Merge branch 'renovate/jenkins-jenkins-2.x' of https://github.com/yur…

…ake/k8s-3tier-webapp into renovate/jenkins-jenkins-2.x
yurake · Apr 15, 2023 · eb88c9b · eb88c9b
2 parents b0d44f4 + 8b1d919
commit eb88c9b
Show file tree

Hide file tree

Showing 167 changed files with 394 additions and 206 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
diff --git a/.github/workflows/check-for-update.yml b/.github/workflows/check-for-update.yml
@@ -9,7 +9,7 @@ jobs:
   minikube-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.3.0
+      - uses: actions/checkout@v3.5.0
       - name: check minikube version
         working-directory: ./.github/workflows
         run: |
@@ -55,7 +55,7 @@ jobs:
           sed -i -e "s/$SOURCE_DOC_VERSION/$TARGET_MINIKUBE_VERSION/g" ../../README.md
       - name: Add, commit, push, and create PR
         if: env.UNMATCH_VERSION == 'true' && env.BRANCH_IS_EXISTING == 'false'
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           token: ${{ secrets.PAT_GITHUB_ACTION_WORKFLOW }}
           branch: actions/check-for-update-minikube
@@ -67,7 +67,7 @@ jobs:
   kubernetes-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.3.0
+      - uses: actions/checkout@v3.5.0
       - name: check kubernetes version
         working-directory: ./.github/workflows
         run: |
@@ -113,7 +113,7 @@ jobs:
           sed -i -e "s/$SOURCE_DOC_VERSION/$TARGET_KUBERNETES_VERSION/g" ../../README.md
       - name: Add, commit, push, and create PR
         if: env.UNMATCH_VERSION == 'true' && env.BRANCH_IS_EXISTING == 'false'
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           token: ${{ secrets.PAT_GITHUB_ACTION_WORKFLOW }}
           branch: actions/check-for-update-kubernetes
@@ -125,7 +125,7 @@ jobs:
   chaos-mesh-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.3.0
+      - uses: actions/checkout@v3.5.0
       - name: check current chaos-mesh version
         working-directory: ./.github/workflows
         run: |
@@ -163,7 +163,7 @@ jobs:
           sed -i -e "s/$SOURCE_DOC_VERSION/$TARGET_VERSION/g" ../../README.md
       - name: Add, commit, push, and create PR
         if: env.UNMATCH_VERSION == 'true' && env.BRANCH_IS_EXISTING == 'false'
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           token: ${{ secrets.PAT_GITHUB_ACTION_WORKFLOW }}
           branch: actions/check-for-update-chaos-mesh
@@ -175,7 +175,7 @@ jobs:
   quarkus-version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.3.0
+      - uses: actions/checkout@v3.5.0
       - name: check current quarkus version
         run: |
           echo "SOURCE_VERSION=$(grep "Quarkus Version" README.md | cut -d '-' -f 2)" >> $GITHUB_ENV
@@ -208,7 +208,7 @@ jobs:
           sed -i -e "s/$SOURCE_VERSION/$TARGET_VERSION/g" README.md
       - name: Add, commit, push, and create PR
         if: env.UNMATCH_VERSION == 'true' && env.BRANCH_IS_EXISTING == 'false'
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           token: ${{ secrets.PAT_GITHUB_ACTION_WORKFLOW }}
           branch: actions/check-for-update-quarkus

diff --git a/.github/workflows/cis-dockerfile-benchmark.yml b/.github/workflows/cis-dockerfile-benchmark.yml
@@ -11,7 +11,7 @@ jobs:
   validation:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.3.0
+      - uses: actions/checkout@v3.5.0
       - name: Sysdig CIS Dockerfile Benchmark
         uses: sysdiglabs/[email protected]
         with:

diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
@@ -34,11 +34,11 @@ jobs:
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: Checkout code
-        uses: actions/checkout@v3.3.0
+        uses: actions/checkout@v3.5.0
 
       # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
       - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@9acc82f5c4d097d191a50b89b4a447207d280b14
+        uses: codacy/codacy-analysis-cli-action@db33ad5cfab49143adf0db6e890cf4bb9fb37b1c
         with:
           # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
           # You can also omit the token and run the tools that support default configurations

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -40,7 +40,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3.3.0
+        uses: actions/checkout@v3.5.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

diff --git a/.github/workflows/cypress-ci.yml b/.github/workflows/cypress-ci.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.3.0
+        uses: actions/checkout@v3.5.0
       - uses: bahmutov/npm-install@v1
         with:
           working-directory: kubernetes/monitoring/test/cypress

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -15,6 +15,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v3.3.0
+        uses: actions/checkout@v3.5.0
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@v3
diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml
@@ -21,7 +21,7 @@ jobs:
       security-events: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3.3.0
+        uses: actions/checkout@v3.5.0
 
       - name: Run DevSkim scanner
         uses: microsoft/DevSkim-Action@v1

diff --git a/.github/workflows/docker-image-ci.yml b/.github/workflows/docker-image-ci.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out Git repository
-        uses: actions/checkout@v3.3.0
+        uses: actions/checkout@v3.5.0
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
@@ -70,6 +70,17 @@ jobs:
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
 
+      - name: Run Snyk to check Docker image for vulnerabilities - nginx
+        continue-on-error: true
+        uses: snyk/actions/docker@806182742461562b67788a64410098c9d9b96adb
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ${{ secrets.DOCKERHUB_USER }}/nginx
+          args: --severity-threshold=critical --file=kubernetes/nginx/Dockerfile
+      - name: rename sarif file
+        run: mv snyk.sarif nginx.sarif
+
       - name: Build and push - mysql
         uses: docker/build-push-action@v4
         with:
@@ -89,7 +100,7 @@ jobs:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
           image: ${{ secrets.DOCKERHUB_USER }}/mysql
-          args: --severity-threshold=high --file=kubernetes/mysql/Dockerfile
+          args: --severity-threshold=critical --file=kubernetes/mysql/Dockerfile
       - name: rename sarif file
         run: mv snyk.sarif mysql.sarif
 
@@ -105,6 +116,17 @@ jobs:
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
 
+      - name: Run Snyk to check Docker image for vulnerabilities - postgres
+        continue-on-error: true
+        uses: snyk/actions/docker@806182742461562b67788a64410098c9d9b96adb
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ${{ secrets.DOCKERHUB_USER }}/postgres
+          args: --severity-threshold=critical --file=kubernetes/postgres/Dockerfile
+      - name: rename sarif file
+        run: mv snyk.sarif postgres.sarif
+
       - name: Build and push - mongodb
         uses: docker/build-push-action@v4
         with:
@@ -117,6 +139,17 @@ jobs:
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
 
+      - name: Run Snyk to check Docker image for vulnerabilities - mongodb
+        continue-on-error: true
+        uses: snyk/actions/docker@806182742461562b67788a64410098c9d9b96adb
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ${{ secrets.DOCKERHUB_USER }}/mongodb
+          args: --severity-threshold=critical --file=kubernetes/mongodb/Dockerfile
+      - name: rename sarif file
+        run: mv snyk.sarif mongodb.sarif
+
       - name: Build and push - cassandra
         uses: docker/build-push-action@v4
         with:
@@ -129,6 +162,17 @@ jobs:
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
 
+      - name: Run Snyk to check Docker image for vulnerabilities - cassandra
+        continue-on-error: true
+        uses: snyk/actions/docker@806182742461562b67788a64410098c9d9b96adb
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ${{ secrets.DOCKERHUB_USER }}/cassandra
+          args: --severity-threshold=critical --file=kubernetes/cassandra/Dockerfile
+      - name: rename sarif file
+        run: mv snyk.sarif cassandra.sarif
+
       - name: Build and push - rabbitmq
         uses: docker/build-push-action@v4
         with:
@@ -141,6 +185,17 @@ jobs:
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
 
+      - name: Run Snyk to check Docker image for vulnerabilities - rabbitmq
+        continue-on-error: true
+        uses: snyk/actions/docker@806182742461562b67788a64410098c9d9b96adb
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ${{ secrets.DOCKERHUB_USER }}/rabbitmq
+          args: --severity-threshold=critical --file=kubernetes/rabbitmq/Dockerfile
+      - name: rename sarif file
+        run: mv snyk.sarif rabbitmq.sarif
+
       - name: Build and push - jenkins
         uses: docker/build-push-action@v4
         with:
@@ -153,6 +208,17 @@ jobs:
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
 
+      - name: Run Snyk to check Docker image for vulnerabilities - jenkins
+        continue-on-error: true
+        uses: snyk/actions/docker@806182742461562b67788a64410098c9d9b96adb
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ${{ secrets.DOCKERHUB_USER }}/jenkins
+          args: --severity-threshold=critical --file=kubernetes/monitoring/jenkins/Dockerfile
+      - name: rename sarif file
+        run: mv snyk.sarif jenkins.sarif
+
       - name: Build and push - ab
         uses: docker/build-push-action@v4
         with:
@@ -165,6 +231,17 @@ jobs:
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
 
+      - name: Run Snyk to check Docker image for vulnerabilities - ab
+        continue-on-error: true
+        uses: snyk/actions/docker@806182742461562b67788a64410098c9d9b96adb
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ${{ secrets.DOCKERHUB_USER }}/ab
+          args: --severity-threshold=critical --file=kubernetes/monitoring/test/ab/Dockerfile
+      - name: rename sarif file
+        run: mv snyk.sarif ab.sarif
+
       - name: Build and push - postmannewman-quarkus
         uses: docker/build-push-action@v4
         with:
@@ -176,3 +253,19 @@ jobs:
             BUILD_DATE=${BUILD_DATE}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
+
+      - name: Run Snyk to check Docker image for vulnerabilities - postmannewman-quarkus
+        continue-on-error: true
+        uses: snyk/actions/docker@806182742461562b67788a64410098c9d9b96adb
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ${{ secrets.DOCKERHUB_USER }}/postmannewman-quarkus
+          args: --severity-threshold=critical --file=kubernetes/monitoring/test/postmannewman/quarkus/Dockerfile
+      - name: rename sarif file
+        run: mv snyk.sarif postmannewman-quarkus.sarif
+
+      - name: Upload result to GitHub Code Scanning - postmannewman-quarkus
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ./
diff --git a/.github/workflows/dockerfile-lint.yml b/.github/workflows/dockerfile-lint.yml
@@ -22,7 +22,7 @@ jobs:
         dockerfile_default:
           [mysql, postgres, mongodb, rabbitmq, nginx, cassandra]
     steps:
-      - uses: actions/checkout@v3.3.0
+      - uses: actions/checkout@v3.5.0
       - name: lint ${{ matrix.dockerfile_default }}
         uses: hadolint/[email protected]
         with:
@@ -59,7 +59,7 @@ jobs:
             server-grpc-quarkus,
           ]
     steps:
-      - uses: actions/checkout@v3.3.0
+      - uses: actions/checkout@v3.5.0
       - name: lint ${{ matrix.dockerfile_application }}
         uses: hadolint/[email protected]
         with:
@@ -73,7 +73,7 @@ jobs:
       matrix:
         dockerfile_monitoring: [jenkins]
     steps:
-      - uses: actions/checkout@v3.3.0
+      - uses: actions/checkout@v3.5.0
       - name: lint ${{ matrix.dockerfile_monitoring }}
         uses: hadolint/[email protected]
         with:
@@ -86,7 +86,7 @@ jobs:
       matrix:
         dockerfile_ab: [ab]
     steps:
-      - uses: actions/checkout@v3.3.0
+      - uses: actions/checkout@v3.5.0
       - name: lint ${{ matrix.dockerfile_ab }}
         uses: hadolint/[email protected]
         with:
@@ -96,7 +96,7 @@ jobs:
   dockerfile_postmannewman:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.3.0
+      - uses: actions/checkout@v3.5.0
       - name: lint ${{ matrix.dockerfile_postmannewman }}
         uses: hadolint/[email protected]
         with: