From 2cefd5c79e189870fe739656903008dffb6ad40f Mon Sep 17 00:00:00 2001 From: Mike Cobbett <77053+techcobweb@users.noreply.github.com> Date: Thu, 1 Feb 2024 17:01:13 +0000 Subject: [PATCH 1/3] initial pass at a dev container. Signed-off-by: Mike Cobbett <77053+techcobweb@users.noreply.github.com> --- .devcontainer/Dockerfile | 11 +++++++++++ .devcontainer/devcontainer.json | 32 ++++++++++++++++++++++++++++++++ .devcontainer/setup-env.sh | 12 ++++++++++++ .github/dependabot.yml | 12 ++++++++++++ .gitignore | 5 +++++ Makefile | 5 ++++- build-locally.sh | 9 +++++++++ 7 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 .devcontainer/Dockerfile create mode 100644 .devcontainer/devcontainer.json create mode 100755 .devcontainer/setup-env.sh create mode 100644 .github/dependabot.yml diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 00000000..1be166bd --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,11 @@ +FROM ubuntu:jammy + +RUN apt-get update \ + && apt-get install -y curl wget unzip zip + +RUN apt-get update \ + && apt-get install -y fontconfig libfreetype6 + +RUN mkdir -p /workspace +WORKDIR /workspace + diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 00000000..6f420fbf --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,32 @@ +{ + "name": "Galasa CLI devcontainer", + "build": { + "dockerfile": "Dockerfile" + }, + "features": { + "ghcr.io/devcontainers/features/git:1": {}, + "ghcr.io/devcontainers/features/common-utils:2": {}, + "ghcr.io/devcontainers/features/go:1": { + "version": "1.19.1" + }, + "ghcr.io/devcontainers/features/java:1": { + "version": "11.0.18-sem", + "jdkDistro": "sem", + "installGradle" : true, + "gradleVersion": "6.9.2", + "installMaven": true, + "mavenVersion": "3.8.6" + } + }, + "forwardPorts": [9080,9443], + "privileged": true, + "remoteUser": "${localEnv:USER}", + "workspaceMount": "source=${localWorkspaceFolder},target=/workspaces/,type=bind", + "workspaceFolder": "/workspace", + "postStartCommand": "git config --global --add safe.directory /workspace", + "mounts": [ + "source=${localEnv:HOME}/.galasa,target=/root/.galasa,type=bind,consistency=cached", + "source=${localEnv:HOME}/.m2,target=/root/.m2,type=bind,consistency=cached" + ], + "postCreateCommand": "./.devcontainer/setup-env.sh" +} \ No newline at end of file diff --git a/.devcontainer/setup-env.sh b/.devcontainer/setup-env.sh new file mode 100755 index 00000000..ec6f7108 --- /dev/null +++ b/.devcontainer/setup-env.sh @@ -0,0 +1,12 @@ + +# Go get the public IBM certificates and install them +curl -k -o carootcert.der https://ibmca-prod.dal.cpc.ibm.com:9443/cybersecurity/ibmcert/web/downloadCarootCert.do?file=carootcert.der +curl -k -o caintermediatecert.der https://ibmca-prod.dal.cpc.ibm.com:9443/cybersecurity/ibmcert/web/downloadCarootCert.do?file=caintermediatecert.der + +cp carootcert.der $JAVA_HOME/lib/security +cp caintermediatecert.der $JAVA_HOME/lib/security + +cd $JAVA_HOME/lib/security; +keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ibmca -file carootcert.der +keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias ibminter -file caintermediatecert.der + diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..f33a02cd --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for more information: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates +# https://containers.dev/guide/dependabot + +version: 2 +updates: + - package-ecosystem: "devcontainers" + directory: "/" + schedule: + interval: weekly diff --git a/.gitignore b/.gitignore index 8b204bc7..b3bf1d4b 100644 --- a/.gitignore +++ b/.gitignore @@ -38,3 +38,8 @@ pkg/embedded/templates/version/build.properties # The galasaapi package is generated. pkg/galasaapi/ +*.directory +.attach_pid807 + +# Don't check-in certificates +*.der \ No newline at end of file diff --git a/Makefile b/Makefile index 2a264b39..2529192d 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ galasactl: \ # 'gendocs-galasactl' is a command-line tool which generates documentation about the galasactl tool. # When executed, the .md produced contain up-to-date information on tool syntax. -gendocs-galasactl: bin/gendocs-galasactl-darwin-arm64 bin/gendocs-galasactl-darwin-x86_64 bin/gendocs-galasactl-linux-x86_64 +gendocs-galasactl: bin/gendocs-galasactl-darwin-arm64 bin/gendocs-galasactl-linux-arm64 bin/gendocs-galasactl-darwin-x86_64 bin/gendocs-galasactl-linux-x86_64 tests: galasactl-source build/coverage.txt build/coverage.html @@ -93,6 +93,9 @@ bin/galasactl-linux-s390x : galasactl-source bin/gendocs-galasactl-darwin-arm64 : galasactl-source CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o bin/gendocs-galasactl-darwin-arm64 ./cmd/gendocs-galasactl +bin/gendocs-galasactl-linux-arm64 : galasactl-source + CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -o bin/gendocs-galasactl-linux-arm64 ./cmd/gendocs-galasactl + bin/gendocs-galasactl-linux-x86_64 : galasactl-source CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/gendocs-galasactl-linux-x86_64 ./cmd/gendocs-galasactl diff --git a/build-locally.sh b/build-locally.sh index c069dcaf..f2323d2d 100755 --- a/build-locally.sh +++ b/build-locally.sh @@ -228,6 +228,11 @@ function calculate_galasactl_executable { esac architecture=$(uname -m) + case $architecture in + aarch64) + architecture="arm64" + ;; + esac export galasactl_command="galasactl-${os}-${architecture}" info "galasactl command is ${galasactl_command}" @@ -448,7 +453,11 @@ function generate_galasactl_documentation { *) error "Unknown machine type ${unameOut}" exit 1 esac + architecture="$(uname -m)" + case $architecture in + aarch64) architecture=arm64 + esac # Call the documentation generator, which builds .md files info "Using program ${BASEDIR}/bin/gendocs-galasactl-${machine}-${architecture} to generate the documentation..." From a6b5912db8c8538d2a2c25aa00b2956d70bb7b52 Mon Sep 17 00:00:00 2001 From: Mike Cobbett <77053+techcobweb@users.noreply.github.com> Date: Thu, 1 Feb 2024 17:12:13 +0000 Subject: [PATCH 2/3] remove vulnerability pointed out by github codeQL analysis Signed-off-by: Mike Cobbett <77053+techcobweb@users.noreply.github.com> --- pkg/resources/resourcesApplier.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkg/resources/resourcesApplier.go b/pkg/resources/resourcesApplier.go index 53c280c6..21093f85 100644 --- a/pkg/resources/resourcesApplier.go +++ b/pkg/resources/resourcesApplier.go @@ -54,15 +54,17 @@ func sendResourcesRequestToServer(payloadJsonToSend []byte, apiServerUrl string) var responseBody []byte resourcesApiServerUrl := apiServerUrl + "/resources/" - var req *http.Request - req, err = http.NewRequest("POST", resourcesApiServerUrl, bytes.NewBuffer(payloadJsonToSend)) + var req *http.Request + req, err = http.NewRequest("POST", resourcesApiServerUrl, bytes.NewBuffer(payloadJsonToSend)) if err == nil { req.Header.Set("Content-Type", "application/json") req.Header.Set("Accept", "application/json") req.Header.Set("Accept-Encoding", "gzip,deflate,br") - log.Printf("sendResourcesRequestToServer url:%s - headers:%s - payload: '%s'", resourcesApiServerUrl, req.Header, string(payloadJsonToSend)) + // WARNING: + // Don't leave the following log statement enabled. It might log secret namespace property values, which would be a security violation. + // log.Printf("sendResourcesRequestToServer url:%s - headers:%s - payload: '%s'", resourcesApiServerUrl, req.Header, string(payloadJsonToSend)) var resp *http.Response client := &http.Client{} From 4d8a23b4e70d3f229c3ab173939e3c8940787423 Mon Sep 17 00:00:00 2001 From: Mike Cobbett <77053+techcobweb@users.noreply.github.com> Date: Fri, 2 Feb 2024 10:24:55 +0000 Subject: [PATCH 3/3] fixing up dev container with more things Signed-off-by: Mike Cobbett <77053+techcobweb@users.noreply.github.com> --- .devcontainer/Dockerfile | 3 --- .devcontainer/devcontainer.json | 4 ++-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 1be166bd..b39e28fd 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -3,9 +3,6 @@ FROM ubuntu:jammy RUN apt-get update \ && apt-get install -y curl wget unzip zip -RUN apt-get update \ - && apt-get install -y fontconfig libfreetype6 - RUN mkdir -p /workspace WORKDIR /workspace diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 6f420fbf..de3afc02 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -20,8 +20,8 @@ }, "forwardPorts": [9080,9443], "privileged": true, - "remoteUser": "${localEnv:USER}", - "workspaceMount": "source=${localWorkspaceFolder},target=/workspaces/,type=bind", + "remoteUser": "root", + "workspaceMount": "source=${localWorkspaceFolder},target=/workspace/,type=bind", "workspaceFolder": "/workspace", "postStartCommand": "git config --global --add safe.directory /workspace", "mounts": [