Skip to content

Commit

Permalink
Merge branch 'main' into Update-octopus-integration-to-ingest-all-spaces
Browse files Browse the repository at this point in the history
  • Loading branch information
oiadebayo authored Oct 8, 2024
2 parents 4e3f7e9 + d07916c commit 4fb5b32
Show file tree
Hide file tree
Showing 131 changed files with 5,385 additions and 750 deletions.
24 changes: 20 additions & 4 deletions .github/workflows/core-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,12 @@ jobs:
run: |
make install
- name: Unit Test Core
env:
PYTEST_ADDOPTS: --junitxml=junit/unit-test-results-ocean/core.xml
run: |
make test
- name: Build core for smoke test
run: |
make build
Expand All @@ -42,15 +48,25 @@ jobs:
run: |
./scripts/run-smoke-test.sh
- name: Unit and Smoke Test Core
- name: Smoke Test Core
env:
PYTEST_ADDOPTS: --junitxml=junit/test-results-ocean/core.xml
PYTEST_ADDOPTS: --junitxml=junit/smoke-test-results-ocean/core.xml
PORT_CLIENT_ID: ${{ secrets.PORT_CLIENT_ID }}
PORT_CLIENT_SECRET: ${{ secrets.PORT_CLIENT_SECRET }}
PORT_BASE_URL: ${{ secrets.PORT_BASE_URL }}
SMOKE_TEST_SUFFIX: ${{ github.run_id }}
run: |
make test
make test/smoke
- name: Cleanup Smoke Test
env:
PYTEST_ADDOPTS: --junitxml=junit/smoke-test-results-ocean/core.xml
PORT_CLIENT_ID: ${{ secrets.PORT_CLIENT_ID }}
PORT_CLIENT_SECRET: ${{ secrets.PORT_CLIENT_SECRET }}
PORT_BASE_URL: ${{ secrets.PORT_BASE_URL }}
SMOKE_TEST_SUFFIX: ${{ github.run_id }}
run: |
make test/smoke
- name: Install current core for all integrations
run: |
Expand All @@ -66,7 +82,7 @@ jobs:
uses: mikepenz/action-junit-report@v4
if: ${{ always() }}
with:
report_paths: '**/junit/test-results-**/*.xml'
report_paths: '**/junit/**-test-results-**/*.xml'
include_passed: true
require_tests: true
fail_on_failure: true
2 changes: 1 addition & 1 deletion .github/workflows/create-new-sonarcloud-project.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
fetch-depth: 0
- name: Get all changed integrations
id: changed-integrations
uses: tj-actions/changed-files@v44
uses: tj-actions/changed-files@v45
with:
json: true
dir_names: true
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/detect-changes-matrix.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:

- name: Get list of changed files
id: changed-files
uses: tj-actions/changed-files@v45.0.2
uses: tj-actions/changed-files@v45
with:
dir_names: true
json: true
Expand All @@ -41,6 +41,7 @@ jobs:
integrations:
- 'integrations/**'
- '!integrations/**/*.md'
- '!integrations/_infra/*'
- name: Set integrations and all matrix
id: set-all-matrix
Expand Down
136 changes: 136 additions & 0 deletions .github/workflows/docker-images-security-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
name: Scan docker images
on:
workflow_dispatch:
inputs:
image:
type: choice
description: Image/s to scan
# This is a bit annoying, there's no real way to display the integrations dynamically in a dropdown for the action dispatcher
options:
- all
- aws
- azure-devops
- dynatrace
- fake-integration
- gcp
- jenkins
- kafka
- launchdarkly
- newrelic
- opencost
- pagerduty
- servicenow
- sonarqube
- terraform-cloud
- argocd
- azure
- datadog
- firehydrant
- gitlab
- jira
- kubecost
- linear
- octopus
- opsgenie
- sentry
- snyk
- statuspage
- wiz

jobs:
detect-images:
runs-on: ubuntu-latest
outputs:
images: ${{ steps.set-images.outputs.images }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4

- name: Determine which image to scan
id: set-images
run: |
PROJECTS=$(ls --color=never ./integrations | grep -Ev '_infra')
if [[ "${{ inputs.image }}" != "all" ]]; then
PROJECTS="${{ inputs.image }}"
fi
IMAGES_WITH_VERSIONS=()
for PROJECT in ${PROJECTS}; do
if [[ ! -f ./integrations/"${PROJECT}"/pyproject.toml ]]; then
continue
fi
VERSION=$(cat ./integrations/"${PROJECT}"/pyproject.toml | grep -E '^version = "(.*)"$' | awk -F ' ' '{print $3};' | sed 's/"//g')
if [[ -n ${VERSION} ]]; then
IMAGES_WITH_VERSIONS+=( "${PROJECT}:${VERSION}" )
fi
done
IMAGES=$(echo "${IMAGES_WITH_VERSIONS[@]}" | jq -R -s -c 'split(" ") | map(select(length > 0))')
echo "Images to scan: ${IMAGES}"
echo "images=${IMAGES}" >> $GITHUB_OUTPUT
scan-images:
needs: detect-images
runs-on: ubuntu-latest
strategy:
max-parallel: 2
matrix:
image: ${{ fromJson(needs.detect-images.outputs.images) }}
steps:
- name: Checkout Repo
uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: linux/amd64,linux/arm64

