From d48f1efaebcc5c64b1e026f4673303b43930da3e Mon Sep 17 00:00:00 2001 From: mgandharva Date: Fri, 8 Nov 2024 03:00:47 -0500 Subject: [PATCH 1/7] created common workflow --- .github/workflows/actions.yaml | 31 +------------------------ .github/workflows/common-workflows.yaml | 18 ++++++++++++++ 2 files changed, 19 insertions(+), 30 deletions(-) create mode 100644 .github/workflows/common-workflows.yaml diff --git a/.github/workflows/actions.yaml b/.github/workflows/actions.yaml index b5204f1c..873f4895 100644 --- a/.github/workflows/actions.yaml +++ b/.github/workflows/actions.yaml @@ -24,36 +24,7 @@ jobs: - name: Run the forbidden words scan uses: dell/common-github-actions/code-sanitizer@main with: - args: /github/workspace - test: - name: Run Go unit tests and check package coverage - runs-on: ubuntu-latest - container: node:20 - services: - # Label used to access the service container - redis: - # Docker Hub image - image: redis - # Set health checks to wait until redis has started - options: >- - --health-cmd "redis-cli ping" - --health-interval 10s - --health-timeout 5s - --health-retries 5 - - steps: - - name: Checkout the code - uses: actions/checkout@v4 - - name: Run unit tests and check package coverage - uses: dell/common-github-actions/go-code-tester@main - with: - threshold: 90 - skip-list: "karavi-authorization/deploy,karavi-authorization/internal/web,karavi-authorization/internal/tenantsvc,karavi-authorization/cmd/karavictl/cmd,karavi-authorization/cmd/proxy-server,karavi-authorization/cmd/tenant-service,karavi-authorization/internal/proxy,karavi-authorization/internal/tenantsvc,karavi-authorization/internal/token/jwx,karavi-authorization/internal/k8s,karavi-authorization/internal/role-service,karavi-authorization/internal/role-service/validate,karavi-authorization/cmd/sidecar-proxy" - env: - # The hostname used to communicate with the Redis service container - REDIS_HOST: redis - # The default Redis port - REDIS_PORT: 6379 + args: /github/workspace go_security_scan: name: Go security diff --git a/.github/workflows/common-workflows.yaml b/.github/workflows/common-workflows.yaml new file mode 100644 index 00000000..9c9ba9dc --- /dev/null +++ b/.github/workflows/common-workflows.yaml @@ -0,0 +1,18 @@ +name: Common Workflows +on: # yamllint disable-line rule:truthy + push: + branches: [main] + pull_request: + branches: ["**"] + +jobs: + + # golang static analysis checks + go-static-analysis: + uses: dell/common-github-actions/.github/workflows/go-static-analysis.yaml@main + name: Golang Validation + + # checks unit tests, package coverage, and gosec + common: + name: Run gosec, unit tests, and check package coverage + uses: dell/common-github-actions/.github/workflows/go-common.yml@main From 626b87d8dedc0d7dc2f4ff993a25cc9a50a5f31c Mon Sep 17 00:00:00 2001 From: mgandharva Date: Fri, 8 Nov 2024 03:02:45 -0500 Subject: [PATCH 2/7] created common workflow --- .github/workflows/actions.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/actions.yaml b/.github/workflows/actions.yaml index 873f4895..4d106213 100644 --- a/.github/workflows/actions.yaml +++ b/.github/workflows/actions.yaml @@ -24,8 +24,8 @@ jobs: - name: Run the forbidden words scan uses: dell/common-github-actions/code-sanitizer@main with: - args: /github/workspace - + args: /github/workspace + go_security_scan: name: Go security runs-on: ubuntu-latest From d23949d67dadf354c95c05e5e6f325aab20e8eec Mon Sep 17 00:00:00 2001 From: mgandharva Date: Fri, 8 Nov 2024 04:56:05 -0500 Subject: [PATCH 3/7] Updated action --- .github/workflows/actions.yaml | 42 ------------------------------- .github/workflows/go-version.yaml | 2 +- 2 files changed, 1 insertion(+), 43 deletions(-) diff --git a/.github/workflows/actions.yaml b/.github/workflows/actions.yaml index 4d106213..11fbfdeb 100644 --- a/.github/workflows/actions.yaml +++ b/.github/workflows/actions.yaml @@ -5,48 +5,6 @@ on: pull_request: branches: [ main ] jobs: - code-check: - name: Check Go formatting, linting, vetting - runs-on: ubuntu-latest - steps: - - name: Checkout the code - uses: actions/checkout@v4 - - name: Run the formatter, linter, and vetter - uses: dell/common-github-actions/go-code-formatter-linter-vetter@main - with: - directories: ./... - sanitize: - name: Check for forbidden words - runs-on: ubuntu-latest - steps: - - name: Checkout the code - uses: actions/checkout@v4 - - name: Run the forbidden words scan - uses: dell/common-github-actions/code-sanitizer@main - with: - args: /github/workspace - - go_security_scan: - name: Go security - runs-on: ubuntu-latest - steps: - - name: Checkout the code - uses: actions/checkout@v4 - - name: Run Go Security - uses: securego/gosec@master - with: - args: -exclude=G108,G402,G307 ./... - malware_security_scan: - name: Malware Scanner - runs-on: ubuntu-latest - steps: - - name: Checkout the code - uses: actions/checkout@v4 - - name: Run malware scan - uses: dell/common-github-actions/malware-scanner@main - with: - directories: . - options: -ri image_security_scan: name: Image Scanner runs-on: ubuntu-latest diff --git a/.github/workflows/go-version.yaml b/.github/workflows/go-version.yaml index 1ba387ea..51df53be 100644 --- a/.github/workflows/go-version.yaml +++ b/.github/workflows/go-version.yaml @@ -9,7 +9,7 @@ # Reusable workflow to perform go version update on Golang based projects name: Go Version Update -on: +on: # yamllint disable-line rule:truthy workflow_dispatch: repository_dispatch: types: [go-update-workflow] From 07eeb6a7cdafb00a2462e1ba0ad06deef66b048d Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Nov 2024 18:46:38 +0000 Subject: [PATCH 4/7] update actions --- .github/workflows/actions.yaml | 13 ++++++++++- .github/workflows/common-workflows.yaml | 3 +-- .github/workflows/linters.yaml | 31 ------------------------- deploy/self-cert.yaml | 5 ++-- tokens.yaml | 2 +- 5 files changed, 16 insertions(+), 38 deletions(-) delete mode 100644 .github/workflows/linters.yaml diff --git a/.github/workflows/actions.yaml b/.github/workflows/actions.yaml index 11fbfdeb..a878d5e6 100644 --- a/.github/workflows/actions.yaml +++ b/.github/workflows/actions.yaml @@ -1,10 +1,21 @@ name: Workflow -on: +on: # yamllint disable-line rule:truthy push: branches: [ main ] pull_request: branches: [ main ] jobs: + sanitize: + name: Check for forbidden words + runs-on: ubuntu-latest + steps: + - name: Checkout the code + uses: actions/checkout@v4 + - name: Run the forbidden words scan + uses: dell/common-github-actions/code-sanitizer@main + with: + args: /github/workspace + image_security_scan: name: Image Scanner runs-on: ubuntu-latest diff --git a/.github/workflows/common-workflows.yaml b/.github/workflows/common-workflows.yaml index 9c9ba9dc..05e4e078 100644 --- a/.github/workflows/common-workflows.yaml +++ b/.github/workflows/common-workflows.yaml @@ -12,7 +12,6 @@ jobs: uses: dell/common-github-actions/.github/workflows/go-static-analysis.yaml@main name: Golang Validation - # checks unit tests, package coverage, and gosec common: - name: Run gosec, unit tests, and check package coverage + name: Quality Checks uses: dell/common-github-actions/.github/workflows/go-common.yml@main diff --git a/.github/workflows/linters.yaml b/.github/workflows/linters.yaml deleted file mode 100644 index cbeb2c49..00000000 --- a/.github/workflows/linters.yaml +++ /dev/null @@ -1,31 +0,0 @@ -name: linters - -on: - push: - branches: [main] - pull_request: - branches: ["**"] - -permissions: - contents: read - -jobs: - golangci-lint: - name: golangci-lint - runs-on: ubuntu-latest - steps: - - uses: actions/setup-go@v5 - with: - go-version: "1.23" - cache: false - - name: Checkout the code - uses: actions/checkout@v4 - - name: Vendor packages - run: | - go mod vendor - - name: golangci-lint - uses: golangci/golangci-lint-action@v6 - with: - version: latest - skip-cache: true - args: --out-format=colored-line-number diff --git a/deploy/self-cert.yaml b/deploy/self-cert.yaml index 2df5fda1..dc6aa67d 100644 --- a/deploy/self-cert.yaml +++ b/deploy/self-cert.yaml @@ -7,7 +7,6 @@ spec: selfSigned: {} --- - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -15,8 +14,8 @@ metadata: namespace: karavi spec: secretName: karavi-auth-tls - duration: 2160h # 90d - renewBefore: 360h # 15d + duration: 2160h # 90d + renewBefore: 360h # 15d subject: organizations: - dellemc diff --git a/tokens.yaml b/tokens.yaml index 521e7209..0db0c68b 100644 --- a/tokens.yaml +++ b/tokens.yaml @@ -2,4 +2,4 @@ tokenString: "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9" AccessToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJrYXJhdmkiLCJleHAiOjExMTQ0ODQ4ODMsImlzcyI6ImNvbS5kZWxsLmthcmF2aSIsInN1YiI6ImthcmF2aS10ZW5hbnQiLCJyb2xlcyI6IkNBLW1lZGl1bSIsImdyb3VwIjoiUGFuY2FrZUdyb3VwIn0.IE4yX53JaGwHZigD299ROtt0OH6DhUWGqejcLQ9N-xU" RefreshToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJrYXJhdmkiLCJleHAiOjE5MTU1ODU4ODMsImlzcyI6ImNvbS5kZWxsLmthcmF2aSIsInN1YiI6ImthcmF2aS10ZW5hbnQiLCJyb2xlcyI6IkNBLW1lZGl1bSIsImdyb3VwIjoiUGFuY2FrZUdyb3VwIn0.7fljbEr3ylTGO7MeeEk-jv4-QzxhcQaXjDAXXvmo9zI" secondToken: "YWRtaW46MTYxMDU3OTI1NjMyMjo2MGFiNTIyYTcxYjEwMGM3ZTdlYzRhMDU3MDA1MjNhMw" -firstToken: "YWRtaW46MTYxMDUxNzk5NDQxODpjYzBkMGEwMmUwYzNiODUxOTM1NWMxZThkNTcwZWEwNA" \ No newline at end of file +firstToken: "YWRtaW46MTYxMDUxNzk5NDQxODpjYzBkMGEwMmUwYzNiODUxOTM1NWMxZThkNTcwZWEwNA" From 7a27d47f74b69f8f06f87bf3ba3d0c743b94876f Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Nov 2024 18:54:19 +0000 Subject: [PATCH 5/7] fix linting --- .github/workflows/actions.yaml | 2 +- cmd/sidecar-proxy/main_test.go | 2 +- deploy/deployment.yaml | 322 ++++++++++++++-------------- deploy/ingress-traefik.yaml | 22 +- deploy/self-cert.yaml | 6 +- deploy/tls-option.yaml | 2 +- deploy/tls-store.yaml | 2 +- policies/karavi-storage-secret.yaml | 2 +- 8 files changed, 180 insertions(+), 180 deletions(-) diff --git a/.github/workflows/actions.yaml b/.github/workflows/actions.yaml index a878d5e6..0794be5c 100644 --- a/.github/workflows/actions.yaml +++ b/.github/workflows/actions.yaml @@ -30,7 +30,7 @@ jobs: - name: Install Mockgen run: go get github.com/golang/mock/mockgen@v1.6.0 - name: Get dependencies - run: go mod download + run: go mod download - name: Build karavi-authorization Docker Images run: make builder - name: Get podman image tags for image scans diff --git a/cmd/sidecar-proxy/main_test.go b/cmd/sidecar-proxy/main_test.go index eff22da1..7026c49a 100644 --- a/cmd/sidecar-proxy/main_test.go +++ b/cmd/sidecar-proxy/main_test.go @@ -40,7 +40,7 @@ func TestProxyInstanceHandler(t *testing.T) { rp := httputil.NewSingleHostReverseProxy(u) rp.Transport = &http.Transport{ TLSClientConfig: &tls.Config{ - InsecureSkipVerify: true, + InsecureSkipVerify: true, // #nosec G402 }, } diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 87ebea63..9d216138 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -14,9 +14,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts:karavi - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts:karavi + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. kind: Role @@ -25,9 +25,9 @@ metadata: namespace: karavi name: configmap-modifier rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. kind: RoleBinding @@ -40,9 +40,9 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts:karavi - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts:karavi + apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment @@ -62,46 +62,46 @@ spec: app: proxy-server spec: containers: - - name: proxy-server - image: localhost/proxy-server:${BUILDER_TAG} - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - volumeMounts: + - name: proxy-server + image: localhost/proxy-server:${BUILDER_TAG} + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: storage-volume + mountPath: /etc/karavi-authorization/storage + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: docker.io/openpolicyagent/opa + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: docker.io/openpolicyagent/kube-mgmt:0.11 + imagePullPolicy: IfNotPresent + args: + - "--policies=karavi" + - "--enable-data" + - "--opa-url=http://127.0.0.1:8181/v1" + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: storage-volume - mountPath: /etc/karavi-authorization/storage + secret: + secretName: karavi-storage-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: docker.io/openpolicyagent/opa - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: docker.io/openpolicyagent/kube-mgmt:0.11 - imagePullPolicy: IfNotPresent - args: - - "--policies=karavi" - - "--enable-data" - - "--opa-url=http://127.0.0.1:8181/v1" - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: storage-volume - secret: - secretName: