Skip to content

Commit

Permalink
chore: implement upgrade tests for sonarqube (#60)
Browse files Browse the repository at this point in the history
* chore: implement upgrade tests for sonarqube

* fix name

* fix copy-pasta issue

* update to uds-common v0.3.4

* update to uds-common v0.3.5

* update to uds-common v0.3.6

* resolve zach feedback
  • Loading branch information
Racer159 authored Mar 25, 2024
1 parent 28ff17f commit 7bdd021
Show file tree
Hide file tree
Showing 21 changed files with 206 additions and 141 deletions.
7 changes: 4 additions & 3 deletions .github/workflows/ci-docs-shim.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,14 @@ on:

jobs:
run-test:
name: Create and Deploy Flavor ${{ matrix.flavor }}
name: ${{ matrix.type }} ${{ matrix.flavor }}
runs-on: "ubuntu-latest"
timeout-minutes: 20
strategy:
matrix:
flavor: [upstream, registry1]
type: [install, upgrade]
steps:
- name: Shim for Deploy ${{ matrix.flavor }}
- name: Shim for ${{ matrix.type }} ${{ matrix.flavor }}
run: |
echo "Documentation-only change detected; marking Deploy ${{ matrix.flavor }} as successful."
echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful."
2 changes: 1 addition & 1 deletion .github/workflows/commitlint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,4 @@ on:
jobs:
validate:
name: Validate
uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@442bae718050ea9a47254851a45632aabeb13b17
uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
33 changes: 33 additions & 0 deletions .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: Scan

on:
# This workflow is triggered on pull requests to the main branch.
pull_request:
branches: [main]
types: [milestoned, opened, synchronize]

jobs:
validate:
runs-on: ubuntu-latest
name: Lint
permissions:
contents: read # Allows reading the repo contents

steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0

- name: Environment setup
uses: defenseunicorns/uds-common/.github/actions/setup@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
with:
username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}

- name: Install lint deps
run: |
uds run lint:deps
- name: Lint the repository
run: |
uds run lint:yaml
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ on:
schedule:
- cron: '30 1 * * 6'
push:
branches: [ "main" ]
branches: ["main"]

# Declare default permissions as read only.
permissions: read-all
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/tag-and-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,28 +31,28 @@ jobs:
permissions:
contents: read
packages: write

steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Environment setup
uses: defenseunicorns/uds-common/.github/actions/setup@442bae718050ea9a47254851a45632aabeb13b17
uses: defenseunicorns/uds-common/.github/actions/setup@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
with:
username: ${{secrets.IRON_BANK_ROBOT_USERNAME}}
password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}}

- name: Login to GHCR
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
with:
registry: ghcr.io
username: dummy
password: ${{ secrets.GITHUB_TOKEN }}

- name: Publish Package
run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }}

- name: Save logs
if: always()
uses: defenseunicorns/uds-common/.github/actions/save-logs@442bae718050ea9a47254851a45632aabeb13b17
uses: defenseunicorns/uds-common/.github/actions/save-logs@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
with:
suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
17 changes: 9 additions & 8 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Test
on:
pull_request:
branches: [main]
types: [milestoned, opened, edited, synchronize]
types: [milestoned, opened, synchronize]
paths-ignore:
- "**.md"
- "**.jpg"
Expand All @@ -20,7 +20,7 @@ on:
- "CODEOWNERS"
- "LICENSE"
- "CONTRIBUTING.md"
- "SECURITY.md"
- "SECURITY.md"

# Abort prior jobs in the same workflow / PR
concurrency:
Expand All @@ -32,31 +32,32 @@ permissions:

jobs:
run-test:
name: Create and Deploy Flavor ${{ matrix.flavor }}
name: ${{ matrix.type }} ${{ matrix.flavor }}
runs-on: ubuntu-latest
timeout-minutes: 20
strategy:
matrix:
flavor: [upstream, registry1]
type: [install, upgrade]

steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Environment setup
uses: defenseunicorns/uds-common/.github/actions/setup@442bae718050ea9a47254851a45632aabeb13b17
uses: defenseunicorns/uds-common/.github/actions/setup@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
with:
username: ${{secrets.IRON_BANK_ROBOT_USERNAME}}
password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}}