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Extract version and image tag
id: enrich-version
run: |
INTEGRATION=$(echo "${{ matrix.image }}" | awk -F ':' '{print $1};')
VERSION=$(echo "${{ matrix.image }}" | awk -F ':' '{print $2};')
IDENTIFIER="${INTEGRATION}-${VERSION}-${{ github.sha }}"
IMAGE_FULL_TAG="port-ocean-security-tests-${INTEGRATION}:${VERSON}${{ github.sha }}"
echo "integration=${INTEGRATION}" >> ${GITHUB_OUTPUT}
echo "version=${VERSION}" >> ${GITHUB_OUTPUT}
echo "identifier=${IDENTIFIER}" >> ${GITHUB_OUTPUT}
echo "image_tag=${IMAGE_FULL_TAG}" >> ${GITHUB_OUTPUT}
- name: Build
uses: docker/build-push-action@v6
with:
context: .
file: ./integrations/_infra/Dockerfile
platforms: linux/amd64
push: false
tags: ${{ steps.enrich-version.outputs.image_tag }}
load: true
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
BUILD_CONTEXT=./integrations/${{ steps.enrich-version.outputs.integration }}
INTEGRATION_VERSION=${{ steps.enrich-version.outputs.version }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: ${{ steps.enrich-version.outputs.image_tag }}
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
output: trivy-${{ steps.enrich-version.outputs.integration }}.txt

- name: Publish Trivy Output to Summary
run: |
if [[ -s trivy-${{ steps.enrich-version.outputs.integration }}.txt ]]; then
{
echo "### Security Output"
echo "<details><summary>Click to expand</summary>"
echo ""
echo '```terraform'
cat trivy-${{ steps.enrich-version.outputs.integration }}.txt
echo '```'
echo "</details>"
} >> $GITHUB_STEP_SUMMARY
fi
2 changes: 1 addition & 1 deletion .github/workflows/sonarcloud-integrations.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
fetch-depth: 0
- name: Get all changed integrations
id: changed-integrations
uses: tj-actions/changed-files@v44
uses: tj-actions/changed-files@v45
with:
json: true
dir_names: true
Expand Down
30 changes: 30 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,36 @@ this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm

<!-- towncrier release notes start -->

## 0.12.2 (2024-10-06)

### Improvements

- Added a util `semaphore_async_iterator` to enable seamless control over concurrent executions.


## 0.12.1 (2024-10-02)

### Bug Fixes

- Fixed a bug when running jq with iterator that caused the integration to crash
- Reverted image to `python:3.11-slim-buster` to fix the issue with the alpine image

## 0.12.0 (2024-10-01)

### Improvements

- Replace `python:3.11-slim-bookworm` with `python:3.11-alpine` to reduce dependencies and fix vulnerabilities

### Bug Fixes

- Fixed smoke tests to run concurrently and clean up after themselves

## 0.11.0 (2024-09-29)

### Improvements

- Replace pyjq with jq.py to bump jq version from 1.5.2 to 1.7.1

## 0.10.12 (2024-09-19)

### Bug Fixes
Expand Down
10 changes: 8 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ define deactivate_virtualenv
fi
endef

.SILENT: install install/all test/all lint lint/fix build run new test test/watch clean bump/integrations bump/single-integration execute/all
.SILENT: install install/all test/all test/smoke clean/smoke lint lint/fix build run new test test/watch clean bump/integrations bump/single-integration execute/all


# Install dependencies
Expand Down Expand Up @@ -115,7 +115,13 @@ new:
$(ACTIVATE) && poetry run ocean new ./integrations --public

test:
$(ACTIVATE) && pytest
$(ACTIVATE) && pytest -m 'not smoke'

test/smoke:
$(ACTIVATE) && SMOKE_TEST_SUFFIX=$${SMOKE_TEST_SUFFIX:-default_value} pytest -m smoke

clean/smoke:
$(ACTIVATE) && SMOKE_TEST_SUFFIX=$${SMOKE_TEST_SUFFIX:-default_value} python ./scripts/clean-smoke-test.py

test/watch:
$(ACTIVATE) && \
Expand Down
3 changes: 1 addition & 2 deletions integrations/_infra/init.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
if test -e /usr/local/share/ca-certificates/cert.crt; then
update-ca-certificates
fi

ocean sail
ocean sail
24 changes: 24 additions & 0 deletions integrations/argocd/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

<!-- towncrier release notes start -->

## 0.1.91 (2024-10-08)


### Improvements

- Bumped ocean version to ^0.12.2


## 0.1.90 (2024-10-01)


### Improvements

- Bumped ocean version to ^0.12.1


## 0.1.89 (2024-09-29)


### Improvements

- Bumped ocean version to ^0.11.0


## 0.1.88 (2024-09-22)


Expand Down
Loading

0 comments on commit 4fb5b32

Please sign in to comment.