fix: fix cve, update ruby, ubi

.github/workflows/ci_build_test.yaml

@@ -13,18 +13,19 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v2
 
-      - name: Set up Ruby 2.6.1
+      - name: Setup Ruby and install gems
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.6.1
+          bundler-cache: true
+          ruby-version: 3.1
 
       - name: Install dependencies
         run: |
           sudo ci_scripts/install_dep.sh
 
       - name: Builder
         run: |
-          rake build -t -v
+          bundle exec rake build -t -v
           cp -R pkg /tmp
 
       - name: Cache pkg
@@ -62,12 +63,12 @@ jobs:
       CI_SPLUNK_PORT: 8089
       CI_SPLUNK_USERNAME: admin
       CI_SPLUNK_HEC_TOKEN: a6b5e77f-d5f6-415a-bd43-930cecb12959
-      CI_SPLUNK_PASSWORD: helloworld
+      CI_SPLUNK_PASSWORD: changeme2
       CI_INDEX_EVENTS: ci_events
       CI_INDEX_OBJECTS: ci_objects
       CI_INDEX_METRICS: ci_metrics
       KUBERNETES_VERSION: v1.23.2
-      MINIKUBE_VERSION: v1.24.0
+      MINIKUBE_VERSION: latest
       MINIKUBE_NODE_COUNTS: 2
       GITHUB_ACTIONS: true
 
@@ -158,6 +159,8 @@ jobs:
           curl -X POST -u $CI_SPLUNK_USERNAME:$CI_SPLUNK_PASSWORD -k https://$CI_SPLUNK_HOST:$CI_SPLUNK_PORT/servicesNS/nobody/splunk_httpinput/data/inputs/http/http/enable
           # Create new HEC token
           curl -X POST -u $CI_SPLUNK_USERNAME:$CI_SPLUNK_PASSWORD -k -d "name=splunk_hec_token&token=a6b5e77f-d5f6-415a-bd43-930cecb12959&disabled=0&index=default-events&indexes=default-events,$CI_INDEX_METRICS,$CI_INDEX_OBJECTS,$CI_INDEX_EVENTS,ns-anno,pod-anno" https://$CI_SPLUNK_HOST:$CI_SPLUNK_PORT/servicesNS/nobody/splunk_httpinput/data/inputs/http
+          # lower the limit to 50MiB. Higher limits throws error 'Search not executed XXXX'
+          kubectl exec -it splunk -- bash -c 'echo -e "\n[diskUsage]\nminFreeSpace = 50" >> /opt/splunk/etc/system/local/server.conf'
           # Restart Splunk
           curl -k -u $CI_SPLUNK_USERNAME:$CI_SPLUNK_PASSWORD https://$CI_SPLUNK_HOST:$CI_SPLUNK_PORT/services/server/control/restart -X POST
 

Gemfile

@@ -1,7 +1,7 @@
 source 'https://rubygems.org'
 
 group :test do
-  gem 'simplecov', '~> 0.16.1', require: false
+  gem 'simplecov', require: false
 end
 
 gemspec

Gemfile.lock

@@ -72,15 +72,16 @@ GEM
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rexml (3.2.5)
+    rexml (3.2.6)
     serverengine (2.3.0)
       sigdump (~> 0.2.2)
     sigdump (0.2.4)
-    simplecov (0.16.1)
+    simplecov (0.21.2)
       docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
     strptime (0.2.5)
     test-unit (3.3.9)
       power_assert
@@ -105,7 +106,7 @@ DEPENDENCIES
   bundler (~> 2.0)
   fluent-plugin-kubernetes-metrics!
   rake (~> 13.0)
-  simplecov (~> 0.16.1)
+  simplecov
   test-unit (~> 3.3.0)
   webmock (~> 3.5.1)
 

ci_scripts/k8s-splunk.yml

@@ -26,6 +26,6 @@ spec:
     - name: SPLUNK_USER
       value: root
     - name: SPLUNK_PASSWORD
-      value: helloworld
+      value: changeme2
     - name: SPLUNK_LAUNCH_CONF
       value: OPTIMISTIC_ABOUT_FILE_LOCKING=1

docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:2.7.4-buster as builder
+FROM ruby:3.1.4-buster as builder
 
 ADD ./ /app/
 WORKDIR /app
@@ -8,7 +8,7 @@ RUN bundle install
 
 RUN bundle exec rake build -t -v
 
-FROM registry.access.redhat.com/ubi8/ruby-27
+FROM registry.access.redhat.com/ubi9/ruby-31
 
 ARG VERSION
 
@@ -31,8 +31,6 @@ RUN mkdir /licenses
 COPY --from=builder /app/LICENSE /licenses/LICENSE
 
 COPY --from=builder /app/docker/Gemfile* ./
-RUN gem update date cgi
-RUN rm -f /usr/share/gems/specifications/default/cgi-0.1.0.gemspec /usr/share/gems/specifications/default/date-3.0.0.gemspec
 RUN yum update -y \
    && yum remove -y nodejs npm \
    && gem install bundler \

docker/Gemfile

@@ -13,6 +13,8 @@ gem 'bigdecimal', '=3.0.0'
 gem 'kubeclient', '=4.9.3'
 gem 'http_parser.rb', '=0.8.0'
 gem 'rack', '>= 3.0.0'
+gem 'cgi', '~> 0.3.6'
+gem 'date', '~> 3.3.3'
 
 gem "fluent-plugin-splunk-hec", "= 1.3.2"
 gem 'fluent-plugin-kubernetes-metrics', path: 'gem/'

docker/Gemfile.lock

@@ -10,9 +10,9 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activesupport (7.0.4.3)
+    activemodel (7.0.7.2)
+      activesupport (= 7.0.7.2)
+    activesupport (7.0.7.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -23,9 +23,11 @@ GEM
     attr_required (1.0.1)
     bigdecimal (3.0.0)
     bindata (2.4.14)
+    cgi (0.3.6)
     concurrent-ruby (1.1.10)
     connection_pool (2.3.0)
     cool.io (1.7.1)
+    date (3.3.3)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     faraday (2.7.1)
@@ -118,7 +120,7 @@ GEM
       webfinger (>= 1.0.1)
     prometheus-client (4.0.0)
     public_suffix (4.0.7)
-    rack (3.0.6.1)
+    rack (3.0.8)
     rack-oauth2 (1.21.3)
       activesupport
       attr_required
@@ -167,6 +169,8 @@ PLATFORMS
 
 DEPENDENCIES
   bigdecimal (= 3.0.0)
+  cgi (~> 0.3.6)
+  date (~> 3.3.3)
   fluent-plugin-jq (= 0.5.1)
   fluent-plugin-kubernetes-metrics!
   fluent-plugin-prometheus (>= 2.0)
@@ -180,4 +184,4 @@ DEPENDENCIES
   rack (>= 3.0.0)
 
 BUNDLED WITH
-   2.1.4
+  2.3.11