- name: Test
uses: defenseunicorns/uds-common/.github/actions/test@442bae718050ea9a47254851a45632aabeb13b17
uses: defenseunicorns/uds-common/.github/actions/test@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
with:
flavor: ${{ matrix.flavor }}
type: ${{ matrix.type }}

- name: Save logs
if: always()
uses: defenseunicorns/uds-common/.github/actions/save-logs@442bae718050ea9a47254851a45632aabeb13b17
uses: defenseunicorns/uds-common/.github/actions/save-logs@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
with:
suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}

suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
35 changes: 35 additions & 0 deletions .yamllint
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
yaml-files:
- '**/*.y*ml'
- '.yamllint'

ignore:
- 'chart/templates**'

rules:
anchors: enable
braces: enable
brackets: enable
colons: enable
commas: enable
comments:
level: warning
comments-indentation:
level: warning
document-end: disable
document-start:
level: warning
empty-lines: enable
empty-values: disable
float-values: disable
hyphens: enable
indentation: enable
key-duplicates: enable
key-ordering: disable
line-length: disable
new-line-at-end-of-file: enable
new-lines: enable
octal-values: disable
quoted-strings: disable
trailing-spaces: enable
truthy:
level: warning
14 changes: 3 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,17 +27,9 @@ The released packages can be found in [ghcr](https://github.com/defenseunicorns/

## UDS Tasks (for local dev and CI)

*For local dev, this requires installing [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install)

| Task | Description | Example |
| ---- | ----------- | ------- |
| setup-cluster | Uses the `k3d-core-istio` bundle to create a cluster for testing against | `uds run setup-cluster` |
| create-package | Creates just the SonarQube package | `uds run create-package --set FLAVOR=<flavor>` |
| create-test-bundle | Creates SonarQube and SonarQube dependency packages and then bundles them | `uds run create-test-bundle` |
| deploy-package | Deploy SonarQube package only | `uds run deploy-package` |
| deploy-test-bundle | Deploy SonarQube and SonarQube dependency bundle | `uds run deploy-test-bundle` |
| test-package | Run checks against a deployed package or bundle | `uds run test-package` |
| cleanup | Teardown the cluster | `uds run cleanup` |
*For local dev, this requires you install [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install)

> :white_check_mark: **Tip:** To get a list of tasks to run you can use `uds run --list`!
## Contributing

Expand Down
2 changes: 1 addition & 1 deletion bundle/uds-bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ packages:
- name: dev-postgres
repository: ghcr.io/defenseunicorns/packages/uds/dev-postgres
ref: 0.0.1

- name: dev-secrets
path: ../
ref: 0.1.0
Expand Down
1 change: 0 additions & 1 deletion bundle/uds-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,3 @@ variables:
db_name: "sonarqubedb"
sonarqube:
sonarqube_db_endpoint: "postgresql.dev-postgres.svc.cluster.local"

27 changes: 13 additions & 14 deletions common/zarf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,21 @@
kind: ZarfPackageConfig
metadata:
name: sonarqube-common
description: "UDS SonarQube Common Package"
description: "UDS SonarQube Common Package"

