Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: implement upgrade tests for sonarqube #60

Merged
merged 7 commits into from
Mar 25, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions .github/workflows/ci-docs-shim.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,14 @@ on:

jobs:
run-test:
name: Create and Deploy Flavor ${{ matrix.flavor }}
name: ${{ matrix.type }} ${{ matrix.flavor }}
runs-on: "ubuntu-latest"
timeout-minutes: 20
strategy:
matrix:
flavor: [upstream, registry1]
type: [install, upgrade]
steps:
- name: Shim for Deploy ${{ matrix.flavor }}
- name: Shim for ${{ matrix.type }} ${{ matrix.flavor }}
run: |
echo "Documentation-only change detected; marking Deploy ${{ matrix.flavor }} as successful."
echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful."
2 changes: 1 addition & 1 deletion .github/workflows/commitlint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,4 @@ on:
jobs:
validate:
name: Validate
uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@442bae718050ea9a47254851a45632aabeb13b17
uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
33 changes: 33 additions & 0 deletions .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: Scan

on:
# This workflow is triggered on pull requests to the main branch.
pull_request:
branches: [main]
types: [milestoned, opened, synchronize]

jobs:
validate:
runs-on: ubuntu-latest
name: Lint
permissions:
contents: read # Allows reading the repo contents

steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0

- name: Environment setup
uses: defenseunicorns/uds-common/.github/actions/setup@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
with:
username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}

- name: Install lint deps
run: |
uds run lint:deps
- name: Lint the repository
run: |
uds run lint:yaml
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ on:
schedule:
- cron: '30 1 * * 6'
push:
branches: [ "main" ]
branches: ["main"]

# Declare default permissions as read only.
permissions: read-all
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/tag-and-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,28 +31,28 @@ jobs:
permissions:
contents: read
packages: write

steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Environment setup
uses: defenseunicorns/uds-common/.github/actions/setup@442bae718050ea9a47254851a45632aabeb13b17
uses: defenseunicorns/uds-common/.github/actions/setup@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
with:
username: ${{secrets.IRON_BANK_ROBOT_USERNAME}}
password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}}

- name: Login to GHCR
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
with:
registry: ghcr.io
username: dummy
password: ${{ secrets.GITHUB_TOKEN }}

- name: Publish Package
run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }}

- name: Save logs
if: always()
uses: defenseunicorns/uds-common/.github/actions/save-logs@442bae718050ea9a47254851a45632aabeb13b17
uses: defenseunicorns/uds-common/.github/actions/save-logs@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
with:
suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
17 changes: 9 additions & 8 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Test
on:
pull_request:
branches: [main]
types: [milestoned, opened, edited, synchronize]
types: [milestoned, opened, synchronize]
paths-ignore:
- "**.md"
- "**.jpg"
Expand All @@ -20,7 +20,7 @@ on:
- "CODEOWNERS"
- "LICENSE"
- "CONTRIBUTING.md"
- "SECURITY.md"
- "SECURITY.md"

# Abort prior jobs in the same workflow / PR
concurrency:
Expand All @@ -32,31 +32,32 @@ permissions:

jobs:
run-test:
name: Create and Deploy Flavor ${{ matrix.flavor }}
name: ${{ matrix.type }} ${{ matrix.flavor }}
runs-on: ubuntu-latest
timeout-minutes: 20
strategy:
matrix:
flavor: [upstream, registry1]
type: [install, upgrade]

steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Environment setup
uses: defenseunicorns/uds-common/.github/actions/setup@442bae718050ea9a47254851a45632aabeb13b17
uses: defenseunicorns/uds-common/.github/actions/setup@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
with:
username: ${{secrets.IRON_BANK_ROBOT_USERNAME}}
password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}}

- name: Test
uses: defenseunicorns/uds-common/.github/actions/test@442bae718050ea9a47254851a45632aabeb13b17
uses: defenseunicorns/uds-common/.github/actions/test@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
with:
flavor: ${{ matrix.flavor }}
type: ${{ matrix.type }}

- name: Save logs
if: always()
uses: defenseunicorns/uds-common/.github/actions/save-logs@442bae718050ea9a47254851a45632aabeb13b17
uses: defenseunicorns/uds-common/.github/actions/save-logs@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6
with:
suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}

suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
35 changes: 35 additions & 0 deletions .yamllint
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
yaml-files:
- '**/*.y*ml'
- '.yamllint'

ignore:
- 'chart/templates**'

rules:
anchors: enable
braces: enable
brackets: enable
colons: enable
commas: enable
comments:
level: warning
comments-indentation:
level: warning
document-end: disable
document-start:
level: warning
empty-lines: enable
empty-values: disable
float-values: disable
hyphens: enable
indentation: enable
key-duplicates: enable
key-ordering: disable
line-length: disable
new-line-at-end-of-file: enable
new-lines: enable
octal-values: disable
quoted-strings: disable
trailing-spaces: enable
truthy:
level: warning
14 changes: 3 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,17 +27,9 @@ The released packages can be found in [ghcr](https://github.com/defenseunicorns/

