Skip to content

CVE patch

CVE patch #13

name: CVE patch
on:
workflow_dispatch: {}
permissions:
packages: write
env:
IMAGES_TEST: |
cr.fluentbit.io/fluent/fluent-bit:2.1.4
docker.io/alpine/curl:8.5.0
# docker.io/aquasec/kube-bench:v0.6.10
# docker.io/bitnami/external-dns:0.14.0-debian-11-r8
# docker.io/bitnami/kubectl:1.24.1
# docker.io/bitnami/kubectl:1.26.4
# docker.io/bitnami/kubectl:1.27.9
# docker.io/bitnami/memcached:1.6.19-debian-11-r7
# docker.io/bitnami/postgres-exporter:0.12.0-debian-11-r77
# docker.io/bitnami/postgresql:11.22.0-debian-11-r4
# docker.io/bitnami/postgresql:15.2.0-debian-11-r21
# docker.io/bitnami/thanos:0.33.0-debian-11-r1
# docker.io/curlimages/curl:7.83.1
# docker.io/fluent/fluent-bit:2.1.4
# docker.io/grafana/grafana:8.5.26
# docker.io/grafana/grafana:9.4.7
# docker.io/grafana/grafana:9.5.13
# docker.io/grafana/loki:2.9.1
# docker.io/istio/install-cni:1.20.2
# docker.io/istio/operator:1.20.2
# docker.io/istio/pilot:1.20.2
# docker.io/istio/proxyv2:1.20.2
# docker.io/jaegertracing/all-in-one:1.52.0
# docker.io/jaegertracing/jaeger-operator:1.52.0
# docker.io/jimmidyson/configmap-reload:v0.7.1
# docker.io/jpillora/chisel:1.9.1
# docker.io/kiwigrid/k8s-sidecar:1.25.3
# docker.io/kubernetesui/dashboard:v2.7.0
# docker.io/kubernetesui/metrics-scraper:v1.0.9
# docker.io/library/busybox:1
# docker.io/library/traefik:v2.10.6
# docker.io/mesosphere/capimate:v0.0.0-dev.0
# docker.io/mesosphere/cluster-observer:1.2.0
# docker.io/mesosphere/dex-controller:v0.14.0
# docker.io/mesosphere/dex-k8s-authenticator:v1.3.2-d2iq
# docker.io/mesosphere/dex:v2.37.0-d2iq.2
# docker.io/mesosphere/dkp-diagnostics-node-collector:v0.9.6
# docker.io/mesosphere/ghostunnel:v1.7.1-server-backend-proxy.1
# docker.io/mesosphere/grafana-plugins:v0.0.1
# docker.io/mesosphere/insights-management:v1.0.1
# docker.io/mesosphere/insights:v1.0.1
# docker.io/mesosphere/karma:v0.88-d2iq-server-name.2
# docker.io/mesosphere/kommander2-appmanagement-config-api:v2.8.0-dev-SNAPSHOT-0279d6286
# docker.io/mesosphere/kommander2-appmanagement-webhook:v2.8.0-dev
# docker.io/mesosphere/kommander2-appmanagement-webhook:v2.8.0-dev-SNAPSHOT-0279d6286
# docker.io/mesosphere/kommander2-appmanagement:v2.8.0-dev
# docker.io/mesosphere/kommander2-appmanagement:v2.8.0-dev-SNAPSHOT-0279d6286
# docker.io/mesosphere/kommander2-core-installer:v2.8.0-dev
# docker.io/mesosphere/kommander2-core-installer:v2.8.0-dev-SNAPSHOT-0279d6286
# docker.io/mesosphere/kommander2-federation-authorizedlister:v2.8.0-dev
# docker.io/mesosphere/kommander2-federation-authorizedlister:v2.8.0-dev-SNAPSHOT-0279d6286
# docker.io/mesosphere/kommander2-federation-controller-manager:v2.8.0-dev
# docker.io/mesosphere/kommander2-federation-controller-manager:v2.8.0-dev-SNAPSHOT-0279d6286
# docker.io/mesosphere/kommander2-federation-webhook:v2.8.0-dev
# docker.io/mesosphere/kommander2-federation-webhook:v2.8.0-dev-SNAPSHOT-0279d6286
# docker.io/mesosphere/kommander2-flux-operator:v2.8.0-dev
# docker.io/mesosphere/kommander2-flux-operator:v2.8.0-dev-SNAPSHOT-0279d6286
# docker.io/mesosphere/kommander2-kubetools:v2.8.0-dev
# docker.io/mesosphere/kommander2-kubetools:v2.8.0-dev-SNAPSHOT-0279d6286
# docker.io/mesosphere/kommander2-licensing-controller-manager:v2.8.0-dev
# docker.io/mesosphere/kommander2-licensing-controller-manager:v2.8.0-dev-SNAPSHOT-0279d6286
# docker.io/mesosphere/kommander2-licensing-webhook:v2.8.0-dev
# docker.io/mesosphere/kommander2-licensing-webhook:v2.8.0-dev-SNAPSHOT-0279d6286
# docker.io/mesosphere/kommander:11.1.4
# docker.io/mesosphere/kubeaddons-addon-initializer:v0.7.0
# docker.io/mesosphere/kubetunnel-controller:v0.0.31
# docker.io/mesosphere/kubetunnel-kubeconfig-webhook:v0.0.31
# docker.io/mesosphere/kubetunnel-reverse-proxy:v0.0.31
# docker.io/mesosphere/kubetunnel-webhook:v0.0.31
# docker.io/mesosphere/pause-busybox:3.6
# docker.io/mesosphere/traefik-forward-auth:3.1.0
# docker.io/mesosphere/trivy-bundles:0.45.1-20231019T024033Z
