From bddf7ff469323f6bfdb87c98558476d9a4a42749 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Fri, 26 Feb 2021 15:51:39 -0500 Subject: [PATCH 01/12] build fixes --- Dockerfile | 8 +++++--- hardening_manifest.yaml | 4 ++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 087a897..718c95a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_REGISTRY=repo1.dso.mil -ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 -ARG BASE_TAG=8.3 +ARG BASE_IMAGE=ironbank/redhat/openjdk/openjdk11 +ARG BASE_TAG=1.11 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ENV RUN_USER jira @@ -27,6 +27,7 @@ ENTRYPOINT ["/usr/bin/tini", "--"] COPY dumb-init-1.2.2-6.el8.x86_64.rpm /opt/ RUN dnf -y update && dnf -y upgrade && \ + dnf -y install python3 python3-jinja2 && \ rpm -Uvh /opt/dumb-init-1.2.2-6.el8.x86_64.rpm ARG JIRA_VERSION=8.13.4 @@ -61,7 +62,8 @@ COPY scripts/shared-components/support /opt/atlassian/suppo COPY config/* /opt/atlassian/etc/ #### Clean up #### -RUN rm -rf /opt/dumb-init-1.2.2-6.el8.x86_64.rpm && dnf clean all && rm -rf /opt/${ARTEFACT_NAME}-${JIRA_VERSION}.tar.gz +RUN rm -rf /opt/dumb-init-1.2.2-6.el8.x86_64.rpm && dnf clean all && rm -rf /opt/${ARTEFACT_NAME}-${JIRA_VERSION}.tar.gz && \ + chmod a+x /entrypoint.py # # HEALTHCHECK diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 27e375b..340ae7d 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -13,8 +13,8 @@ tags: # Build args passed to Dockerfile ARGs args: - BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.3" + BASE_IMAGE: "redhat/openjdk/openjdk11" + BASE_TAG: "1.11" # Docker image labels labels: -- GitLab From be8e022ee51e487e9fa31dd211bda65655f1eaca Mon Sep 17 00:00:00 2001 From: jweatherford Date: Fri, 26 Feb 2021 16:01:29 -0500 Subject: [PATCH 02/12] switch to root duirng install --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 718c95a..02db3e4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,6 +23,7 @@ EXPOSE 40001 CMD ["/entrypoint.py"] ENTRYPOINT ["/usr/bin/tini", "--"] +USER root COPY dumb-init-1.2.2-6.el8.x86_64.rpm /opt/ -- GitLab From 78a4b29dc6eb0cbc77de1b004bb01ae2717c11f9 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Mon, 1 Mar 2021 08:21:40 -0500 Subject: [PATCH 03/12] further fixes --- Dockerfile | 4 ++-- scripts/entrypoint.py | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 02db3e4..18238e9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,7 +28,7 @@ USER root COPY dumb-init-1.2.2-6.el8.x86_64.rpm /opt/ RUN dnf -y update && dnf -y upgrade && \ - dnf -y install python3 python3-jinja2 && \ + dnf -y install fontconfig python3 python3-jinja2 && \ rpm -Uvh /opt/dumb-init-1.2.2-6.el8.x86_64.rpm ARG JIRA_VERSION=8.13.4 @@ -42,7 +42,7 @@ RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \ && mkdir -p ${JIRA_INSTALL_DIR} \ && tar -xzf /opt/atlassian-jira-software-${JIRA_VERSION}.tar.gz --strip-components 1 -C /opt/atlassian/jira/ \ && chmod -R "u=rwX,g=rX,o=rX" ${JIRA_INSTALL_DIR}/ \ - && chown -R root. ${JIRA_INSTALL_DIR}/ \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/ \ && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/logs \ && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/temp \ && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/work \ diff --git a/scripts/entrypoint.py b/scripts/entrypoint.py index 48a7ebe..ce1937f 100644 --- a/scripts/entrypoint.py +++ b/scripts/entrypoint.py @@ -19,6 +19,8 @@ gen_cfg('seraph-config.xml.j2', f'{JIRA_INSTALL_DIR}/atlassian-jira/WEB-INF/classes/seraph-config.xml') gen_cfg('dbconfig.xml.j2', f'{JIRA_HOME}/dbconfig.xml', user=RUN_USER, group=RUN_GROUP, overwrite=False) +gen_cfg('server.xml.j2', f'{JIRA_INSTALL_DIR}/conf/server.xml', + user=RUN_USER, group=RUN_GROUP, overwrite=True) if