## UDS Tasks (for local dev and CI)

*For local dev, this requires installing [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install)

| Task | Description | Example |
| ---- | ----------- | ------- |
| setup-cluster | Uses the `k3d-core-istio` bundle to create a cluster for testing against | `uds run setup-cluster` |
| create-package | Creates just the SonarQube package | `uds run create-package --set FLAVOR=<flavor>` |
| create-test-bundle | Creates SonarQube and SonarQube dependency packages and then bundles them | `uds run create-test-bundle` |
| deploy-package | Deploy SonarQube package only | `uds run deploy-package` |
| deploy-test-bundle | Deploy SonarQube and SonarQube dependency bundle | `uds run deploy-test-bundle` |
| test-package | Run checks against a deployed package or bundle | `uds run test-package` |
| cleanup | Teardown the cluster | `uds run cleanup` |
*For local dev, this requires you install [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install)

> :white_check_mark: **Tip:** To get a list of tasks to run you can use `uds run --list`!

## Contributing

Expand Down
2 changes: 1 addition & 1 deletion bundle/uds-bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ packages:
- name: dev-postgres
repository: ghcr.io/defenseunicorns/packages/uds/dev-postgres
ref: 0.0.1

- name: dev-secrets
path: ../
ref: 0.1.0
Expand Down
1 change: 0 additions & 1 deletion bundle/uds-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,3 @@ variables:
db_name: "sonarqubedb"
sonarqube:
sonarqube_db_endpoint: "postgresql.dev-postgres.svc.cluster.local"

27 changes: 13 additions & 14 deletions common/zarf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,21 @@
kind: ZarfPackageConfig
metadata:
name: sonarqube-common
description: "UDS SonarQube Common Package"
description: "UDS SonarQube Common Package"

