Skip to content

Commit

Permalink
fixed vulnerabilities found in Trivy scan (#7)
Browse files Browse the repository at this point in the history 
* fixed missing mirrorlist

* fixed trivy vulns and changed image os from centos to alpine

* buildvcs=false

* updated golang in rest of the Dockerfiles

* updated golang in workflow and updated alpine to 3.20

* updated go env to 1.23.3

* fixed typo in Dockerfile.ppc64le

---------

Co-authored-by: Deepak Chauhan <[email protected]>
  • Loading branch information
@deepak07dbz
deepak07dbz and Deepak Chauhan authored Nov 18, 2024
1 parent 8f8748b commit a4ebc4d
Show file tree
Hide file tree
Showing 1,525 changed files with 148,914 additions and 31,483 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ jobs:
build:
strategy:
matrix:
go-version: [1.17.x]
go-version: [1.23.x]
goarch: [386, amd64, arm, arm64, ppc64le, s390x]
os: [ubuntu-latest] #, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.17.x
go-version: 1.23.x

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ jobs:
test:
strategy:
matrix:
go-version: [1.17.x]
go-version: [1.23.x]
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
Expand Down
24 changes: 11 additions & 13 deletions deployments/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,20 @@
# This Dockerfile is used to build the image available on DockerHub
FROM centos:centos7 as build
FROM alpine:3.20 as build

# Add everything
ADD . /usr/src/multus-cni
RUN yum update -y
ENV INSTALL_PKGS "git golang-1.17.13-0.el7.x86_64"
RUN rpm --import https://mirror.go-repo.io/centos/RPM-GPG-KEY-GO-REPO && \
curl -s https://mirror.go-repo.io/centos/go-repo.repo | tee /etc/yum.repos.d/go-repo.repo && \
yum install -y $INSTALL_PKGS && \
rpm -V $INSTALL_PKGS && \
cd /usr/src/multus-cni && \
RUN apk add --no-cache git wget bash coreutils
ENV GO_VERSION 1.23.3
RUN wget https://dl.google.com/go/go$GO_VERSION.linux-amd64.tar.gz && \
tar -C /usr/local -xzf go$GO_VERSION.linux-amd64.tar.gz && \
rm go$GO_VERSION.linux-amd64.tar.gz
ENV PATH="$PATH:/usr/local/go/bin"

RUN cd /usr/src/multus-cni && \
./hack/build-go.sh

FROM centos:centos7
FROM alpine:3.20
LABEL org.opencontainers.image.source https://github.com/k8snetworkplumbingwg/multus-cni
COPY --from=build /usr/src/multus-cni /usr/src/multus-cni
WORKDIR /
RUN yum update -y

RUN apk add --no-cache git wget bash coreutils python3
ADD ./images/entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]
2 changes: 1 addition & 1 deletion deployments/Dockerfile.arm32
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# This Dockerfile is used to build the image available on DockerHub
FROM golang:1.17.13 as build
FROM golang:1.23 as build

# Add everything
ADD . /usr/src/multus-cni
Expand Down
2 changes: 1 addition & 1 deletion deployments/Dockerfile.arm64
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# This Dockerfile is used to build the image available on DockerHub
FROM golang:1.17.13 as build
FROM golang:1.23 as build

# Add everything
ADD . /usr/src/multus-cni
Expand Down
2 changes: 1 addition & 1 deletion deployments/Dockerfile.openshift
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# This dockerfile is specific to building Multus for OpenShift
FROM openshift/origin-release:golang-1.17 as builder
FROM openshift/origin-release:golang-1.23 as builder

ADD . /usr/src/multus-cni

Expand Down
21 changes: 13 additions & 8 deletions deployments/Dockerfile.ppc64le
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,31 @@
# This Dockerfile is used to build the image available on DockerHub
FROM centos:centos7 as build
FROM alpine:3.20 as build

# Add everything
ADD . /usr/src/multus-cni

ENV GOARCH "ppc64le"
ENV GOOS "linux"

