From 73252fe1a996d8ff0ab78794066d6a132fe2399c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Dec 2020 05:09:44 +0000 Subject: [PATCH 01/11] build(deps): bump setuptools from 50.3.2 to 51.0.0 Bumps [setuptools](https://github.com/pypa/setuptools) from 50.3.2 to 51.0.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/master/CHANGES.rst) - [Commits](https://github.com/pypa/setuptools/compare/v50.3.2...v51.0.0) Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index eae07aa9..af4a23db 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -setuptools==50.3.2 +setuptools==51.0.0 thrift >= 0.11.0,<0.20.0 python-keystoneclient openstacksdk ==0.51.0 From 038955053c10cd55e5ae37872e68243517659d64 Mon Sep 17 00:00:00 2001 From: Timo Date: Thu, 10 Dec 2020 18:45:16 +0100 Subject: [PATCH 02/11] fix guacamole playbook --- .../ancon/playbooks/guacamole.yml | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/VirtualMachineService/ancon/playbooks/guacamole.yml b/VirtualMachineService/ancon/playbooks/guacamole.yml index 06a7bf70..9cb82c52 100644 --- a/VirtualMachineService/ancon/playbooks/guacamole.yml +++ b/VirtualMachineService/ancon/playbooks/guacamole.yml @@ -1,3 +1,26 @@ +- name: Disable periodic updates + block: + - name: Disable unattended upgrades + lineinfile: + path: /etc/apt/apt.conf.d/10periodic + regexp: "^APT::Periodic::Unattended-Upgrade" + line: 'APT::Periodic::Unattended-Upgrade "0";' + create: yes + - name: Stop apt-daily.* systemd services + service: + name: "{{ item }}" + state: stopped + with_items: + - unattended-upgrades + - apt-daily + - apt-daily.timer + - apt-daily-upgrade + - apt-daily-upgrade.timer + - name: Uninstall unattended upgrades + apt: + name: unattended-upgrades + state: absent + - name: Wait for automatic system updates 1 shell: while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 1; done; @@ -41,3 +64,26 @@ systemd: daemon_reload: yes when: guacamole_vars.create_only_backend == "true" + +- name: Enable periodic updates + block: + - name: Disable unattended upgrades + lineinfile: + path: /etc/apt/apt.conf.d/10periodic + regexp: "^APT::Periodic::Unattended-Upgrade" + line: 'APT::Periodic::Unattended-Upgrade "0";' + create: yes + - name: Stop apt-daily.* systemd services + service: + name: "{{ item }}" + state: started + with_items: + - unattended-upgrades + - apt-daily + - apt-daily.timer + - apt-daily-upgrade + - apt-daily-upgrade.timer + - name: Install unattended upgrades + apt: + name: unattended-upgrades + state: build-dep From a9fc36781a5464e38fa472a96cee139ea7ed2af5 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Mon, 14 Dec 2020 10:12:58 +0100 Subject: [PATCH 03/11] Create codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 67 +++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..65a4250b --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,67 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ master, dev, staging ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '39 22 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 From 51f8767a36423d287e3076e52202515f61d3c6dd Mon Sep 17 00:00:00 2001 From: Timo Date: Thu, 17 Dec 2020 16:20:09 +0100 Subject: [PATCH 04/11] Update PULL_REQUEST_TEMPLATE.md --- PULL_REQUEST_TEMPLATE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PULL_REQUEST_TEMPLATE.md b/PULL_REQUEST_TEMPLATE.md index 15828648..f089dabb 100644 --- a/PULL_REQUEST_TEMPLATE.md +++ b/PULL_REQUEST_TEMPLATE.md @@ -2,7 +2,7 @@ Try to fulfill the following points before the Pull Request is merged: - [ ] The PR is reviewed by one of the team members. - [ ] If the PR is merged in the master then a release should be be made. -- [ ] If the new code is well commented +- [ ] If the new code is readable, if not it should be well commented - [ ] Update the Changelog file For releases only: From 6b3e51f211cdea94ef0f245fe48158ce78cf389e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Dec 2020 05:06:05 +0000 Subject: [PATCH 05/11] build(deps): bump setuptools from 51.0.0 to 51.1.0.post20201221 Bumps [setuptools](https://github.com/pypa/setuptools) from 51.0.0 to 51.1.0.post20201221. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst) - [Commits](https://github.com/pypa/setuptools/commits) Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 865dd63e..ec08c4cb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -setuptools==51.0.0 +setuptools==51.1.0.post20201221 thrift >= 0.11.0,<0.20.0 python-keystoneclient openstacksdk ==0.52.0 From 5014709ffcb531daeeeed6ada3e7391061d4b851 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Dec 2020 05:06:05 +0000 Subject: [PATCH 06/11] build(deps): bump requests from 2.25.0 to 2.25.1 Bumps [requests](https://github.com/psf/requests) from 2.25.0 to 2.25.1. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.25.0...v2.25.1) Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 865dd63e..bf640164 100644 --- a/requirements.txt +++ b/requirements.txt @@ -10,4 +10,4 @@ ruamel.yaml<0.17.0 paramiko==2.7.2 pyvim==3.0.2 redis==3.5.3 -requests==2.25.0 +requests==2.25.1 From 03b075a442d531028b8de36972cb6f8d7c69d74c Mon Sep 17 00:00:00 2001 From: David Weinholz Date: Mon, 21 Dec 2020 12:33:50 +0100 Subject: [PATCH 07/11] updated dependabot --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a3900fb7..4e668484 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,6 +7,9 @@ updates: target-branch: "dev" reviewers: - "deNBI/portal-dev" + commit_message: + prefix: "feat" + include_scope: true - package-ecosystem: "docker" directory: "/" @@ -15,5 +18,8 @@ updates: target-branch: "dev" reviewers: - "deNBI/portal-dev" + commit_message: + prefix: "feat" + include_scope: true From 69c100f64efafc9d99bea6d92ad7bc119443c167 Mon Sep 17 00:00:00 2001 From: David Weinholz Date: Mon, 21 Dec 2020 12:35:40 +0100 Subject: [PATCH 08/11] updated dependabot --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 4e668484..e2a16869 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -10,6 +10,7 @@ updates: commit_message: prefix: "feat" include_scope: true + open-pull-requests-limit: 15 - package-ecosystem: "docker" directory: "/" @@ -21,5 +22,6 @@ updates: commit_message: prefix: "feat" include_scope: true + open-pull-requests-limit: 15 From 600513df38acd00261efb708970619f9902f8e1c Mon Sep 17 00:00:00 2001 From: dweinholz Date: Mon, 21 Dec 2020 12:43:28 +0100 Subject: [PATCH 09/11] Update dependabot.yml --- .github/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e2a16869..901ab76a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,7 +7,7 @@ updates: target-branch: "dev" reviewers: - "deNBI/portal-dev" - commit_message: + commit-message: prefix: "feat" include_scope: true open-pull-requests-limit: 15 @@ -19,7 +19,7 @@ updates: target-branch: "dev" reviewers: - "deNBI/portal-dev" - commit_message: + commit-message: prefix: "feat" include_scope: true open-pull-requests-limit: 15 From 51d96ceb8f4132e4c7370b7c2c2cbe7d3cf42d63 Mon Sep 17 00:00:00 2001 From: dweinholz Date: Mon, 21 Dec 2020 13:09:11 +0100 Subject: [PATCH 10/11] Update dependabot.yml --- .github/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 901ab76a..bcdae1cc 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,7 +9,7 @@ updates: - "deNBI/portal-dev" commit-message: prefix: "feat" - include_scope: true + include: "scope" open-pull-requests-limit: 15 - package-ecosystem: "docker" @@ -21,7 +21,7 @@ updates: - "deNBI/portal-dev" commit-message: prefix: "feat" - include_scope: true + include: "scope" open-pull-requests-limit: 15 From 17c1c9f8489148898bf9373a9b3c60d82803e5a4 Mon Sep 17 00:00:00 2001 From: David Weinholz Date: Tue, 22 Dec 2020 13:04:49 +0100 Subject: [PATCH 11/11] fix(Playbook):fixed autoupdates in playbook --- .../ancon/playbooks/cwlab.yml | 43 +++++++++++++++++++ .../ancon/playbooks/guacamole.yml | 15 ++----- .../ancon/playbooks/rstudio.yml | 39 +++++++++++++++++ .../ancon/playbooks/theiaide.yml | 41 ++++++++++++++++++ 4 files changed, 127 insertions(+), 11 deletions(-) diff --git a/VirtualMachineService/ancon/playbooks/cwlab.yml b/VirtualMachineService/ancon/playbooks/cwlab.yml index bd1623ec..70516514 100644 --- a/VirtualMachineService/ancon/playbooks/cwlab.yml +++ b/VirtualMachineService/ancon/playbooks/cwlab.yml @@ -1,3 +1,23 @@ +- name: Disable periodic updates + block: + - name: Disable unattended upgrades + lineinfile: + path: /etc/apt/apt.conf.d/10periodic + regexp: "^APT::Periodic::Unattended-Upgrade" + line: 'APT::Periodic::Unattended-Upgrade "0";' + create: yes + - name: Stop apt-daily.* systemd services + service: + name: "{{ item }}" + state: stopped + with_items: + - unattended-upgrades + - apt-daily + - apt-daily.timer + - apt-daily-upgrade + - apt-daily-upgrade.timer + + - name: Wait for automatic system updates 1 shell: while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 1; done; @@ -38,3 +58,26 @@ user: 1000:1000 recreate: yes container_default_behavior: no_defaults + +- name: Enable periodic updates + block: + - name: enable unattended upgrades + lineinfile: + path: /etc/apt/apt.conf.d/10periodic + regexp: "^APT::Periodic::Unattended-Upgrade" + line: 'APT::Periodic::Unattended-Upgrade "1";' + create: yes + - name: Start apt-daily.