Skip to content

Commit

Permalink
fix: fix cve, update ruby, ubi
Browse files Browse the repository at this point in the history
  • Loading branch information
Vihas Splunk committed Aug 28, 2023
1 parent 5fe0a0d commit a2ab719
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 15 deletions.
13 changes: 8 additions & 5 deletions .github/workflows/ci_build_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,19 @@ jobs:
- name: Checkout code
uses: actions/checkout@v2

- name: Set up Ruby 2.6.1
- name: Set up Ruby 3.1
uses: ruby/setup-ruby@v1
with:
ruby-version: 2.6.1
bundler-cache: true
ruby-version: 3.1

- name: Install dependencies
run: |
sudo ci_scripts/install_dep.sh
- name: Builder
run: |
rake build -t -v
bundle exec rake build -t -v
cp -R pkg /tmp
- name: Cache pkg
Expand Down Expand Up @@ -62,12 +63,12 @@ jobs:
CI_SPLUNK_PORT: 8089
CI_SPLUNK_USERNAME: admin
CI_SPLUNK_HEC_TOKEN: a6b5e77f-d5f6-415a-bd43-930cecb12959
CI_SPLUNK_PASSWORD: helloworld
CI_SPLUNK_PASSWORD: changeme2
CI_INDEX_EVENTS: ci_events
CI_INDEX_OBJECTS: ci_objects
CI_INDEX_METRICS: ci_metrics
KUBERNETES_VERSION: v1.23.2
MINIKUBE_VERSION: v1.24.0
MINIKUBE_VERSION: latest
MINIKUBE_NODE_COUNTS: 2
GITHUB_ACTIONS: true

Expand Down Expand Up @@ -158,6 +159,8 @@ jobs:
curl -X POST -u $CI_SPLUNK_USERNAME:$CI_SPLUNK_PASSWORD -k https://$CI_SPLUNK_HOST:$CI_SPLUNK_PORT/servicesNS/nobody/splunk_httpinput/data/inputs/http/http/enable
# Create new HEC token
curl -X POST -u $CI_SPLUNK_USERNAME:$CI_SPLUNK_PASSWORD -k -d "name=splunk_hec_token&token=a6b5e77f-d5f6-415a-bd43-930cecb12959&disabled=0&index=default-events&indexes=default-events,$CI_INDEX_METRICS,$CI_INDEX_OBJECTS,$CI_INDEX_EVENTS,ns-anno,pod-anno" https://$CI_SPLUNK_HOST:$CI_SPLUNK_PORT/servicesNS/nobody/splunk_httpinput/data/inputs/http
# lower the limit to 50MiB. Higher limits throws error 'Search not executed XXXX'
kubectl exec -it splunk -- bash -c 'echo -e "\n[diskUsage]\nminFreeSpace = 50" >> /opt/splunk/etc/system/local/server.conf'
# Restart Splunk
curl -k -u $CI_SPLUNK_USERNAME:$CI_SPLUNK_PASSWORD https://$CI_SPLUNK_HOST:$CI_SPLUNK_PORT/services/server/control/restart -X POST
Expand Down
2 changes: 1 addition & 1 deletion ci_scripts/k8s-splunk.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,6 @@ spec:
- name: SPLUNK_USER
value: root
- name: SPLUNK_PASSWORD
value: helloworld
value: changeme2
- name: SPLUNK_LAUNCH_CONF
value: OPTIMISTIC_ABOUT_FILE_LOCKING=1
6 changes: 2 additions & 4 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ruby:2.7.4-buster as builder
FROM ruby:3.1.4-buster as builder

ADD ./ /app/
WORKDIR /app
Expand All @@ -8,7 +8,7 @@ RUN bundle install

RUN bundle exec rake build -t -v

FROM registry.access.redhat.com/ubi8/ruby-27
FROM registry.access.redhat.com/ubi9/ruby-31

ARG VERSION

Expand All @@ -31,8 +31,6 @@ RUN mkdir /licenses
COPY --from=builder /app/LICENSE /licenses/LICENSE

COPY --from=builder /app/docker/Gemfile* ./
RUN gem update date cgi
RUN rm -f /usr/share/gems/specifications/default/cgi-0.1.0.gemspec /usr/share/gems/specifications/default/date-3.0.0.gemspec
RUN yum update -y \
&& yum remove -y nodejs npm \
&& gem install bundler \
Expand Down
2 changes: 2 additions & 0 deletions docker/Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ gem 'bigdecimal', '=3.0.0'
gem 'kubeclient', '=4.9.3'
gem 'http_parser.rb', '=0.8.0'
gem 'rack', '>= 3.0.0'
gem 'cgi', '~> 0.3.6'
gem 'date', '~> 3.3.3'

gem "fluent-plugin-splunk-hec", "= 1.3.2"
gem 'fluent-plugin-kubernetes-metrics', path: 'gem/'
14 changes: 9 additions & 5 deletions docker/Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ PATH
GEM
remote: https://rubygems.org/
specs:
activemodel (7.0.4.3)
activesupport (= 7.0.4.3)
activesupport (7.0.4.3)
activemodel (7.0.7.2)
activesupport (= 7.0.7.2)
activesupport (7.0.7.2)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
Expand All @@ -23,9 +23,11 @@ GEM
attr_required (1.0.1)
bigdecimal (3.0.0)
bindata (2.4.14)
cgi (0.3.6)
concurrent-ruby (1.1.10)
connection_pool (2.3.0)
cool.io (1.7.1)
date (3.3.3)
domain_name (0.5.20190701)
unf (>= 0.0.5, < 1.0.0)
faraday (2.7.1)
Expand Down Expand Up @@ -118,7 +120,7 @@ GEM
webfinger (>= 1.0.1)
prometheus-client (4.0.0)
public_suffix (4.0.7)
rack (3.0.6.1)
rack (3.0.8)
rack-oauth2 (1.21.3)
activesupport
attr_required
Expand Down Expand Up @@ -167,6 +169,8 @@ PLATFORMS

DEPENDENCIES
bigdecimal (= 3.0.0)
cgi (~> 0.3.6)
date (~> 3.3.3)
fluent-plugin-jq (= 0.5.1)
fluent-plugin-kubernetes-metrics!
fluent-plugin-prometheus (>= 2.0)
Expand All @@ -180,4 +184,4 @@ DEPENDENCIES
rack (>= 3.0.0)

BUNDLED WITH
2.1.4
2.3.11

0 comments on commit a2ab719

Please sign in to comment.