ENV INSTALL_PKGS "git golang"
RUN rpm --import https://mirror.go-repo.io/centos/RPM-GPG-KEY-GO-REPO && \
curl -s https://mirror.go-repo.io/centos/go-repo.repo | tee /etc/yum.repos.d/go-repo.repo && \
yum install -y $INSTALL_PKGS && \
rpm -V $INSTALL_PKGS && \
cd /usr/src/multus-cni && \
ENV GO_VERSION 1.23.3

ENV INSTALL_PKGS "git wget bash coreutils"
RUN wget https://dl.google.com/go/go$GO_VERSION.linux-amd64.tar.gz && \
tar -C /usr/local -xzf go$GO_VERSION.linux-amd64.tar.gz && \
rm go$GO_VERSION.linux-amd64.tar.gz
ENV PATH="$PATH:/usr/local/go/bin"

RUN cd /usr/src/multus-cni && \
./hack/build-go.sh

# build ppc container
FROM ppc64le/centos:latest
FROM ppc64le/alpine:latest
LABEL org.opencontainers.image.source https://github.com/k8snetworkplumbingwg/multus-cni
COPY --from=build /usr/src/multus-cni /usr/src/multus-cni

WORKDIR /

RUN apk add --no-cache git wget bash coreutils python3
ADD ./images/entrypoint.sh /

ENTRYPOINT ["/entrypoint.sh"]
2 changes: 1 addition & 1 deletion deployments/Dockerfile.s390x
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# This Dockerfile is used to build the image available on DockerHub
FROM golang:1.17 as build
FROM golang:1.23 as build

# Add everything
ADD . /usr/src/multus-cni
Expand Down
125 changes: 68 additions & 57 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,100 +1,111 @@
module gopkg.in/k8snetworkplumbingwg/multus-cni.v3

go 1.17
go 1.23

toolchain go1.23.0

require (
github.com/containernetworking/cni v0.8.1
github.com/containernetworking/plugins v0.9.1
github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.1.1-0.20210510153419-66a699ae3b05
github.com/onsi/ginkgo v1.14.0
github.com/onsi/gomega v1.10.3
github.com/onsi/ginkgo v1.16.4
github.com/onsi/gomega v1.20.1
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.11.1 // indirect
github.com/prometheus/client_golang v1.12.1 // indirect
github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852
golang.org/x/net v0.9.0
google.golang.org/grpc v1.38.0
golang.org/x/net v0.17.0
google.golang.org/grpc v1.58.3
gopkg.in/natefinch/lumberjack.v2 v2.0.0
k8s.io/api v0.22.16
k8s.io/apimachinery v0.22.16
k8s.io/client-go v0.22.16
k8s.io/api v0.25.16
k8s.io/apimachinery v0.25.16
k8s.io/client-go v0.25.16
k8s.io/klog v1.0.0
k8s.io/kubelet v0.22.16
k8s.io/kubernetes v1.22.16
k8s.io/kubelet v0.25.16
k8s.io/kubernetes v1.25.16
)