# docker.io/nginxinc/nginx-unprivileged:1.24.0-alpine
# docker.io/openpolicyagent/gatekeeper-crds:v3.14.0
# docker.io/openpolicyagent/gatekeeper:v3.14.0
# docker.io/rook/ceph:v1.13.2
# docker.io/semitechnologies/weaviate:1.21.4
# docker.io/thanosio/thanos:v0.15.0
# docker.io/thanosio/thanos:v0.29.0
# docker.io/velero/velero-plugin-for-aws:v1.7.0
# docker.io/velero/velero:v1.12.3
# gcr.io/google_containers/kubernetes-dashboard-init-amd64:v1.0.0
# gcr.io/google_containers/pause:3.2
# gcr.io/knative-releases/knative.dev/net-istio/cmd/controller:v1.10.0
# gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook:v1.10.0
# gcr.io/knative-releases/knative.dev/serving/cmd/activator:v1.10.0
# gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa:v1.10.0
# gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler:v1.10.0
# gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook:v1.10.0
# gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping:v1.10.0
# gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
# gcr.io/kubecost1/cost-model:prod-1.106.5
# gcr.io/kubecost1/frontend:prod-1.106.5
# ghcr.io/fluxcd/helm-controller:v0.36.2
# ghcr.io/fluxcd/kustomize-controller:v1.1.1
# ghcr.io/fluxcd/notification-controller:v1.1.0
# ghcr.io/fluxcd/source-controller:v1.1.2
# ghcr.io/helm/chartmuseum:v0.16.1
# ghcr.io/kube-logging/config-reloader:v0.0.5
# ghcr.io/kube-logging/fluentd:v1.16-full-build.122
# ghcr.io/kube-logging/logging-operator:4.2.2
# ghcr.io/kube-logging/node-exporter:v0.6.1
# ghcr.io/mesosphere/gitea:1.19.2-d2iq-rootless
# ghcr.io/mesosphere/kubefed:v0.10.4
# ghcr.io/stakater/reloader:v1.0.65
# nvcr.io/nvidia/cloud-native/dcgm:3.1.8-1-ubuntu20.04
# nvcr.io/nvidia/cloud-native/gpu-operator-validator:v23.6.1
# nvcr.io/nvidia/gpu-feature-discovery:v0.8.1-ubi8
# nvcr.io/nvidia/gpu-operator:v23.6.1
# nvcr.io/nvidia/k8s-device-plugin:v0.14.1-ubi8
# nvcr.io/nvidia/k8s/container-toolkit:v1.13.1-centos7
# nvcr.io/nvidia/k8s/container-toolkit:v1.13.1-ubi8
# nvcr.io/nvidia/k8s/container-toolkit:v1.13.1-ubuntu20.04
# nvcr.io/nvidia/k8s/cuda-sample:vectoradd-cuda10.2
# nvcr.io/nvidia/k8s/dcgm-exporter:3.1.8-3.1.5-ubuntu20.04
# quay.io/brancz/kube-rbac-proxy:v0.14.2
# quay.io/ceph/ceph:v18.2.1
# quay.io/fairwinds/nova:3.4.0
# quay.io/fairwinds/pluto:v5.10.6
# quay.io/fairwinds/polaris:5.1
# quay.io/jetstack/cert-manager-cainjector:v1.13.1
# quay.io/jetstack/cert-manager-controller:v1.13.1
# quay.io/jetstack/cert-manager-ctl:v1.13.1
# quay.io/jetstack/cert-manager-webhook:v1.13.1
# quay.io/jetstack/kube-oidc-proxy:v0.3.0
# quay.io/kiali/kiali-operator:v1.79.0
# quay.io/kiali/kiali:v1.79.0
# quay.io/kiwigrid/k8s-sidecar:1.25.1
# quay.io/kubernetes-multicluster/kubefed:v0.9.1
# quay.io/kubernetes_incubator/nfs-provisioner:v2.3.0
# quay.io/prometheus-operator/prometheus-config-reloader:v0.66.0
# quay.io/prometheus-operator/prometheus-operator:v0.66.0
# quay.io/prometheus/alertmanager:v0.21.0
# quay.io/prometheus/alertmanager:v0.25.0
# quay.io/prometheus/node-exporter:v1.6.0
# quay.io/prometheus/prometheus:v2.35.0
# quay.io/prometheus/prometheus:v2.45.0
# quay.io/thanos/thanos:v0.31.0
# registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6
# registry.k8s.io/kube-state-metrics/kube-state-metrics:v1.9.8
# registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.9.2
# registry.k8s.io/prometheus-adapter/prometheus-adapter:v0.11.2
jobs:
patch_images:
runs-on:
- self-hosted
- large
steps:
- name: Checkout repository
uses: actions/checkout@v4
# - name: Login to Docker Hub
# uses: docker/login-action@v3
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Save images
id: save-images
run: |
{
echo 'images<<EOF'
echo "$IMAGES_TEST"
echo 'EOF'
} >> "$GITHUB_OUTPUT"
- name: Patch images
id: patch-images
uses: ./.github/actions/copacetic-action
with:
images: ${{ steps.save-images.outputs.images }}
github-token: ${{ secrets.GITHUB_TOKEN }}
debug: true
timeout: 2h