str2bool(env.get('clustered')): gen_cfg('cluster.properties.j2', f'{JIRA_HOME}/cluster.properties', user=RUN_USER, group=RUN_GROUP, overwrite=False) -- GitLab From ce86af7f24ffc045ed75f2292fc6eee834028e32 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Mon, 1 Mar 2021 10:58:55 -0500 Subject: [PATCH 04/12] more requested fixes --- Dockerfile | 3 --- scripts/entrypoint.py | 1 - 2 files changed, 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 18238e9..30c2c20 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,9 +43,6 @@ RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \ && tar -xzf /opt/atlassian-jira-software-${JIRA_VERSION}.tar.gz --strip-components 1 -C /opt/atlassian/jira/ \ && chmod -R "u=rwX,g=rX,o=rX" ${JIRA_INSTALL_DIR}/ \ && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/ \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/logs \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/temp \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${JIRA_INSTALL_DIR}/work \ \ && sed -i -e 's/^JVM_SUPPORT_RECOMMENDED_ARGS=""$/: \${JVM_SUPPORT_RECOMMENDED_ARGS:=""}/g' ${JIRA_INSTALL_DIR}/bin/setenv.sh \ && sed -i -e 's/^JVM_\(.*\)_MEMORY="\(.*\)"$/: \${JVM_\1_MEMORY:=\2}/g' ${JIRA_INSTALL_DIR}/bin/setenv.sh \ diff --git a/scripts/entrypoint.py b/scripts/entrypoint.py index ce1937f..57ad747 100644 --- a/scripts/entrypoint.py +++ b/scripts/entrypoint.py @@ -14,7 +14,6 @@ gen_container_id() if os.stat('/etc/container_id').st_size == 0: gen_cfg('container_id.j2', '/etc/container_id', user=RUN_USER, group=RUN_GROUP, overwrite=True) -gen_cfg('server.xml.j2', f'{JIRA_INSTALL_DIR}/conf/server.xml') gen_cfg('seraph-config.xml.j2', f'{JIRA_INSTALL_DIR}/atlassian-jira/WEB-INF/classes/seraph-config.xml') gen_cfg('dbconfig.xml.j2', f'{JIRA_HOME}/dbconfig.xml', -- GitLab From a031ec3d8983972d7916a9c843009ba4140fbfd7 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Mon, 1 Mar 2021 11:04:51 -0500 Subject: [PATCH 05/12] more fixes --- scripts/entrypoint.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/entrypoint.py b/scripts/entrypoint.py index 57ad747..9903d23 100644 --- a/scripts/entrypoint.py +++ b/scripts/entrypoint.py @@ -15,7 +15,8 @@ if os.stat('/etc/container_id').st_size == 0: gen_cfg('container_id.j2', '/etc/container_id', user=RUN_USER, group=RUN_GROUP, overwrite=True) gen_cfg('seraph-config.xml.j2', - f'{JIRA_INSTALL_DIR}/atlassian-jira/WEB-INF/classes/seraph-config.xml') + f'{JIRA_INSTALL_DIR}/atlassian-jira/WEB-INF/classes/seraph-config.xml', + user=RUN_USER, group=RUN_GROUP, overwrite=True) gen_cfg('dbconfig.xml.j2', f'{JIRA_HOME}/dbconfig.xml', user=RUN_USER, group=RUN_GROUP, overwrite=False) gen_cfg('server.xml.j2', f'{JIRA_INSTALL_DIR}/conf/server.xml', -- GitLab From 9c114d230e9f9bc193948be4dc53a7c644fc2a24 Mon Sep 17 00:00:00 2001 From: Kenneth Urban Date: Wed, 24 Mar 2021 08:15:37 -0400 Subject: [PATCH 06/12] Updating to 8.13.5 relelased 3/23/21 --- Dockerfile | 2 +- hardening_manifest.yaml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 30c2c20..62b917b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ RUN dnf -y update && dnf -y upgrade && \ dnf -y install fontconfig python3 python3-jinja2 && \ rpm -Uvh /opt/dumb-init-1.2.2-6.el8.x86_64.rpm -ARG JIRA_VERSION=8.13.4 +ARG JIRA_VERSION=8.13.5 ARG ARTEFACT_NAME=atlassian-jira-software COPY atlassian-jira-software-${JIRA_VERSION}.tar.gz /opt/ diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 340ae7d..70ddbe4 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "atlassian/jira-node-813" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "8.13.4" +- "8.13.5" - "latest" # Build args passed to