ci/cd - fix CVE-2022-1304 and wrong TEST_DOMAINS
This commit is contained in:
florian
parent
aa614b75ad
commit
01fab41620
|
|
@ -72,33 +72,30 @@ jobs:
|
|||
- name: Pull BW linux rhel test image
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: docker pull ${{ secrets.PRIVATE_REGISTRY }}/infra/rhel-tests:staging && docker tag ${{ secrets.PRIVATE_REGISTRY }}/infra/rhel-tests:staging local/rhel:latest
|
||||
- name: Extract docker domains
|
||||
run: echo "EXTRACTED_DOMAINS=$TEST_DOMAINS_DOCKER" >> $GITHUB_ENV
|
||||
if: inputs.TYPE == 'docker'
|
||||
- name: Extract autoconf domains
|
||||
run: echo "EXTRACTED_DOMAINS=$TEST_DOMAINS_AUTOCONF" >> $GITHUB_ENV
|
||||
if: inputs.TYPE == 'autoconf'
|
||||
- name: Extract swarm domains
|
||||
run: echo "EXTRACTED_DOMAINS=$TEST_DOMAINS_SWARM" >> $GITHUB_ENV
|
||||
if: inputs.TYPE == 'swarm'
|
||||
- name: Extract k8s domains
|
||||
run: echo "EXTRACTED_DOMAINS=$TEST_DOMAINS_KUBERNETES" >> $GITHUB_ENV
|
||||
if: inputs.TYPE == 'k8s'
|
||||
- name: Extract linux domains
|
||||
run: echo "EXTRACTED_DOMAINS=$TEST_DOMAINS_LINUX" >> $GITHUB_ENV
|
||||
if: inputs.TYPE == 'linux'
|
||||
# Do tests
|
||||
- name: Run tests
|
||||
if: contains(fromJSON('["docker", "autoconf", "swarm"]'), inputs.TYPE)
|
||||
if: inputs.TYPE == 'docker'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ env.EXTRACTED_DOMAINS }}
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_DOCKER }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run tests
|
||||
if: inputs.TYPE == 'autoconf'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_AUTOCONF }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run tests
|
||||
if: inputs.TYPE == 'swarm'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "${{ inputs.TYPE }}"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_SWARM }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run tests
|
||||
if: inputs.TYPE == 'k8s'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "kubernetes"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ env.EXTRACTED_DOMAINS }}
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_KUBERNETES }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
KUBECONFIG: "/tmp/k8s/kubeconfig"
|
||||
PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }}
|
||||
|
|
@ -107,23 +104,23 @@ jobs:
|
|||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "ubuntu"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ env.EXTRACTED_DOMAINS }}
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run Linux debian tests
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "debian"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ env.EXTRACTED_DOMAINS }}
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run Linux centos tests
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "centos"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ env.EXTRACTED_DOMAINS }}
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
- name: Run Linux fedora tests
|
||||
if: inputs.TYPE == 'linux'
|
||||
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "fedora"
|
||||
env:
|
||||
TEST_DOMAINS: ${{ env.EXTRACTED_DOMAINS }}
|
||||
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
|
||||
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
|
||||
|
|
@ -64,7 +64,7 @@ RUN apk add --no-cache bash libgcc libstdc++ openssl && \
|
|||
chmod 660 /usr/share/bunkerweb/INTEGRATION
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" "git>=2.36.5-r0" "curl>=7.87.0-r2" "libcurl>=7.87.0-r2"
|
||||
RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" "git>=2.36.5-r0" "curl>=7.87.0-r2" "libcurl>=7.87.0-r2" "libcom_err>=1.46.6-r0"
|
||||
|
||||
VOLUME /data /etc/nginx
|
||||
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ RUN apk add --no-cache bash && \
|
|||
chmod 660 /usr/share/bunkerweb/INTEGRATION
|
||||
|
||||
# Fix CVEs
|
||||
RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" "git>=2.36.5-r0" "curl>=7.87.0-r2" "libcurl>=7.87.0-r2"
|
||||
RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" "git>=2.36.5-r0" "curl>=7.87.0-r2" "libcurl>=7.87.0-r2" "libcom_err>=1.46.6-r0"
|
||||
|
||||
VOLUME /data /etc/nginx
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue