From 86ea5e15348b9518378d09d5cdae0cd8c2f01819 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Min=C3=A1=C5=99?= <michal.minar@id.ethz.ch> Date: Thu, 16 May 2024 16:21:59 +0200 Subject: [PATCH 1/5] prepare for renovate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit pinned dependency versions Signed-off-by: Michal Minář <michal.minar@id.ethz.ch> --- .gitlab-ci.yml | 9 +++------ .gitlab/lint.yaml | 2 +- image/Dockerfile | 18 ++++++++++++------ 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8df4a11..9fca8f9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,10 +4,12 @@ stages: - sast - test - build + - renovate include: - local: .gitlab/lint.yaml - remote: https://gitlab.com/ethz-hpc/pipelines/-/raw/main/scripts/container/build-push.yaml + - remote: https://gitlab.com/ethz-hpc/pipelines/-/raw/main/scripts/renovate.yaml - template: Security/Secret-Detection.gitlab-ci.yml - template: Security/SAST.gitlab-ci.yml @@ -24,7 +26,7 @@ workflow: when: never variables: - CACHE: "yes" + CACHE: auto pixiecore: variables: @@ -34,9 +36,4 @@ pixiecore: BUILD_EXTRA_ARGS="$BUILD_EXTRA_ARGS --build-arg=REVISION=${TAG:-$CI_COMMIT_SHORT_SHA} --build-arg=CREATED=$(date '+%Y-%m-%d %H:%M:%S%:z')" - # disable cache for tagged releases, default branch and schedules - - > - [ -z "$CI_COMMIT_TAG" ] && [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ] \ - && [ "$CI_PIPELINE_SOURCE" != "schedule" ] || CACHE=no - extends: .kaniko-build diff --git a/.gitlab/lint.yaml b/.gitlab/lint.yaml index f1f2b81..2db39c4 100644 --- a/.gitlab/lint.yaml +++ b/.gitlab/lint.yaml @@ -1,7 +1,7 @@ --- hadolint: stage: lint - image: registry.gitlab.com/pipeline-components/hadolint:latest + image: registry.gitlab.com/pipeline-components/hadolint:0.25.9 script: # DL3008 warning: Pin versions in apt get install. Instead of # `apt-get install <package>` use `apt-get install <package>=<version>` diff --git a/image/Dockerfile b/image/Dockerfile index 723e634..bd5b1fb 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,12 +1,16 @@ -ARG ALPINE_RELEASE=3 +ARG ALPINE_RELEASE=3.19 +ARG GOLANG_VERSION=1.21 +ARG NETBOOT_REVISION=64f6de6 +ARG GCOMPAT_VERSION=1.1.0 -FROM golang:1.21 as builder +FROM golang:${GOLANG_VERSION} as builder RUN rm -rf /app; mkdir /app WORKDIR /app -RUN git clone --depth 1 https://github.com/danderson/netboot.git . && \ +RUN git clone https://github.com/danderson/netboot.git . && \ + git checkout "${NETBOOT_REVISION}" && \ go build -o out/pixiecore ./cmd/pixiecore -FROM golang:1.21 as cmdline-builder +FROM golang:${GOLANG_VERSION} as cmdline-builder RUN rm -rf /app; mkdir /app WORKDIR /app COPY . . @@ -18,8 +22,10 @@ ARG REVISION ARG CREATED ARG ALPINE_RELEASE=3 -# hadolint ignore=DL3018 -RUN apk add --no-cache gcompat +# hadolint ignore=DL3019 +RUN apk update \ + && apk add gcompat~="${GCOMPAT_VERSION}" \ + && rm -rf /var/cache/apk/* COPY --from=builder /app/out/pixiecore /usr/local/bin/ COPY --from=cmdline-builder /app/cmdline-builder /usr/local/bin/ RUN chmod +x /usr/local/bin/pixiecore /usr/local/bin/cmdline-builder -- GitLab From 1c2378781f60dc69c48dfbbfe496618d594f9d7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Min=C3=A1=C5=99?