From 837430f8e23e2372267cae8a196ca8b134141072 Mon Sep 17 00:00:00 2001 From: Kenneth Urban Date: Wed, 21 Apr 2021 08:54:52 -0400 Subject: [PATCH 1/2] Updating to 8.13.6 --- Dockerfile | 2 +- hardening_manifest.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 62b917b..5f8a684 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ RUN dnf -y update && dnf -y upgrade && \ dnf -y install fontconfig python3 python3-jinja2 && \ rpm -Uvh /opt/dumb-init-1.2.2-6.el8.x86_64.rpm -ARG JIRA_VERSION=8.13.5 +ARG JIRA_VERSION=8.13.6 ARG ARTEFACT_NAME=atlassian-jira-software COPY atlassian-jira-software-${JIRA_VERSION}.tar.gz /opt/ diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 70ddbe4..7be3e4a 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "atlassian/jira-node-813" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "8.13.5" +- "8.13.6" - "latest" # Build args passed to Dockerfile ARGs @@ -23,7 +23,7 @@ labels: org.opencontainers.image.licenses: "proprietary" org.opencontainers.image.url: "https://hub.docker.com/r/atlassian/jira-core" org.opencontainers.image.vendor: "Atlassian" - org.opencontainers.image.version: "8.13.5" + org.opencontainers.image.version: "8.13.6" mil.dso.ironbank.image.keywords: "jira,atlassian,workflow,ticketing,management" mil.dso.ironbank.image.type: "commercial" mil.dso.ironbank.product.name: "atlassian" @@ -35,11 +35,11 @@ resources: validation: type: sha512 value: bcfabdb039ce06a49d39d4bcc1d70fa38ee56ed50edc06019648a14ec898ad5afa1ec30dbff2da166c8f5557316b2b3659523787d34cb81223cf3a373242fa3f -- filename: atlassian-jira-software-8.13.5.tar.gz - url: https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.13.5.tar.gz +- filename: atlassian-jira-software-8.13.6.tar.gz + url: https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.13.6.tar.gz validation: type: sha256 - value: 1b8da37c0ddcb508aef1c5faf7fa88bbf48fe4a2a4d8aaf6bb022a2d57e9195b + value: 744902d61810f63a21805417c727d2deb5807686cb583aeec57d8895b67a481e # List of project maintainers maintainers: -- GitLab From 8976df740a9ad224b4c05a688bcf868584bd63b0 Mon Sep 17 00:00:00 2001 From: Kenneth Urban Date: Tue, 27 Apr 2021 10:40:22 -0400 Subject: [PATCH 2/2] Removing all test infrastructure to accomodate trufflehog --- .../bitbucket-pipelines.yml | 54 ------------- .../image/push-readme.py | 33 -------- .../tests/Dockerfile-test | 4 - .../tests/conftest.py | 3 - .../tests/fixtures.py | 64 --------------- .../docker-shared-components/tests/helpers.py | 78 ------------------- .../tests/requirements.txt | 20 ----- .../tests/test_support.py | 75 ------------------ 8 files changed, 331 deletions(-) delete mode 100644 scripts/docker-shared-components/bitbucket-pipelines.yml delete mode 100644 scripts/docker-shared-components/image/push-readme.py delete mode 100644 scripts/docker-shared-components/tests/Dockerfile-test delete mode 100644 scripts/docker-shared-components/tests/conftest.py delete mode 100644 scripts/docker-shared-components/tests/fixtures.py delete mode 100644 scripts/docker-shared-components/tests/helpers.py delete mode 100644 scripts/docker-shared-components/tests/requirements.txt delete mode 100644 scripts/docker-shared-components/tests/test_support.py diff --git a/scripts/docker-shared-components/bitbucket-pipelines.yml b/scripts/docker-shared-components/bitbucket-pipelines.yml deleted file mode 100644 index 8e2b4bf..0000000 --- a/scripts/docker-shared-components/bitbucket-pipelines.yml +++ /dev/null @@ -1,54 +0,0 @@ -image: atlassian/default-image:2 - -pipelines: - branches: - master: - - step: - name: Auto create PRs - script: - - > - export ACCESS_TOKEN=$(curl "https://bitbucket.org/site/oauth2/access_token" \ - --silent \ - --request POST \ - --user "${DOCKER_BOT_CLIENT_ID}:${DOCKER_BOT_CLIENT_SECRET}" \ - --data 'grant_type=client_credentials' \ - --data 'scopes=repository' | jq --raw-output '.access_token') - - > - function update_shared_components() { - local REPO="$1" - local REVIEWERS=$(curl "https://api.bitbucket.org/2.0/repositories/${REPO}/default-reviewers" \ - --silent \ - --header "Authorization: Bearer ${ACCESS_TOKEN}" \ - --header "Content-Type: application/json" | jq --raw-output '.values') - git clone "https://x-token-auth:${ACCESS_TOKEN}@bitbucket.org/${REPO}" ~/${REPO} - cd ~/${REPO} - git checkout -B update-shared-components - git submodule update --init --recursive - git submodule update --recursive --remote - git add . - git -c "user.name=Atlassian Docker Bot" -c "user.email=$DOCKER_BOT_EMAIL" commit -m "Update shared components" - if [[ $(git ls-remote --heads origin update-shared-components) ]]; then - local GIT_OPTS="--force-with-lease" - fi - git push ${GIT_OPTS} origin update-shared-components - local PR_DATA='{ - "title": "Update shared components", - "close_source_branch": true, - "source": { - "branch": { - "name": "update-shared-components" - } - }, - "reviewers": '${REVIEWERS}' - }' - curl "https://api.bitbucket.org/2.0/repositories/${REPO}/pullrequests" \ - --globoff \ - --request POST \ - --header "Authorization: Bearer ${ACCESS_TOKEN}" \ - --header "Content-Type: application/json" \ - --data "${PR_DATA}" - } - - update_shared_components atlassian-docker/docker-atlassian-bitbucket-server - - update_shared_components atlassian-docker/docker-atlassian-confluence-server - - update_shared_components atlassian-docker/docker-atlassian-jira - - update_shared_components atlassian-docker/docker-atlassian-crowd diff --git a/scripts/docker-shared-components/image/push-readme.py b/scripts/docker-shared-components/image/push-readme.py deleted file mode 100644 index 0c3d400..0000000 --- a/scripts/docker-shared-components/image/push-readme.py +++ /dev/null @@ -1,33 +0,0 @@ -import logging -import os - -import requests - - -logging.basicConfig(level=logging.INFO) - - -DOCKER_REPO = os.environ.get('DOCKER_REPO') -DOCKER_USERNAME = os.environ.get('DOCKER_USERNAME') -DOCKER_PASSWORD = os.environ.get('DOCKER_PASSWORD') -README_FILE = os.environ.get('README_FILE') or 'README.md' - - -logging.info('Generating Docker Hub JWT') -data = {'username': DOCKER_USERNAME, 'password': DOCKER_PASSWORD} -r = requests.post('https://hub.docker.com/v2/users/login/', json=data) -docker_token = r.json().get('token') - -logging.info(f'Updating Docker Hub description for {DOCKER_REPO}') -with open(README_FILE) as f: - full_description = f.read() -data = {'registry': 'registry-1.docker.io', 'full_description': full_description} -headers = {'Authorization': f'JWT {docker_token}'} -r = requests.patch(f'https://hub.docker.com/v2/repositories/{DOCKER_REPO}/', - json=data, headers=headers) - -if r.status_code == requests.codes.ok: - logging.info(f'Successfully updated {README_FILE} for {DOCKER_REPO}') -else: - logging.info(f'Unable to update {README_FILE} for {DOCKER_REPO}, response code: {r.status_code}') - r.raise_for_status() \ No newline at end of file diff --git a/scripts/docker-shared-components/tests/Dockerfile-test b/scripts/docker-shared-components/tests/Dockerfile-test deleted file mode 100644 index f41d309..0000000 --- a/scripts/docker-shared-components/tests/Dockerfile-test +++ /dev/null @@ -1,4 +0,0 @@ -ARG BASE_IMAGE=atlassian/jira-software:latest -FROM $BASE_IMAGE - -COPY support /opt/atlassian/support diff --git a/scripts/docker-shared-components/tests/conftest.py b/scripts/docker-shared-components/tests/conftest.py deleted file mode 100644 index 0b18cc0..0000000 --- a/scripts/docker-shared-components/tests/conftest.py +++ /dev/null @@ -1,3 +0,0 @@ -import pytest - -from fixtures import docker_cli, image, run_user \ No newline at end of file diff --git a/scripts/docker-shared-components/tests/fixtures.py b/scripts/docker-shared-components/tests/fixtures.py deleted file mode 100644 index c48d5cf..0000000 --- a/scripts/docker-shared-components/tests/fixtures.py +++ /dev/null @@ -1,64 +0,0 @@ -import pytest - -import os - -import docker -import requests - - -DOCKERFILE = os.environ.get('DOCKERFILE') or 'Dockerfile' -DOCKERFILE_BUILDARGS = os.environ.get('DOCKERFILE_BUILDARGS') -DOCKERFILE_VERSION_ARG = os.environ.get('DOCKERFILE_VERSION_ARG') -MAC_PRODUCT_KEY = os.environ.get('MAC_PRODUCT_KEY') or 'docker-testapp' - - -def parse_buildargs(buildargs): - if buildargs is None or len(buildargs) == 0: - return {} - return dict(item.split("=") for item in buildargs.split(",")) - - -def make_image(): - buildargs = parse_buildargs(DOCKERFILE_BUILDARGS) - if MAC_PRODUCT_KEY != 'docker-testapp': - r = requests.get(f'https://marketplace.atlassian.com/rest/2/products/key/{MAC_PRODUCT_KEY}/versions/latest') - version = r.json().get('name') - buildargs[DOCKERFILE_VERSION_ARG] = version - docker_cli = docker.from_env() - tag = ''.join(ch for ch in DOCKERFILE if ch.isalnum()) - image = docker_cli.images.build(path='.', - tag=f'{MAC_PRODUCT_KEY}:{tag}'.lower(), - buildargs=buildargs, - dockerfile=DOCKERFILE, - rm=True)[0] - return image - - -def get_run_user(): - i = make_image() - image_env = {k:v for k,v in (x.split('=') for x in i.attrs['ContainerConfig']['Env'])} - run_user = f'{image_env["RUN_UID"]}:{image_env["RUN_GID"]}' - return run_user - - -# This fixture returns a temporary Docker CLI that cleans up running test containers after each test -@pytest.fixture -def docker_cli(): - docker_cli = docker.from_env() - yield docker_cli - for container in docker_cli.containers.list(): - for tag in container.image.tags: - if tag.startswith(MAC_PRODUCT_KEY): - container.remove(force=True) - - -# This fixture returns an image for the Docker build being tested -@pytest.fixture(scope='module') -def image(): - return make_image() - - -# This fixture returns the uid:gid for the Docker build being tested -@pytest.fixture(scope='module', params=['0:0', get_run_user()]) -def run_user(request): - return request.param \ No newline at end of file diff --git a/scripts/docker-shared-components/tests/helpers.py b/scripts/docker-shared-components/tests/helpers.py deleted file mode 100644 index 01b9a9e..0000000 --- a/scripts/docker-shared-components/tests/helpers.py +++ /dev/null @@ -1,78 +0,0 @@ -import time -import xml.etree.ElementTree as etree - -import requests -import testinfra - - -# Helper functions to get config values from support scripts -def get_app_home(container): - cmd = "/bin/bash -c 'source /opt/atlassian/support/common.sh && get_app_home'" - home = container.check_output(cmd) - return home - -def get_app_install_dir(container): - cmd = "/bin/bash -c 'source /opt/atlassian/support/common.sh && get_app_install_dir'" - home = container.check_output(cmd) - return home - -def get_bootstrap_proc(container): - cmd = "/bin/bash -c 'source /opt/atlassian/support/common.sh && echo ${BOOTSTRAP_PROC}'" - proc = container.check_output(cmd) - return proc - -# Run an image and wrap it in a TestInfra host for convenience. -# FIXME: There's probably a way to turn this into a fixture with parameters. -def run_image(docker_cli, image, **kwargs): - container = docker_cli.containers.run(image, detach=True, **kwargs) - return testinfra.get_host("docker://"+container.id) - -# TestInfra's process command doesn't seem to work for arg matching -def get_procs(container): - ps = container.run('ps -axo args') - return ps.stdout.split('\n') - -def parse_properties(container, properties): - properties_raw = container.file(properties).content - properties_str = properties_raw.decode().strip().split('\n') - return dict(item.split("=") for item in properties_str) - -def parse_xml(container, xml): - return etree.fromstring(container.file(xml).content) - -def wait_for_proc(container, proc_str, max_wait=10): - waited = 0 - while waited < max_wait: - procs = list(filter(lambda p: proc_str in p, get_procs(container))) - if len(procs) > 0: - return procs[0] - time.sleep(0.1) - waited += 0.1 - - raise TimeoutError("Failed to find target process") - -def wait_for_file(container, path, max_wait=10): - waited = 0 - while waited < max_wait: - if container.file(path).exists: - return - time.sleep(0.1) - waited += 0.1 - - raise TimeoutError("Failed to find target process") - -def wait_for_http_response(url, expected_status=200, expected_state=None, max_wait=20): - timeout = time.time() + max_wait - while time.time() < timeout: - try: - r = requests.get(url) - except requests.exceptions.ConnectionError: - pass - else: - if r.status_code == expected_status: - if expected_state is not None: - state = r.json().get('state') - assert state in expected_state - return - time.sleep(1) - raise TimeoutError \ No newline at end of file diff --git a/scripts/docker-shared-components/tests/requirements.txt b/scripts/docker-shared-components/tests/requirements.txt deleted file mode 100644 index 9eb3baf..0000000 --- a/scripts/docker-shared-components/tests/requirements.txt +++ /dev/null @@ -1,20 +0,0 @@ -atomicwrites==1.3.0 -attrs==19.1.0 -certifi==2019.6.16 -chardet==3.0.4 -docker==4.0.2 -idna==2.8 -importlib-metadata==0.19 -more-itertools==7.2.0 -packaging==19.1 -pluggy==0.12.0 -py==1.8.0 -pyparsing==2.4.2 -pytest==5.0.1 -requests==2.22.0 -six==1.12.0 -testinfra==3.0.6 -urllib3==1.25.3 -wcwidth==0.1.7 -websocket-client==0.56.0 -zipp==0.5.2 diff --git a/scripts/docker-shared-components/tests/test_support.py b/scripts/docker-shared-components/tests/test_support.py deleted file mode 100644 index 1e95192..0000000 --- a/scripts/docker-shared-components/tests/test_support.py +++ /dev/null @@ -1,75 +0,0 @@ -import pytest - -from helpers import get_app_home, get_bootstrap_proc, run_image, wait_for_proc - - -def test_thread_dumps(docker_cli, image, run_user): - COUNT = 3 - INTERVAL = 1 - container = run_image(docker_cli, image, user=run_user) - wait_for_proc(container, get_bootstrap_proc(container)) - - thread_cmd = f'/opt/atlassian/support/thread-dumps.sh --count {COUNT} --interval {INTERVAL}' - container.run(thread_cmd) - - find_thread_cmd = f'find {get_app_home(container)} -name "*_THREADS.*.txt"' - thread_dumps = container.run(find_thread_cmd).stdout.splitlines() - assert len(thread_dumps) == COUNT - - find_top_cmd = f'find {get_app_home(container)} -name "*_CPU_USAGE.*.txt"' - top_dumps = container.run(find_top_cmd).stdout.splitlines() - assert len(top_dumps) == COUNT - -def test_thread_dumps_no_top(docker_cli, image, run_user): - COUNT = 3 - INTERVAL = 1 - container = run_image(docker_cli, image, user=run_user) - wait_for_proc(container, get_bootstrap_proc(container)) - - thread_cmd = f'/opt/atlassian/support/thread-dumps.sh --no-top --count {COUNT} --interval {INTERVAL}' - container.run(thread_cmd) - - find_thread_cmd = f'find {get_app_home(container)} -name "*_THREADS.*.txt"' - thread_dumps = container.run(find_thread_cmd).stdout.splitlines() - assert len(thread_dumps) == COUNT - - find_top_cmd = f'find {get_app_home(container)} -name "*_CPU_USAGE.*.txt"' - top_dumps = container.run(find_top_cmd).stdout.splitlines() - assert len(top_dumps) == 0 - -def test_heap_dump(docker_cli, image, run_user): - container = run_image(docker_cli, image, user=run_user) - wait_for_proc(container, get_bootstrap_proc(container)) - - heap_cmd = f'/opt/atlassian/support/heap-dump.sh' - container.run(heap_cmd) - - ls_cmd = f'ls -la {get_app_home(container)}/heap.bin' - heap_dump = container.run(ls_cmd).stdout.splitlines() - assert len(heap_dump) == 1 - -def test_heap_dump_overwrite_false(docker_cli, image, run_user): - container = run_image(docker_cli, image, user=run_user) - wait_for_proc(container, get_bootstrap_proc(container)) - - heap_cmd = f'/opt/atlassian/support/heap-dump.sh' - ls_cmd = f'ls -la --time-style=full-iso {get_app_home(container)}/heap.bin' - - container.run(heap_cmd) - heap_dump_1 = container.run(ls_cmd).stdout.splitlines() - container.run(heap_cmd) - heap_dump_2 = container.run(ls_cmd).stdout.splitlines() - assert heap_dump_1 == heap_dump_2 - -def test_heap_dump_overwrite_true(docker_cli, image, run_user): - container = run_image(docker_cli, image, user=run_user) - wait_for_proc(container, get_bootstrap_proc(container)) - - heap_cmd = f'/opt/atlassian/support/heap-dump.sh --force' - ls_cmd = f'ls -la {get_app_home(container)}/heap.bin' - - container.run(heap_cmd) - heap_dump_1 = container.run(ls_cmd).stdout.splitlines() - container.run(heap_cmd) - heap_dump_2 = container.run(ls_cmd).stdout.splitlines() - assert heap_dump_1 != heap_dump_2 -- GitLab