.17
+
+RUN echo 'hosts: files dns' >> /etc/nsswitch.conf
+RUN apk add --no-cache iputils ca-certificates net-snmp-tools procps lm_sensors tzdata su-exec libcap && \
+    update-ca-certificates
+
+ENV TELEGRAF_VERSION 1.26.0-2.0.2
+
+RUN ARCH= && \
+    case "$(apk --print-arch)" in \
+        x86_64) ARCH='amd64';; \
+        aarch64) ARCH='arm64';; \
+        *) echo "Unsupported architecture: $(apk --print-arch)"; exit 1;; \
+    esac && \
+    set -ex && \
+    mkdir ~/.gnupg; \
+    echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf; \
+    apk add --no-cache --virtual .build-deps wget gnupg tar && \
+    wget --no-verbose https://github.com/vngcloud/vmonitor-metrics-agent/releases/download/${TELEGRAF_VERSION}/telegraf-nightly_static_linux_${ARCH}.tar.gz && \
+    mkdir -p /usr/src /etc/telegraf && \
+    tar -C /usr/src -xzf telegraf-nightly_static_linux_${ARCH}.tar.gz && \
+    mv /usr/src/telegraf*/etc/telegraf/telegraf.conf /etc/telegraf/ && \
+    mkdir /etc/telegraf/telegraf.d && \
+    cp -a /usr/src/telegraf*/usr/bin/telegraf /usr/bin/ && \
+    gpgconf --kill all && \
+    rm -rf *.tar.gz* /usr/src /root/.gnupg && \
+    apk del .build-deps && \
+    addgroup -S telegraf && \
+    adduser -S telegraf -G telegraf && \
+    chown -R telegraf:telegraf /etc/telegraf
+
+EXPOSE 8125/udp 8092/udp 8094
+
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["telegraf"]

docker/alpine/entrypoint.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+if [ "$(echo "$1" | cut -c1)" = '-' ]; then
+    set -- telegraf "$@"
+fi
+
+if [ "$(id -u)" -ne 0 ]; then
+    exec "$@"
+else
+    # Allow telegraf to send ICMP packets and bind to privliged ports
+    setcap cap_net_raw,cap_net_bind_service+ep /usr/bin/telegraf || echo "Failed to set additional capabilities on /usr/bin/telegraf"
+
+    exec su-exec telegraf "$@"
+fi

docker/entrypoint.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+if [ "${1:0:1}" = '-' ]; then
+    set -- telegraf "$@"
+fi
+
+if [ $EUID -ne 0 ]; then
+    exec "$@"
+else
+    # Allow telegraf to send ICMP packets and bind to privliged ports
+    setcap cap_net_raw,cap_net_bind_service+ep /usr/bin/telegraf || echo "Failed to set additional capabilities on /usr/bin/telegraf"
+
+    exec setpriv --reuid telegraf --init-groups "$@"
+fi