require (
github.com/Microsoft/go-winio v0.4.15 // indirect
github.com/Microsoft/go-winio v0.4.17 // indirect
github.com/PuerkitoBio/purell v1.1.1 // indirect
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver v3.5.1+incompatible // indirect
github.com/blang/semver/v4 v4.0.0 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/evanphx/json-patch v4.11.0+incompatible // indirect
github.com/emicklei/go-restful/v3 v3.8.0 // indirect
github.com/evanphx/json-patch v4.12.0+incompatible // indirect
github.com/fsnotify/fsnotify v1.4.9 // indirect
github.com/go-logr/logr v0.4.0 // indirect
github.com/go-logr/logr v1.2.3 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.19.5 // indirect
github.com/go-openapi/swag v0.19.14 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/go-cmp v0.5.8 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/gnostic v0.5.7-v3refs // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/gofuzz v1.1.0 // indirect
github.com/googleapis/gnostic v0.5.5 // indirect
github.com/imdario/mergo v0.3.15 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/mailru/easyjson v0.7.6 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/nxadm/tail v1.4.8 // indirect
github.com/prometheus/client_model v0.2.0 // indirect
github.com/prometheus/common v0.26.0 // indirect
github.com/prometheus/procfs v0.6.0 // indirect
github.com/prometheus/common v0.32.1 // indirect
github.com/prometheus/procfs v0.7.3 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/vishvananda/netns v0.0.4 // indirect
golang.org/x/oauth2 v0.7.0 // indirect
golang.org/x/sys v0.7.0 // indirect
golang.org/x/term v0.7.0 // indirect
golang.org/x/text v0.9.0 // indirect
golang.org/x/oauth2 v0.10.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
google.golang.org/protobuf v1.28.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiserver v0.22.16 // indirect
k8s.io/component-base v0.22.16 // indirect
k8s.io/klog/v2 v2.9.0 // indirect
k8s.io/kube-openapi v0.0.0-20211110012726-3cc51fd1e909 // indirect
k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect
k8s.io/apiserver v0.25.16 // indirect
k8s.io/component-base v0.25.16 // indirect
k8s.io/klog/v2 v2.70.1 // indirect
k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

replace (
github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2
k8s.io/api => k8s.io/api v0.22.16
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.22.16
k8s.io/apimachinery => k8s.io/apimachinery v0.22.16
k8s.io/apiserver => k8s.io/apiserver v0.22.16
k8s.io/cli-runtime => k8s.io/cli-runtime v0.22.16
k8s.io/client-go => k8s.io/client-go v0.22.16
k8s.io/cloud-provider => k8s.io/cloud-provider v0.22.16
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.22.16
k8s.io/code-generator => k8s.io/code-generator v0.22.16
k8s.io/component-base => k8s.io/component-base v0.22.16
k8s.io/component-helpers => k8s.io/component-helpers v0.22.16
k8s.io/controller-manager => k8s.io/controller-manager v0.22.16
k8s.io/cri-api => k8s.io/cri-api v0.22.16
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.22.16
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.22.16
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.22.16
k8s.io/kube-proxy => k8s.io/kube-proxy v0.22.16
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.22.16
k8s.io/kubectl => k8s.io/kubectl v0.22.16
k8s.io/kubelet => k8s.io/kubelet v0.22.16
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.22.16
k8s.io/metrics => k8s.io/metrics v0.22.16
k8s.io/mount-utils => k8s.io/mount-utils v0.22.16
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.22.16
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.22.16
k8s.io/api => k8s.io/api v0.25.16
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.25.16
k8s.io/apimachinery => k8s.io/apimachinery v0.25.16
k8s.io/apiserver => k8s.io/apiserver v0.25.16
k8s.io/cli-runtime => k8s.io/cli-runtime v0.25.16
k8s.io/client-go => k8s.io/client-go v0.25.16
k8s.io/cloud-provider => k8s.io/cloud-provider v0.25.16
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.25.16
k8s.io/code-generator => k8s.io/code-generator v0.25.16
k8s.io/component-base => k8s.io/component-base v0.25.16
k8s.io/component-helpers => k8s.io/component-helpers v0.25.16
k8s.io/controller-manager => k8s.io/controller-manager v0.25.16
k8s.io/cri-api => k8s.io/cri-api v0.25.16
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.25.16
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.25.16
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.25.16
k8s.io/kube-proxy => k8s.io/kube-proxy v0.25.16
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.25.16
k8s.io/kubectl => k8s.io/kubectl v0.25.16
k8s.io/kubelet => k8s.io/kubelet v0.25.16
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.25.16
k8s.io/metrics => k8s.io/metrics v0.25.16
k8s.io/mount-utils => k8s.io/mount-utils v0.25.16
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.25.16
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.25.16
)
Loading

0 comments on commit a4ebc4d

Please sign in to comment.