* systemd services + service: + name: "{{ item }}" + state: started + with_items: + - unattended-upgrades + - apt-daily + - apt-daily.timer + - apt-daily-upgrade + - apt-daily-upgrade.timer + + + + diff --git a/VirtualMachineService/ancon/playbooks/guacamole.yml b/VirtualMachineService/ancon/playbooks/guacamole.yml index 9cb82c52..db3e2c3c 100644 --- a/VirtualMachineService/ancon/playbooks/guacamole.yml +++ b/VirtualMachineService/ancon/playbooks/guacamole.yml @@ -16,10 +16,7 @@ - apt-daily.timer - apt-daily-upgrade - apt-daily-upgrade.timer - - name: Uninstall unattended upgrades - apt: - name: unattended-upgrades - state: absent + - name: Wait for automatic system updates 1 shell: while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 1; done; @@ -67,13 +64,13 @@ - name: Enable periodic updates block: - - name: Disable unattended upgrades + - name: enable unattended upgrades lineinfile: path: /etc/apt/apt.conf.d/10periodic regexp: "^APT::Periodic::Unattended-Upgrade" - line: 'APT::Periodic::Unattended-Upgrade "0";' + line: 'APT::Periodic::Unattended-Upgrade "1";' create: yes - - name: Stop apt-daily.* systemd services + - name: Start apt-daily.* systemd services service: name: "{{ item }}" state: started @@ -83,7 +80,3 @@ - apt-daily.timer - apt-daily-upgrade - apt-daily-upgrade.timer - - name: Install unattended upgrades - apt: - name: unattended-upgrades - state: build-dep diff --git a/VirtualMachineService/ancon/playbooks/rstudio.yml b/VirtualMachineService/ancon/playbooks/rstudio.yml index 4c8cc855..886945b8 100644 --- a/VirtualMachineService/ancon/playbooks/rstudio.yml +++ b/VirtualMachineService/ancon/playbooks/rstudio.yml @@ -1,3 +1,23 @@ +- name: Disable periodic updates + block: + - name: Disable unattended upgrades + lineinfile: + path: /etc/apt/apt.conf.d/10periodic + regexp: "^APT::Periodic::Unattended-Upgrade" + line: 'APT::Periodic::Unattended-Upgrade "0";' + create: yes + - name: Stop apt-daily.* systemd services + service: + name: "{{ item }}" + state: stopped + with_items: + - unattended-upgrades + - apt-daily + - apt-daily.timer + - apt-daily-upgrade + - apt-daily-upgrade.timer + + - name: Wait for automatic system updates 1 shell: while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 1; done; when: rstudio_vars.create_only_backend == "false" @@ -35,3 +55,22 @@ - name: Flush rstudio handlers meta: flush_handlers when: rstudio_vars.create_only_backend == "false" + +- name: Enable periodic updates + block: + - name: enable unattended upgrades + lineinfile: + path: /etc/apt/apt.conf.d/10periodic + regexp: "^APT::Periodic::Unattended-Upgrade" + line: 'APT::Periodic::Unattended-Upgrade "1";' + create: yes + - name: Start apt-daily.* systemd services + service: + name: "{{ item }}" + state: started + with_items: + - unattended-upgrades + - apt-daily + - apt-daily.timer + - apt-daily-upgrade + - apt-daily-upgrade.timer diff --git a/VirtualMachineService/ancon/playbooks/theiaide.yml b/VirtualMachineService/ancon/playbooks/theiaide.yml index 420a5f69..985613b0 100644 --- a/VirtualMachineService/ancon/playbooks/theiaide.yml +++ b/VirtualMachineService/ancon/playbooks/theiaide.yml @@ -1,3 +1,23 @@ +- name: Disable periodic updates + block: + - name: Disable unattended upgrades + lineinfile: + path: /etc/apt/apt.conf.d/10periodic + regexp: "^APT::Periodic::Unattended-Upgrade" + line: 'APT::Periodic::Unattended-Upgrade "0";' + create: yes + - name: Stop apt-daily.* systemd services + service: + name: "{{ item }}" + state: stopped + with_items: + - unattended-upgrades + - apt-daily + - apt-daily.timer + - apt-daily-upgrade + - apt-daily-upgrade.timer + + - name: Wait for automatic system updates 1 shell: while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 1; done; when: theiaide_vars.create_only_backend == "false" @@ -13,3 +33,24 @@ theia_ide_bind_address: 0.0.0.0 theia_ide_bind_port: 8080 when: theiaide_vars.create_only_backend == "false" + +- name: Enable periodic updates + block: + - name: enable unattended upgrades + lineinfile: + path: /etc/apt/apt.conf.d/10periodic + regexp: "^APT::Periodic::Unattended-Upgrade" + line: 'APT::Periodic::Unattended-Upgrade "1";' + create: yes + - name: Start apt-daily.* systemd services + service: + name: "{{ item }}" + state: started + with_items: + - unattended-upgrades + - apt-daily + - apt-daily.timer + - apt-daily-upgrade + - apt-daily-upgrade.timer + +