components:
- name: sonarqube
required: true
description: "Deploy sonarqube"
charts:
- name: uds-sonarqube-config
namespace: sonarqube
version: 0.1.0
localPath: ../chart
- name: sonarqube
namespace: sonarqube
# see note in README.md about use of registry1 chart for both flavors
url: https://repo1.dso.mil/big-bang/product/packages/sonarqube.git
gitPath: chart
version: "8.0.3-bb.0"
valuesFiles:
- ../values/common-values.yaml
- name: uds-sonarqube-config
namespace: sonarqube
version: 0.1.0
localPath: ../chart
- name: sonarqube
namespace: sonarqube
# see note in README.md about use of registry1 chart for both flavors
url: https://repo1.dso.mil/big-bang/product/packages/sonarqube.git
gitPath: chart
version: "8.0.3-bb.0"
valuesFiles:
- ../values/common-values.yaml
12 changes: 6 additions & 6 deletions oscal-component.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,27 +31,27 @@ component-definition:
- uuid: 55993d5e-a53f-4a85-8e5e-949f0da24b43
control-id: au-2
description: >-
SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline.
SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline.
- uuid: 25b50886-be11-46ae-bece-8c832fb85426
control-id: au-3
description: >-
SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline.
SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline.
- uuid: 1e89f273-7e85-4e76-8c10-190c3fdfddfc
control-id: au-3.1
description: >-
SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline.
SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline.
- uuid: 2afccc07-f998-46f0-a05f-55985c9e58a0
control-id: au-8
description: >-
SonarQube event logs contain NIST compliant timestamps.
- uuid: 92f94bdb-e8da-45a6-9f0e-6cd4dc49eaa6
control-id: ca-2.2
description: >-
SonarQube runs automated code scanning to discover vulnerabilities as apart of the secure DevSecOps pipeline as code it committed.
SonarQube runs automated code scanning to discover vulnerabilities as apart of the secure DevSecOps pipeline as code it committed.
- uuid: c092d3d3-66ca-4922-ac76-d38440640648
control-id: ca-7
description: >-
SonarQube assists with the ConMon process be conducting automated security code scanning in the secure DevSecOps pipelines to discover code vulnerabilities as code is committed.
SonarQube assists with the ConMon process be conducting automated security code scanning in the secure DevSecOps pipelines to discover code vulnerabilities as code is committed.
- uuid: e4037835-5d80-4f09-9303-42045e5a588f
control-id: cm-3.6
description: >-
Expand Down Expand Up @@ -105,4 +105,4 @@ component-definition:
- uuid: 2501ae6d-73e5-40e2-a87c-40e88c0c8b62
title: UDS Package SonarQube
rlinks:
- href: https://github.com/defenseunicorns/uds-package-sonarqube
- href: https://github.com/defenseunicorns/uds-package-sonarqube