components:
- name: sonarqube
required: true
description: "Deploy sonarqube"
charts:
- name: uds-sonarqube-config
namespace: sonarqube
version: 0.1.0
localPath: ../chart
- name: sonarqube
namespace: sonarqube
# see note in README.md about use of registry1 chart for both flavors
url: https://repo1.dso.mil/big-bang/product/packages/sonarqube.git
gitPath: chart
version: "8.0.3-bb.0"
valuesFiles:
- ../values/common-values.yaml
- name: uds-sonarqube-config
namespace: sonarqube
version: 0.1.0
localPath: ../chart
- name: sonarqube
namespace: sonarqube
# see note in README.md about use of registry1 chart for both flavors
url: https://repo1.dso.mil/big-bang/product/packages/sonarqube.git
gitPath: chart
version: "8.0.3-bb.0"
valuesFiles:
- ../values/common-values.yaml
12 changes: 6 additions & 6 deletions oscal-component.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,27 +31,27 @@ component-definition:
- uuid: 55993d5e-a53f-4a85-8e5e-949f0da24b43
control-id: au-2
description: >-
SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline.
SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline.
- uuid: 25b50886-be11-46ae-bece-8c832fb85426
control-id: au-3
description: >-
SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline.
SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline.
- uuid: 1e89f273-7e85-4e76-8c10-190c3fdfddfc
control-id: au-3.1
description: >-
SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline.
SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline.
- uuid: 2afccc07-f998-46f0-a05f-55985c9e58a0
control-id: au-8
description: >-
SonarQube event logs contain NIST compliant timestamps.
- uuid: 92f94bdb-e8da-45a6-9f0e-6cd4dc49eaa6
control-id: ca-2.2
description: >-
SonarQube runs automated code scanning to discover vulnerabilities as apart of the secure DevSecOps pipeline as code it committed.
SonarQube runs automated code scanning to discover vulnerabilities as apart of the secure DevSecOps pipeline as code it committed.
- uuid: c092d3d3-66ca-4922-ac76-d38440640648
control-id: ca-7
description: >-
SonarQube assists with the ConMon process be conducting automated security code scanning in the secure DevSecOps pipelines to discover code vulnerabilities as code is committed.
SonarQube assists with the ConMon process be conducting automated security code scanning in the secure DevSecOps pipelines to discover code vulnerabilities as code is committed.
- uuid: e4037835-5d80-4f09-9303-42045e5a588f
control-id: cm-3.6
description: >-
Expand Down Expand Up @@ -105,4 +105,4 @@ component-definition:
- uuid: 2501ae6d-73e5-40e2-a87c-40e88c0c8b62
title: UDS Package SonarQube
rlinks:
- href: https://github.com/defenseunicorns/uds-package-sonarqube
- href: https://github.com/defenseunicorns/uds-package-sonarqube
27 changes: 19 additions & 8 deletions renovate.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,26 @@
"replacements:all",
"workarounds:all"
],
"hostRules": [
"packageRules": [
{
"matchHost": "registry1.dso.mil",
"hostType": "docker",
"description": "Encrypted creds for registry1, scoped to this Github org using: https://github.com/renovatebot/renovate/blob/main/docs/usage/configuration-options.md#encrypted",
"encrypted": {
"username": "wcFMA/xDdHCJBTolAQ//a+5GNAOsD/UOKnqJDdbPRr73EXRgyRdtMOIqDyjGZIKcdVo64StgUb1O37O5bazoyGeYkcISaWjInxRuoBOxqFhdo5cTUIJavjm2Sn75OWCDBUr2Q5/OSluQDbp7QO9g4+cHxcjtldlMswZg0RIoSX8rtAcNvJePvuWDKRHmUSDbWrNoAPaqOUvBIUF+BUR8o2UtKY4c986B9sqz1/ZiyL7vmenuoFi36MPpq123b6xra9/Q8Zb+AGZY6guhI0kmmSvLPwuNpU/W9ocpaUW1jOgJdYDowZqoTC27uozw1rCq38ybL94GMeG+pzWJd7LBVbfpDnU10j5UC5l5coxghh8dBYNzirsRbYW9KMV3CSeRNxOqfUuJ9AfWekCBWQMkueDtop+lzZhpvsPnXYTV6V0+TE+W5lg0wApcGUNM5XsEHV/gchSULZCWUTHpyZfkUoyc3dXax7K9LawrNLLpJg3Oz0c5Y4WXS1SqfY3U6n84Q95URZC+uRl5BqzBwQSQYbWsnon+g3My+GukdhHlynoiJwQo/ch5gIfgiA59VrL/H9L/ABAyYzQ7KUEguQrNh8hbNG0dfpMLMIrdUDhno5vTeccx2k5R/EOQopxZCY+k2Xfqgg5okAG9eQKhhGKcQD+A8y6X2V0cPkHQ35TCi5AObrcQiiemBZUy3G6IJIrSdQFEs+WcBPT4GPgOAsZWUJKU4RU3qdhdUGZy/VwJSsB05/E65fRTGl5i0e5PhIoIbh4uaPgWnbJyvKi87bIIJhe9bxP/m2lDs5GPeXSrvBb0GT3t9l3aHUYW3uKp5GABwmvX6ptMbNoYoQRSLptR/gE80RPFSQ",
"password": "wcFMA/xDdHCJBTolAQ//bu2ZFKmMysjpkOkwQSgLigvUMDw1SHpp1YN8y1LerOqMfTocdswihRFbB/FFRP/bYG1ByhnAvxqhbdV0TRQqYTRXZehrlT+SDEVEJyK9eGS+ozClbccG64ebZSJ4y9rMFW3sK4Ja9ZyAEsX0S4vO88XwJhtOYmMGTXLlcSfiANQB8a9jISzov27FQOzdPx6cEd19FGxmX5vAdH9FWDwhVA6QSTrip4h5tZ6THylNc3md2TGRYUVTxMtsZdp/bnhv+I3LqmodR0vEP9Or/dbhtqnMy2sdS6HsANUaZ+7j4D0qDL7EEcxk+CHM5lM2sSz6u4+J4u01XDkn0HJ/mShPDSWUoU01Va/ZpRL8zw/bjKApDBSgvBOwF7eXfUKqLrg2zURm2quUf7XwuVTXmBMg3DSEuRBlW8kM0rGWGyv7U62sx+2zjK0v2uNHJz0hzWaEfriOQu4B7/avb+CIupfVYGNllyMTuB2ySDMLKN3Q/EB7q97apWqwcnThxRhK7t3e59ea4JDxodxeeTG3m/UgBLBlXCutk7BsC7NQPaSeOzV7mw6AOVQz+Bn0DAGd1x03ITYAcgfYvSW7VCfhrvnmuSVICHA7GTYevC7RBYhexWdgHZb98mIt1vVA2C+h7eqsx+xWhHQFE2+lNRTRmj9ccU/6qz1+3zqHdMQ/WD8MLofSdgFLU/A7qljUm/dk1MEVMtGznukdRpJJV4PsEcwh2OV/9is5KPyFQ83M7sl3/fY+CBaHFEiT4j/bSBznmxL3TuAjMdIT7j0cNsOxnsHllgRHL1qG3S2ZmAQ0Ex4gIUUGn2VbZLyRogJspsjxx5ZYuuYVfhtSaTU"
}
"groupName": "SonarQube Support Dependencies",
"labels": ["support-deps"],
"commitMessageTopic": "support-deps",
"packagePatterns": ["*"]
},
{
"groupName": "SonarQube Package Dependencies",
"labels": ["package-deps"],
"commitMessageTopic": "package-deps",
"registryUrls": ["https://registry1.dso.mil"],
"matchDatasources": ["docker", "helm", "git-tags"]
},
{
"groupName": "SonarQube Package Dependencies",
"labels": ["package-deps"],
"commitMessageTopic": "package-deps",
"matchPackageNames": ["https://repo1.dso.mil/big-bang/product/packages/sonarqube.git"],
"allowedVersions": "/.+-bb.+/"
}
]
}
Loading