karavi-storage-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: apps/v1 kind: Deployment @@ -121,24 +121,24 @@ spec: app: tenant-service spec: containers: - - name: tenant-service - image: localhost/tenant-service:${BUILDER_TAG} - imagePullPolicy: IfNotPresent - ports: - - containerPort: 50051 - name: grpc - volumeMounts: + - name: tenant-service + image: localhost/tenant-service:${BUILDER_TAG} + imagePullPolicy: IfNotPresent + ports: + - containerPort: 50051 + name: grpc + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: ServiceAccount @@ -153,7 +153,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get","patch","post"] + verbs: ["get", "patch", "post"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -187,32 +187,32 @@ spec: spec: serviceAccountName: storage-service containers: - - name: storage-service - image: localhost/storage-service:${BUILDER_TAG} - imagePullPolicy: IfNotPresent - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: karavi - volumeMounts: + - name: storage-service + image: localhost/storage-service:${BUILDER_TAG} + imagePullPolicy: IfNotPresent + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: karavi + volumeMounts: + - name: storage-volume + mountPath: /etc/karavi-authorization/storage + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: - name: storage-volume - mountPath: /etc/karavi-authorization/storage + secret: + secretName: karavi-storage-secret - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: - - name: storage-volume - secret: - secretName: karavi-storage-secret - - name: config-volume - secret: - secretName: karavi-config-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: ServiceAccount @@ -264,24 +264,24 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: localhost/role-service:${BUILDER_TAG} - imagePullPolicy: IfNotPresent - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: karavi - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params + - name: role-service + image: localhost/role-service:${BUILDER_TAG} + imagePullPolicy: IfNotPresent + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: karavi + volumeMounts: + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params volumes: - - name: csm-config-params - configMap: - name: csm-config-params + - name: csm-config-params + configMap: + name: csm-config-params --- -apiVersion: apps/v1 +apiVersion: apps/v1 kind: Deployment metadata: name: redis-primary @@ -303,19 +303,19 @@ spec: tier: backend spec: containers: - - name: primary - image: docker.io/redis:6.0.8-alpine - imagePullPolicy: IfNotPresent - args: ["--appendonly", "yes", "--appendfsync", "always"] - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 6379 - volumeMounts: - - name: redis-primary-volume - mountPath: /data + - name: primary + image: docker.io/redis:6.0.8-alpine + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data volumes: - name: redis-primary-volume persistentVolumeClaim: @@ -353,34 +353,34 @@ spec: tier: backend spec: containers: - - name: redis-commander - image: docker.io/rediscommander/redis-commander:latest - imagePullPolicy: IfNotPresent - env: - - name: REDIS_HOSTS - value: "rbac:redis.karavi.svc.cluster.local:6379" - - name: K8S_SIGTERM - value: "1" - ports: - name: redis-commander - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + image: docker.io/rediscommander/redis-commander:latest + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis.karavi.svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: + - name: redis-commander + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -391,9 +391,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- apiVersion: v1 kind: Service @@ -404,9 +404,9 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- apiVersion: v1 kind: Service @@ -417,9 +417,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- apiVersion: v1 kind: Service @@ -430,10 +430,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- apiVersion: v1 kind: Service @@ -444,9 +444,9 @@ spec: selector: app: redis ports: - - protocol: TCP - port: 6379 - targetPort: 6379 + - protocol: TCP + port: 6379 + targetPort: 6379 --- apiVersion: v1 kind: Service @@ -457,6 +457,6 @@ spec: selector: app: redis-commander ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 