Docker Container Image Vulnerability - CVE-2023-44487 #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ChaosOperator-E2E-pipeline | |
on: | |
issue_comment: | |
types: [created] | |
jobs: | |
Tests: | |
if: contains(github.event.comment.html_url, '/pull/') && startsWith(github.event.comment.body, '/run-e2e') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Notification for e2e Start | |
uses: peter-evans/create-or-update-comment@v1 | |
with: | |
comment-id: "${{ github.event.comment.id }}" | |
body: | | |
**** | |
**Test Status:** The e2e test has been started please wait for the results ... | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: 1.20.0 | |
- name: Setting up GOPATH | |
run: | | |
echo ::set-env name=GOPATH::${GITHUB_WORKSPACE}/go | |
env: | |
ACTIONS_ALLOW_UNSECURE_COMMANDS: true | |
#Using the last commit id of pull request | |
- uses: octokit/[email protected] | |
id: get_PR_commits | |
with: | |
route: GET /repos/:repo/pulls/:pull_number/commits | |
repo: ${{ github.repository }} | |
pull_number: ${{ github.event.issue.number }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: set commit to output | |
id: getcommit | |
run: | | |
prsha=$(echo $response | jq '.[-1].sha' | tr -d '"') | |
echo "::set-output name=sha::$prsha" | |
env: | |
response: ${{ steps.get_PR_commits.outputs.data }} | |
- uses: actions/checkout@v2 | |
with: | |
ref: ${{steps.getcommit.outputs.sha}} | |
path: go/src/github.com/litmuschaos/chaos-operator | |
- name: Build docker image | |
run: | | |
export PATH=$PATH:$(go env GOPATH)/bin | |
cd ${GOPATH}/src/github.com/litmuschaos/chaos-operator | |
make build | |
sudo docker build --file build/Dockerfile --tag litmuschaos/chaos-operator:ci . --build-arg TARGETARCH=amd64 | |
#Install and configure a kind cluster | |
- name: Installing Prerequisites (KinD Cluster) | |
uses: engineerd/[email protected] | |
with: | |
version: "v0.7.0" | |
- name: Configuring and testing kind Installation | |
run: | | |
kubectl cluster-info --context kind-kind | |
kind get kubeconfig --internal >$HOME/.kube/config | |
kubectl get nodes | |
- name: Load image on the nodes of the cluster | |
run: | | |
kind load docker-image --name=kind litmuschaos/chaos-operator:ci | |
- name: Getting litmus-e2e repository | |
run: | | |
cd ${GOPATH}/src/github.com/litmuschaos/ | |
git clone https://github.com/litmuschaos/litmus-e2e.git -b generic | |
- name: Install LitmusChaos | |
run: | | |
export PATH=$PATH:$(go env GOPATH)/bin | |
cd ${GOPATH}/src/github.com/litmuschaos/litmus-e2e | |
go test tests/install-litmus_test.go -v -count=1 | |
env: | |
OPERATOR_IMAGE: litmuschaos/chaos-operator:ci | |
IMAGE_PULL_POLICY: IfNotPresent | |
KUBECONFIG: /home/runner/.kube/config | |
- name: Run Admin mode test | |
if: startsWith(github.event.comment.body, '/run-e2e-admin-mode') || startsWith(github.event.comment.body, '/run-e2e-all') | |
run: | | |
export PATH=$PATH:$(go env GOPATH)/bin | |
cd ${GOPATH}/src/github.com/litmuschaos/litmus-e2e | |
go test operator/admin-mode_test.go -v -count=1 | |
env: | |
KUBECONFIG: /home/runner/.kube/config | |
- name: Run Reconcile Resiliency test | |
if: startsWith(github.event.comment.body, '/run-e2e-reconcile-resiliency') || startsWith(github.event.comment.body, '/run-e2e-all') | |
run: | | |
export PATH=$PATH:$(go env GOPATH)/bin | |
cd ${GOPATH}/src/github.com/litmuschaos/litmus-e2e | |
go test operator/reconcile-resiliency_test.go -v -count=1 | |
env: | |
KUBECONFIG: /home/runner/.kube/config | |
- name: Check the test run | |
if: | | |
startsWith(github.event.comment.body, '/run-e2e-admin-mode') || startsWith(github.event.comment.body, '/run-e2e-reconcile-resiliency') || | |
startsWith(github.event.comment.body, '/run-e2e-all') | |
run: | | |
echo ::set-env name=TEST_RUN::true | |
env: | |
ACTIONS_ALLOW_UNSECURE_COMMANDS: true | |
- name: Check for all the jobs are succeeded | |
if: ${{ success() && env.TEST_RUN == 'true' }} | |
uses: peter-evans/create-or-update-comment@v1 | |
with: | |
comment-id: "${{ github.event.comment.id }}" | |
body: | | |
**Test Result:** All tests are passed | |
**Logs:** [${{ env.RUN_ID }}](https://github.com/litmuschaos/chaos-operator/actions/runs/${{ env.RUN_ID }}) | |
reactions: hooray | |
env: | |
RUN_ID: ${{ github.run_id }} | |
- name: Check for any job failed | |
if: ${{ failure() }} | |
uses: peter-evans/create-or-update-comment@v1 | |
with: | |
comment-id: "${{ github.event.comment.id }}" | |
body: | | |
**Test Failed:** Some tests are failed please check | |
**Logs:** [${{ env.RUN_ID }}](https://github.com/litmuschaos/chaos-operator/actions/runs/${{ env.RUN_ID }}) | |
reactions: confused | |
env: | |
RUN_ID: ${{ github.run_id }} | |
- name: Deleting KinD cluster | |
if: ${{ always() }} | |
run: kind delete cluster | |
- name: Check if any test ran or not | |
if: env.TEST_RUN != 'true' | |
uses: peter-evans/create-or-update-comment@v1 | |
with: | |
comment-id: "${{ github.event.comment.id }}" | |
body: | | |
**Test Result:** No test found | |
**Logs:** [${{ env.RUN_ID }}](https://github.com/litmuschaos/chaos-operator/actions/runs/${{ env.RUN_ID }}) | |
reactions: eyes | |
env: | |
RUN_ID: ${{ github.run_id }} |