From 713251d5f744ab6633a15b3336adef6cf4d3af28 Mon Sep 17 00:00:00 2001 From: Philipp Pixel Date: Mon, 26 Aug 2024 17:29:11 +0200 Subject: [PATCH 1/6] #190 update BATS to 1.11, add docker default ARG values --- CHANGELOG.md | 7 +++++++ build/make/bats.mk | 2 +- build/make/bats/Dockerfile | 4 +++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7faaa0..78b4bdb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Changed +- `bats.mk`: + - Raise BATS image version to 1.11.0 + - set BATS's /workspace directory as safe git place to avoid git error `detected dubious ownership` + +### Fixed +- Remove Docker warning about potentially missing ARG default values [#190] ## [v9.1.0](https://github.com/cloudogu/makefiles/releases/tag/v9.1.0) 2024-06-28 ### Added diff --git a/build/make/bats.mk b/build/make/bats.mk index ce1319c..7e73553 100644 --- a/build/make/bats.mk +++ b/build/make/bats.mk @@ -9,7 +9,7 @@ BATS_SUPPORT=$(BATS_LIBRARY_DIR)/bats-support BATS_FILE=$(BATS_LIBRARY_DIR)/bats-file BATS_BASE_IMAGE?=bats/bats BATS_CUSTOM_IMAGE?=cloudogu/bats -BATS_TAG?=1.2.1 +BATS_TAG?=1.11.0 BATS_DIR=build/make/bats BATS_WORKDIR="${WORKDIR}"/"${BATS_DIR}" diff --git a/build/make/bats/Dockerfile b/build/make/bats/Dockerfile index 428ee05..ae6c090 100644 --- a/build/make/bats/Dockerfile +++ b/build/make/bats/Dockerfile @@ -1,7 +1,9 @@ ARG BATS_BASE_IMAGE ARG BATS_TAG -FROM ${BATS_BASE_IMAGE}:${BATS_TAG} +FROM ${BATS_BASE_IMAGE:-cloudogu/bats}:${BATS_TAG:-1.11.0} # Make bash more findable by scripts and tests RUN apk add make git bash +# suppress git "detected dubious ownership" error/warning for repos which are checked out later +RUN git config --global --add safe.directory /workspace \ No newline at end of file From 2e1b016ef8cdf9ee31dbdae967b31d12e86037fd Mon Sep 17 00:00:00 2001 From: Philipp Pixel Date: Wed, 28 Aug 2024 15:45:19 +0200 Subject: [PATCH 2/6] #190 Fix base image default value --- build/make/bats/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/make/bats/Dockerfile b/build/make/bats/Dockerfile index ae6c090..7167a94 100644 --- a/build/make/bats/Dockerfile +++ b/build/make/bats/Dockerfile @@ -1,7 +1,7 @@ ARG BATS_BASE_IMAGE ARG BATS_TAG -FROM ${BATS_BASE_IMAGE:-cloudogu/bats}:${BATS_TAG:-1.11.0} +FROM ${BATS_BASE_IMAGE:-bats/bats}:${BATS_TAG:-1.11.0} # Make bash more findable by scripts and tests RUN apk add make git bash From bd9ff0dcabcf6e949a360ce2cd54fa7867031101 Mon Sep 17 00:00:00 2001 From: Philipp Pixel Date: Wed, 28 Aug 2024 15:49:05 +0200 Subject: [PATCH 3/6] #190 Fix typo in CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 78b4bdb..35eda7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - `bats.mk`: - Raise BATS image version to 1.11.0 - - set BATS's /workspace directory as safe git place to avoid git error `detected dubious ownership` + - set BATS's /workspace directory as a safe git directory to avoid the git error `detected dubious ownership` ### Fixed - Remove Docker warning about potentially missing ARG default values [#190] From 14f5f32149de8d3471984f430472c48024da729c Mon Sep 17 00:00:00 2001 From: Nico Franzeck Date: Tue, 27 Aug 2024 16:27:42 +0200 Subject: [PATCH 4/6] Add make target to scan for vulnerabilities --- CHANGELOG.md | 3 +++ build/make/vulnerability-scan.mk | 13 +++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 build/make/vulnerability-scan.mk diff --git a/CHANGELOG.md b/CHANGELOG.md index 35eda7f..6c64a62 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Added +- Add make target to scan go repositories for vulnerabilities using [govulncheck](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck) + ### Changed - `bats.mk`: - Raise BATS image version to 1.11.0 diff --git a/build/make/vulnerability-scan.mk b/build/make/vulnerability-scan.mk new file mode 100644 index 0000000..5698206 --- /dev/null +++ b/build/make/vulnerability-scan.mk @@ -0,0 +1,13 @@ +##@ Vulnerability scan + +GOVULNCHECK_BIN=${UTILITY_BIN_PATH}/govulncheck +GOVULNCHECK_VERSION?=latest + +${GOVULNCHECK_BIN}: ${UTILITY_BIN_PATH} + $(call go-get-tool,$(GOVULNCHECK_BIN),golang.org/x/vuln/cmd/govulncheck@$(GOVULNCHECK_VERSION)) + +.PHONY: govulncheck +govulncheck: ${GOVULNCHECK_BIN} ## This target is used to scan the go repository against known vulnerabilities + @echo "Start vulnerability against repository" + ${GOVULNCHECK_BIN} -show verbose ./... + @echo "Finished scan" \ No newline at end of file From 4d402a91f736ee5a3ef2de69a56cfa8be5856fbe Mon Sep 17 00:00:00 2001 From: Philipp Pixel Date: Wed, 28 Aug 2024 15:58:57 +0200 Subject: [PATCH 5/6] #190 Name new make target `govulncheck` in CHANGELOG.md --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c64a62..ef785f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] ### Added -- Add make target to scan go repositories for vulnerabilities using [govulncheck](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck) +- Add make target `govulncheck` to scan go repositories for vulnerabilities using [govulncheck](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck) ### Changed - `bats.mk`: @@ -19,7 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [v9.1.0](https://github.com/cloudogu/makefiles/releases/tag/v9.1.0) 2024-06-28 ### Added -- Add support for remote runtimes and container-registries for k8s-make-targets [#18] +- Add support for remote runtimes and container-registries for k8s-make-targets [#188] - The make-targets for k8s like dogu-`build`, `helm-apply` or `component-apply` now support deploying to remote kubernetes-clusters ## [v9.0.5](https://github.com/cloudogu/makefiles/releases/tag/v9.0.5) 2024-05-23 From b2ae9f845589f9db6e3ab450888f3b8754bec3b4 Mon Sep 17 00:00:00 2001 From: Philipp Pixel Date: Wed, 28 Aug 2024 16:03:30 +0200 Subject: [PATCH 6/6] bump version v9.2.0 --- CHANGELOG.md | 2 ++ Makefile | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ef785f1..416c955 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] + +## [v9.2.0](https://github.com/cloudogu/makefiles/releases/tag/v9.2.0) 2024-08-28 ### Added - Add make target `govulncheck` to scan go repositories for vulnerabilities using [govulncheck](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck) diff --git a/Makefile b/Makefile index c6ce54a..4b0eef1 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # Set these to the desired values ARTIFACT_ID=makefiles -MAKEFILES_VERSION=9.1.0 +MAKEFILES_VERSION=9.2.0 VERSION=${MAKEFILES_VERSION} .DEFAULT_GOAL:=help