Resolve vulnerabilities from dependencies (#447)

* update dependencies * update dependencies * add workflows based on PR labels * add workflows based on PR labels * fix lint issues * fix lint issues * add checkout step * fix kubectl command * fix env * fix token
stakater · Oct 30, 2024 · b6212a7 · b6212a7
1 parent ce54393
commit b6212a7
Show file tree

Hide file tree

Showing 10 changed files with 1,375 additions and 1,196 deletions.
diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
@@ -38,36 +38,14 @@ jobs:
 
     - name: Lint
       run: |
-        go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.56.0
+        go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.61.0
         golangci-lint run --timeout=10m ./...
 
     - name: Helm Lint
       run: |
         cd deployments/kubernetes/chart/forecastle
         helm lint
 
-    # - name: Install kubectl
-    #   run: |
-    #     curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
-    #     sudo install ./kubectl /usr/local/bin/ && rm kubectl
-    #     kubectl version --short --client
-    #     kubectl version --short --client | grep -q ${KUBERNETES_VERSION}
-
-    # - name: Install Kind
-    #   run: |
-    #     curl -L -o kind https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64
-    #     sudo install ./kind /usr/local/bin && rm kind
-    #     kind version
-    #     kind version | grep -q ${KIND_VERSION}
-
-    # - name: Create Kind Cluster
-    #   run: |
-    #     kind create cluster
-    #     kubectl cluster-info
-
-    # - name: Test
-    #   run: make test
-
     - name: Generate Tag
       id: generate_tag
       run: |

diff --git a/.github/workflows/push-pr-image.yaml b/.github/workflows/push-pr-image.yaml
@@ -0,0 +1,71 @@
+name: Push PR Image on Label
+
+on:
+  pull_request:
+    branches:
+      - master
+    types: [ labeled ]
+
+env:
+  KUBERNETES_VERSION: "1.30.0"
+  KIND_VERSION: "0.23.0"
+  REGISTRY: ghcr.io
+
+jobs:
+
+  push-image:
+    runs-on: ubuntu-latest
+    name: Push PR Image
+    if: ${{ github.event.label.name == 'build-push-image' }}
+    steps:
+
+    - name: Remove the test label
+      uses: actions-ecosystem/action-remove-labels@v1
+      with:
+        labels: build-push-image
+
+    - name: Check out code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{github.event.pull_request.head.sha}}
+
+    - name: Generate Tag
+      id: generate_tag
+      run: |
+        sha=${{ github.event.pull_request.head.sha }}
+        tag="SNAPSHOT-PR-${{ github.event.pull_request.number }}-${sha:0:8}"
+        echo "GIT_TAG=$(echo ${tag})" >> $GITHUB_OUTPUT
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Generate image repository path for ghcr registry
+      run: |
+        echo GHCR_IMAGE_REPOSITORY=${{env.REGISTRY}}/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
+
+    - name: Login to ghcr registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{env.REGISTRY}}
+        username: stakater-user
+        password: ${{secrets.GITHUB_TOKEN}}
+
+    - name: Build and Push image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        file: ${{ env.DOCKER_FILE_PATH  }}
+        pull: true
+        push: true
+        cache-to: type=inline
+        build-args: BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+        platforms: linux/amd64,linux/arm,linux/arm64
+        tags: |
+          ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }}
+        labels: |
+          org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+          org.opencontainers.image.revision=${{ github.sha }}
diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
@@ -7,8 +7,8 @@ on:
 
 env:
   DOCKER_FILE_PATH: Dockerfile
-  KUBERNETES_VERSION: "1.22.2"
-  KIND_VERSION: "0.10.0"
+  KUBERNETES_VERSION: "1.30.0"
+  KIND_VERSION: "0.23.0"
   HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts"
   DEFAULT_BRANCH: "master"
   REGISTRY: ghcr.io
@@ -42,7 +42,7 @@ jobs:
 
       - name: Lint
         run: |
-          go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.56.0
+          go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.61.0
           golangci-lint run --timeout=10m ./...
 
       - name: Install kubectl

diff --git a/.github/workflows/run-tests-on-pr.yaml b/.github/workflows/run-tests-on-pr.yaml
@@ -0,0 +1,60 @@
+name: Run Tests on PR Label
+
+on:
+  pull_request:
+    branches:
+      - master
+    types: [ labeled ]
+
+env:
+  KUBERNETES_VERSION: "1.30.0"
+  KIND_VERSION: "0.23.0"
+
+jobs:
+
+  test:
+    runs-on: ubuntu-latest
+    name: Test
+    if:  ${{ github.event.label.name == 'ok-to-test' }}
+    steps:
+
+    - name: Remove the test label
+      uses: actions-ecosystem/action-remove-labels@v1
+      with:
+        labels: ok-to-test
+
+    - name: Check out code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{github.event.pull_request.head.sha}}
+
+    - name: Set up Go
+      id: go
+      uses: actions/setup-go@v4
+      with:
+        go-version-file: 'go.mod'
+
+    - name: Install Dependencies
+      run: |
+        make install
+
+    - name: Install kubectl
+      run: |
+        curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
+        sudo install ./kubectl /usr/local/bin/ && rm kubectl
+        kubectl version --client=true
+
+    - name: Install Kind
+      run: |
+        curl -L -o kind https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64
+        sudo install ./kind /usr/local/bin && rm kind
+        kind version
+        kind version | grep -q ${KIND_VERSION}
+
+    - name: Create Kind Cluster
+      run: |
+        kind create cluster
+        kubectl cluster-info
+
+    - name: Test
+      run: make test
diff --git a/Dockerfile b/Dockerfile
@@ -4,7 +4,7 @@ COPY ./frontend ./
 RUN yarn install --network-timeout 1000000 && yarn build
 
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM} golang:1.22 as builder
+FROM --platform=${BUILDPLATFORM} golang:1.23 as builder
 
 ARG TARGETOS
 ARG TARGETARCH

diff --git a/frontend/package.json b/frontend/package.json
@@ -5,14 +5,14 @@
   "dependencies": {
     "@material-ui/core": "^4.12.4",
     "@material-ui/icons": "^4.11.3",
-    "@reduxjs/toolkit": "^1.9.7",
+    "@reduxjs/toolkit": "^2.3.0",
     "axios": "^1.2.2",
     "prop-types": "^15.8.1",
-    "react": "^16.14.0",
-    "react-dom": "^16.14.0",
-    "react-redux": "^8.0.5",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1",
+    "react-redux": "^9.1.2",
     "react-scripts": "5.0.1",
-    "styled-components": "^4.4.1"
+    "styled-components": "^6.1.13"
   },
   "scripts": {
     "start": "react-scripts start",
@@ -34,5 +34,8 @@
       "last 1 firefox version",
       "last 1 safari version"
     ]
+  },
+  "devDependencies": {
+    "@babel/plugin-proposal-private-property-in-object": "^7.21.11"
   }
 }