= <michal.minar@id.ethz.ch> Date: Thu, 16 May 2024 16:28:44 +0200 Subject: [PATCH 2/5] fixup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michal Minář <michal.minar@id.ethz.ch> --- image/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/image/Dockerfile b/image/Dockerfile index bd5b1fb..9fef8d3 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,9 +1,8 @@ ARG ALPINE_RELEASE=3.19 ARG GOLANG_VERSION=1.21 -ARG NETBOOT_REVISION=64f6de6 -ARG GCOMPAT_VERSION=1.1.0 FROM golang:${GOLANG_VERSION} as builder +ARG NETBOOT_REVISION=64f6de6 RUN rm -rf /app; mkdir /app WORKDIR /app RUN git clone https://github.com/danderson/netboot.git . && \ @@ -20,7 +19,8 @@ FROM alpine:${ALPINE_RELEASE} ARG REVISION ARG CREATED -ARG ALPINE_RELEASE=3 +ARG ALPINE_RELEASE=3.19 +ARG GCOMPAT_VERSION=1.1.0 # hadolint ignore=DL3019 RUN apk update \ -- GitLab From f491c49f3bf5111f9b94db32dcc7e4fe9216abba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Min=C3=A1=C5=99?= <michal.minar@id.ethz.ch> Date: Thu, 16 May 2024 16:35:34 +0200 Subject: [PATCH 3/5] fixup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michal Minář <michal.minar@id.ethz.ch> --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9fca8f9..692d585 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,7 +9,8 @@ stages: include: - local: .gitlab/lint.yaml - remote: https://gitlab.com/ethz-hpc/pipelines/-/raw/main/scripts/container/build-push.yaml - - remote: https://gitlab.com/ethz-hpc/pipelines/-/raw/main/scripts/renovate.yaml + - remote: https://gitlab.com/ethz-hpc/pipelines/-/raw/main/scripts/renovate/config-lint.yaml + - remote: https://gitlab.com/ethz-hpc/pipelines/-/raw/main/scripts/renovate/run.yaml - template: Security/Secret-Detection.gitlab-ci.yml - template: Security/SAST.gitlab-ci.yml -- GitLab From f2a51e514411bd37d51616795699717c0ac4fdcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Min=C3=A1=C5=99?= <michal.minar@id.ethz.ch> Date: Thu, 16 May 2024 16:38:35 +0200 Subject: [PATCH 4/5] fixup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michal Minář <michal.minar@id.ethz.ch> --- .gitlab/lint.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.gitlab/lint.yaml b/.gitlab/lint.yaml index 2db39c4..62d5fb2 100644 --- a/.gitlab/lint.yaml +++ b/.gitlab/lint.yaml @@ -3,13 +3,11 @@ hadolint: stage: lint image: registry.gitlab.com/pipeline-components/hadolint:0.25.9 script: - # DL3008 warning: Pin versions in apt get install. Instead of - # `apt-get install <package>` use `apt-get install <package>=<version>` - - hadolint --ignore DL3008 image/Dockerfile + - hadolint image/Dockerfile yamllint: stage: lint - image: registry.gitlab.com/pipeline-components/yamllint:latest + image: registry.gitlab.com/pipeline-components/yamllint:0.31.1 script: - yamllint . rules: @@ -24,11 +22,9 @@ yamllint: markdownlint: stage: lint - image: registry.gitlab.com/pipeline-components/markdownlint:latest + image: registry.gitlab.com/pipeline-components/0.13.2 script: - # MD057 is broken as of now - # https://github.com/markdownlint/markdownlint/commit/f97a364ed880a690f509d144641b89ba16dd92e5 - - mdl --style all --rules ~MD057 --warnings . + - mdl --style all --warnings . golangci-lint: stage: lint -- GitLab From 27c53dc8ef15b9383d070b54922874a79ce26bfb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Min=C3=A1=C5=99?= <michal.minar@id.ethz.ch> Date: Thu, 16 May 2024 16:40:24 +0200 Subject: [PATCH 5/5] fixup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michal Minář <michal.minar@id.ethz.ch> --- .gitlab/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab/lint.yaml b/.gitlab/lint.yaml index 62d5fb2..0d7cccd 100644 --- a/.gitlab/lint.yaml +++ b/.gitlab/lint.yaml @@ -22,7 +22,7 @@ yamllint: markdownlint: stage: lint - image: registry.gitlab.com/pipeline-components/0.13.2 + image: registry.gitlab.com/pipeline-components/markdownlint:0.13.2 script: - mdl --style all --warnings . -- GitLab