diff --git a/deploy/ingress-traefik.yaml b/deploy/ingress-traefik.yaml index cd63d404..d2caf8b9 100644 --- a/deploy/ingress-traefik.yaml +++ b/deploy/ingress-traefik.yaml @@ -8,17 +8,17 @@ metadata: namespace: karavi spec: entryPoints: - - web - - websecure + - web + - websecure routes: - - kind: Rule - match: Host(`temporary.Host.Name`) && PathPrefix(`/`) - middlewares: [] - priority: 0 - services: - - kind: Service - name: proxy-server - namespace: karavi - port: 8080 + - kind: Rule + match: Host(`temporary.Host.Name`) && PathPrefix(`/`) + middlewares: [] + priority: 0 + services: + - kind: Service + name: proxy-server + namespace: karavi + port: 8080 tls: secretName: karavi-auth-tls diff --git a/deploy/self-cert.yaml b/deploy/self-cert.yaml index dc6aa67d..f14f9292 100644 --- a/deploy/self-cert.yaml +++ b/deploy/self-cert.yaml @@ -18,7 +18,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dellemc + - dellemc isCA: false privateKey: algorithm: RSA @@ -28,8 +28,8 @@ spec: - server auth - client auth dnsNames: - - karavi-auth - - karavi-auth.karavi.svc.kubernetes.local + - karavi-auth + - karavi-auth.karavi.svc.kubernetes.local issuerRef: name: selfsigned-issuer kind: Issuer diff --git a/deploy/tls-option.yaml b/deploy/tls-option.yaml index 51646b32..918af724 100644 --- a/deploy/tls-option.yaml +++ b/deploy/tls-option.yaml @@ -14,4 +14,4 @@ spec: - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA - - TLS_RSA_WITH_AES_256_GCM_SHA384 \ No newline at end of file + - TLS_RSA_WITH_AES_256_GCM_SHA384 diff --git a/deploy/tls-store.yaml b/deploy/tls-store.yaml index 6d1631a1..8bb083fe 100644 --- a/deploy/tls-store.yaml +++ b/deploy/tls-store.yaml @@ -6,4 +6,4 @@ metadata: spec: defaultCertificate: - secretName: karavi-auth-tls \ No newline at end of file + secretName: karavi-auth-tls diff --git a/policies/karavi-storage-secret.yaml b/policies/karavi-storage-secret.yaml index 4a7b240a..125bc903 100644 --- a/policies/karavi-storage-secret.yaml +++ b/policies/karavi-storage-secret.yaml @@ -5,4 +5,4 @@ kind: Secret metadata: creationTimestamp: null name: karavi-storage-secret - namespace: karavi \ No newline at end of file + namespace: karavi From a2487e0b702cbc54aa2563c79fa9f4bc2176f3e6 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Nov 2024 19:43:15 +0000 Subject: [PATCH 6/7] update action with redis --- .github/workflows/common-workflows.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/common-workflows.yaml b/.github/workflows/common-workflows.yaml index 05e4e078..a0a3614c 100644 --- a/.github/workflows/common-workflows.yaml +++ b/.github/workflows/common-workflows.yaml @@ -13,5 +13,21 @@ jobs: name: Golang Validation common: + name: Set up Redis + runs-on: ubuntu-latest + container: node:20 + services: + # Label used to access the service container + redis: + # Docker Hub image + image: redis + # Set health checks to wait until redis has started + options: >- + --health-cmd "redis-cli ping" + --health-interval 10s + --health-timeout 5s + --health-retries 5 + + steps: name: Quality Checks uses: dell/common-github-actions/.github/workflows/go-common.yml@main From 9bc6df4c5f16101f4b12d111a3540f1bd259c593 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 Nov 2024 19:59:34 +0000 Subject: [PATCH 7/7] test with redis --- .github/workflows/common-workflows.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/common-workflows.yaml b/.github/workflows/common-workflows.yaml index a0a3614c..4b2dd073 100644 --- a/.github/workflows/common-workflows.yaml +++ b/.github/workflows/common-workflows.yaml @@ -5,6 +5,12 @@ on: # yamllint disable-line rule:truthy pull_request: branches: ["**"] +env: + # The hostname used to communicate with the Redis service container + REDIS_HOST: redis + # The default Redis port + REDIS_PORT: 6379 + jobs: # golang static analysis checks @@ -12,7 +18,7 @@ jobs: uses: dell/common-github-actions/.github/workflows/go-static-analysis.yaml@main name: Golang Validation - common: + redis: name: Set up Redis runs-on: ubuntu-latest container: node:20 @@ -28,6 +34,7 @@ jobs: --health-timeout 5s --health-retries 5 - steps: + common: name: Quality Checks + needs: redis uses: dell/common-github-actions/.github/workflows/go-common.yml@main