27 changes: 19 additions & 8 deletions renovate.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,26 @@
"replacements:all",
"workarounds:all"
],
"hostRules": [
"packageRules": [
{
"matchHost": "registry1.dso.mil",
"hostType": "docker",
"description": "Encrypted creds for registry1, scoped to this Github org using: https://github.com/renovatebot/renovate/blob/main/docs/usage/configuration-options.md#encrypted",
"encrypted": {
"username": "wcFMA/xDdHCJBTolAQ//a+5GNAOsD/UOKnqJDdbPRr73EXRgyRdtMOIqDyjGZIKcdVo64StgUb1O37O5bazoyGeYkcISaWjInxRuoBOxqFhdo5cTUIJavjm2Sn75OWCDBUr2Q5/OSluQDbp7QO9g4+cHxcjtldlMswZg0RIoSX8rtAcNvJePvuWDKRHmUSDbWrNoAPaqOUvBIUF+BUR8o2UtKY4c986B9sqz1/ZiyL7vmenuoFi36MPpq123b6xra9/Q8Zb+AGZY6guhI0kmmSvLPwuNpU/W9ocpaUW1jOgJdYDowZqoTC27uozw1rCq38ybL94GMeG+pzWJd7LBVbfpDnU10j5UC5l5coxghh8dBYNzirsRbYW9KMV3CSeRNxOqfUuJ9AfWekCBWQMkueDtop+lzZhpvsPnXYTV6V0+TE+W5lg0wApcGUNM5XsEHV/gchSULZCWUTHpyZfkUoyc3dXax7K9LawrNLLpJg3Oz0c5Y4WXS1SqfY3U6n84Q95URZC+uRl5BqzBwQSQYbWsnon+g3My+GukdhHlynoiJwQo/ch5gIfgiA59VrL/H9L/ABAyYzQ7KUEguQrNh8hbNG0dfpMLMIrdUDhno5vTeccx2k5R/EOQopxZCY+k2Xfqgg5okAG9eQKhhGKcQD+A8y6X2V0cPkHQ35TCi5AObrcQiiemBZUy3G6IJIrSdQFEs+WcBPT4GPgOAsZWUJKU4RU3qdhdUGZy/VwJSsB05/E65fRTGl5i0e5PhIoIbh4uaPgWnbJyvKi87bIIJhe9bxP/m2lDs5GPeXSrvBb0GT3t9l3aHUYW3uKp5GABwmvX6ptMbNoYoQRSLptR/gE80RPFSQ",
"password": "wcFMA/xDdHCJBTolAQ//bu2ZFKmMysjpkOkwQSgLigvUMDw1SHpp1YN8y1LerOqMfTocdswihRFbB/FFRP/bYG1ByhnAvxqhbdV0TRQqYTRXZehrlT+SDEVEJyK9eGS+ozClbccG64ebZSJ4y9rMFW3sK4Ja9ZyAEsX0S4vO88XwJhtOYmMGTXLlcSfiANQB8a9jISzov27FQOzdPx6cEd19FGxmX5vAdH9FWDwhVA6QSTrip4h5tZ6THylNc3md2TGRYUVTxMtsZdp/bnhv+I3LqmodR0vEP9Or/dbhtqnMy2sdS6HsANUaZ+7j4D0qDL7EEcxk+CHM5lM2sSz6u4+J4u01XDkn0HJ/mShPDSWUoU01Va/ZpRL8zw/bjKApDBSgvBOwF7eXfUKqLrg2zURm2quUf7XwuVTXmBMg3DSEuRBlW8kM0rGWGyv7U62sx+2zjK0v2uNHJz0hzWaEfriOQu4B7/avb+CIupfVYGNllyMTuB2ySDMLKN3Q/EB7q97apWqwcnThxRhK7t3e59ea4JDxodxeeTG3m/UgBLBlXCutk7BsC7NQPaSeOzV7mw6AOVQz+Bn0DAGd1x03ITYAcgfYvSW7VCfhrvnmuSVICHA7GTYevC7RBYhexWdgHZb98mIt1vVA2C+h7eqsx+xWhHQFE2+lNRTRmj9ccU/6qz1+3zqHdMQ/WD8MLofSdgFLU/A7qljUm/dk1MEVMtGznukdRpJJV4PsEcwh2OV/9is5KPyFQ83M7sl3/fY+CBaHFEiT4j/bSBznmxL3TuAjMdIT7j0cNsOxnsHllgRHL1qG3S2ZmAQ0Ex4gIUUGn2VbZLyRogJspsjxx5ZYuuYVfhtSaTU"
}
"groupName": "SonarQube Support Dependencies",
"labels": ["support-deps"],
"commitMessageTopic": "support-deps",
"packagePatterns": ["*"]
},
{
"groupName": "SonarQube Package Dependencies",
"labels": ["package-deps"],
"commitMessageTopic": "package-deps",
"registryUrls": ["https://registry1.dso.mil"],
"matchDatasources": ["docker", "helm", "git-tags"]
},
{
"groupName": "SonarQube Package Dependencies",
"labels": ["package-deps"],
"commitMessageTopic": "package-deps",
"matchPackageNames": ["https://repo1.dso.mil/big-bang/product/packages/sonarqube.git"],
"allowedVersions": "/.+-bb.+/"
}
]
}
Loading

0 comments on commit 7bdd021

Please sign in to comment.