diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index aa2edcdb..5b7c9e98 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -36,25 +36,31 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Login to Dockerhub + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_RO_TOKEN }} + - name: Login to Artifactory if: ${{ github.event_name == 'push' }} uses: docker/login-action@v3 with: - registry: splitio-docker.jfrog.io - username: ${{ secrets.ARTIFACTORY_DOCKER_USER }} + registry: ${{ vars.ARTIFACTORY_DOCKER_REGISTRY }} + username: ${{ vars.ARTIFACTORY_DOCKER_USER }} password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }} - name: Get version run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV - name: Docker Build and Push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: docker/Dockerfile.${{ matrix.app }} push: ${{ github.event_name == 'push' }} platforms: linux/amd64,linux/arm64 - tags: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }},splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }}:latest + tags: ${{ vars.ARTIFACTORY_DOCKER_REGISTRY }}/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }},${{ vars.ARTIFACTORY_DOCKER_REGISTRY }}/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || '' }}:latest build-args: | FIPS_MODE=${{ matrix.fips_mode }} @@ -77,21 +83,28 @@ jobs: - name: Get version run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV + - name: Login to Dockerhub + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_RO_TOKEN }} + - name: Docker Build and Push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: docker/Dockerfile.${{ matrix.app }} push: false - tags: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }} + tags: ${{ vars.ARTIFACTORY_DOCKER_REGISTRY }}/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}}:${{ env.VERSION }} build-args: | FIPS_MODE=${{ matrix.fips_mode }} - name: Scan container using Lacework - uses: lacework/lw-scanner-action@v1.4.1 + uses: lacework/lw-scanner-action@v1.4.3 with: - LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }} + LW_ACCOUNT_NAME: ${{ vars.LW_ACCOUNT_NAME }} LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }} - IMAGE_NAME: splitio-docker.jfrog.io/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}} + IMAGE_NAME: ${{ vars.ARTIFACTORY_DOCKER_REGISTRY }}/split-${{ matrix.app }}${{ matrix.fips_mode == 'enabled' && '-fips' || ''}} IMAGE_TAG: ${{ env.VERSION }} SAVE_RESULTS_IN_LACEWORK: true + RESULTS_IN_GITHUB_SUMMARY: true diff --git a/.github/workflows/s3.yml b/.github/workflows/s3.yml new file mode 100644 index 00000000..f2503c3b --- /dev/null +++ b/.github/workflows/s3.yml @@ -0,0 +1,48 @@ +name: cd + +on: + push: + branches: + - master + pull_request: + branches: + - master + +permissions: + contents: read + id-token: write + +jobs: + build-publish: + name: Build and publish to S3 + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: '1.23.3' + + - name: Create build folder + run: mkdir -p build + + - name: Execute build + run: make release_assets + + - name: Configure AWS credentials + if: ${{ github.event_name == 'push' }} + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::825951051969:role/gha-downloads-role + aws-region: us-east-1 + + - name: Deploy to S3 + if: ${{ github.event_name == 'push' }} + run: aws s3 sync $SOURCE_DIR s3://$BUCKET + env: + BUCKET: downloads.split.io + SOURCE_DIR: ./build diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4978563c..c9e9f090 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,6 +1,9 @@ name: test on: + push: + branches: + - master pull_request: branches-ignore: - none @@ -12,6 +15,9 @@ jobs: services: redis: image: redis + credentials: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_RO_TOKEN }} ports: - 6379:6379 steps: @@ -23,7 +29,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version: '^1.13.1' + go-version: '1.23.3' - name: Get version run: echo "VERSION=$(awk '/^const Version/{gsub(/"/, "", $4); print $4}' splitio/version.go)" >> $GITHUB_ENV @@ -31,14 +37,9 @@ jobs: - name: Run test run: make test_coverage - - name: Create build folder - run: mkdir -p build - - - name: Build assets - run: make release_assets - - name: SonarQube Scan (Pull Request) - uses: SonarSource/sonarcloud-github-action@v2 + if: ${{ github.event_name == 'pull_request' }} + uses: SonarSource/sonarcloud-github-action@v3 env: SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} with: @@ -49,3 +50,14 @@ jobs: -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }} -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }} + + - name: SonarQube Scan (Push) + if: ${{ github.event_name == 'push' }} + uses: SonarSource/sonarcloud-github-action@v3 + env: + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + with: + projectBaseDir: . + args: > + -Dsonar.host.url=${{ vars.SONARQUBE_HOST }} + -Dsonar.projectVersion=${{ env.VERSION }} diff --git a/.github/workflows/unstable.yml b/.github/workflows/unstable.yml index 95f29555..c3b573e3 100644 --- a/.github/workflows/unstable.yml +++ b/.github/workflows/unstable.yml @@ -29,18 +29,24 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Login to Dockerhub + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_RO_TOKEN }} + - name: Login to Artifactory uses: docker/login-action@v3 with: registry: splitio-docker-dev.jfrog.io - username: ${{ secrets.ARTIFACTORY_DOCKER_USER }} + username: ${{ vars.ARTIFACTORY_DOCKER_USER }} password: ${{ secrets.ARTIFACTORY_DOCKER_PASS }} - name: Get short hash run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - name: Docker Build and Push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . file: docker/Dockerfile.${{ matrix.app }} diff --git a/CHANGES.txt b/CHANGES.txt index 0f96f826..c24de552 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,8 +1,14 @@ + 5.9.0 (Dec 2, 2024) - Split Proxy: - Added support for targeting rules based on large segments. - Added `/memberships` endpoint to support SDKs running with large segments. +5.8.3 (Nov 22, 2024) +- Fixed vulnerabilities: + - Updated debian image to 12.8 + - Updated golang image to 1.23.3 + 5.8.2 (Sep 17, 2024) - Fixed healthcheck monitor for cases with no segments. - Updated go-split-commons version to v6.0.1. @@ -10,7 +16,7 @@ 5.8.1 (Jul 12, 2024) - Fixed vulnerabilities: - Updated debian image to 12.6 - - Updated gin-contrib/cors to 1.6.0 + - Updated gin-contrib/cors to 1.6.0 - Updated golang image to 1.22.5 5.8.0 (May 14, 2024) diff --git a/docker/Dockerfile.proxy b/docker/Dockerfile.proxy index 0b874f08..f44f1074 100644 --- a/docker/Dockerfile.proxy +++ b/docker/Dockerfile.proxy @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.22.5-bookworm AS builder +FROM golang:1.23.3-bookworm AS builder ARG EXTRA_BUILD_ARGS ARG FIPS_MODE @@ -17,7 +17,7 @@ RUN bash -c 'if [[ "${FIPS_MODE}" = "enabled" ]]; \ fi' # Runner stage -FROM debian:12.6 AS runner +FROM debian:12.8 AS runner RUN apt update -y RUN apt install -y bash ca-certificates diff --git a/docker/Dockerfile.synchronizer b/docker/Dockerfile.synchronizer index eee3406c..542e1c7f 100644 --- a/docker/Dockerfile.synchronizer +++ b/docker/Dockerfile.synchronizer @@ -1,5 +1,5 @@ # Build stage -FROM golang:1.22.5-bookworm AS builder +FROM golang:1.23.3-bookworm AS builder ARG EXTRA_BUILD_ARGS ARG FIPS_MODE @@ -17,7 +17,7 @@ RUN bash -c 'if [[ "${FIPS_MODE}" = "enabled" ]]; \ fi' # Runner stage -FROM debian:12.6 AS runner +FROM debian:12.8 AS runner RUN apt update -y RUN apt install -y bash ca-certificates diff --git a/go.mod b/go.mod index 1c20cdf9..85992d74 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/splitio/split-synchronizer/v5 -go 1.22 +go 1.23.3 require ( github.com/gin-contrib/cors v1.6.0 diff --git a/splitio/version.go b/splitio/version.go index 11d3d202..2697b785 100644 --- a/splitio/version.go +++ b/splitio/version.go @@ -2,4 +2,4 @@ package splitio // Version is the version of this Agent -const Version = "5.8.2" +const Version = "5.8.3" diff --git a/windows/Makefile b/windows/Makefile index 750ad858..917ac88c 100644 --- a/windows/Makefile +++ b/windows/Makefile @@ -7,7 +7,7 @@ BUILD_FOLDER := $(CURRENT_PATH)/build GO := $(BIN_FOLDER)/go -ASSET ?= go1.22.linux-amd64.tar.gz +ASSET ?= go1.23.linux-amd64.tar.gz SOURCES := $(shell find $(PARENT_PATH) -path $(dirname $(pwd))/windows -prune -o -name "*.go" -print) \ $(PARENT_PATH)/go.mod \ $(PARENT_PATH)/go.sum @@ -67,5 +67,3 @@ help: } \ { lastLine = $$0 }' $(MAKEFILE_LIST) | sort -u @printf "\n" - -