Dockerfile ARGs @@ -23,7 +23,7 @@ labels: org.opencontainers.image.licenses: "proprietary" org.opencontainers.image.url: "https://hub.docker.com/r/atlassian/jira-core" org.opencontainers.image.vendor: "Atlassian" - org.opencontainers.image.version: "8.13.4" + org.opencontainers.image.version: "8.13.5" mil.dso.ironbank.image.keywords: "jira,atlassian,workflow,ticketing,management" mil.dso.ironbank.image.type: "commercial" mil.dso.ironbank.product.name: "atlassian" @@ -35,11 +35,11 @@ resources: validation: type: sha512 value: bcfabdb039ce06a49d39d4bcc1d70fa38ee56ed50edc06019648a14ec898ad5afa1ec30dbff2da166c8f5557316b2b3659523787d34cb81223cf3a373242fa3f -- filename: atlassian-jira-software-8.13.4.tar.gz - url: https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.13.4.tar.gz +- filename: atlassian-jira-software-8.13.5.tar.gz + url: https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.13.5.tar.gz validation: - type: sha512 - value: 20321aba452e43cd697ad433757544833720f0183101f8277b4a69e0a4273e22d44cc2cc313e55973df832858812070ddcbc897efe9cd03ec31667e371416ef2 + type: sha256 + value: 1b8da37c0ddcb508aef1c5faf7fa88bbf48fe4a2a4d8aaf6bb022a2d57e9195b # List of project maintainers maintainers: -- GitLab From 837430f8e23e2372267cae8a196ca8b134141072 Mon Sep 17 00:00:00 2001 From: Kenneth Urban Date: Wed, 21 Apr 2021 08:54:52 -0400 Subject: [PATCH 07/12] Updating to 8.13.6 --- Dockerfile | 2 +- hardening_manifest.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 62b917b..5f8a684 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ RUN dnf -y update && dnf -y upgrade && \ dnf -y install fontconfig python3 python3-jinja2 && \ rpm -Uvh /opt/dumb-init-1.2.2-6.el8.x86_64.rpm -ARG JIRA_VERSION=8.13.5 +ARG JIRA_VERSION=8.13.6 ARG ARTEFACT_NAME=atlassian-jira-software COPY atlassian-jira-software-${JIRA_VERSION}.tar.gz /opt/ diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 70ddbe4..7be3e4a 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "atlassian/jira-node-813" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "8.13.5" +- "8.13.6" - "latest" # Build args passed to Dockerfile ARGs @@ -23,7 +23,7 @@ labels: org.opencontainers.image.licenses: "proprietary" org.opencontainers.image.url: "https://hub.docker.com/r/atlassian/jira-core" org.opencontainers.image.vendor: "Atlassian" - org.opencontainers.image.version: "8.13.5" + org.opencontainers.image.version: "8.13.6" mil.dso.ironbank.image.keywords: "jira,atlassian,workflow,ticketing,management" mil.dso.ironbank.image.type: "commercial" mil.dso.ironbank.product.name: "atlassian" @@ -35,11 +35,11 @@ resources: validation: type: sha512 value: bcfabdb039ce06a49d39d4bcc1d70fa38ee56ed50edc06019648a14ec898ad5afa1ec30dbff2da166c8f5557316b2b3659523787d34cb81223cf3a373242fa3f -- filename: atlassian-jira-software-8.13.5.tar.gz - url: https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.13.5.tar.gz +- filename: atlassian-jira-software-8.13.6.tar.gz + url: https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.13.6.tar.gz validation: type: sha256 - value: 1b8da37c0ddcb508aef1c5faf7fa88bbf48fe4a2a4d8aaf6bb022a2d57e9195b + value: 744902d61810f63a21805417c727d2deb5807686cb583aeec57d8895b67a481e # List of project maintainers maintainers: -- GitLab From 8976df740a9ad224b4c05a688bcf868584bd63b0 Mon Sep 17 00:00:00 2001 From: Kenneth Urban Date: Tue, 27 Apr 2021 10:40:22 -0400 Subject: [PATCH 08/12] Removing all test infrastructure to accomodate trufflehog --- .../bitbucket-pipelines.yml | 54 ------------- .../image/push-readme.py | 33 -------- .../tests/Dockerfile-test | 4 - .../tests/conftest.py | 3 - .../tests/fixtures.py | 64 --------------- .../docker-shared-components/tests/helpers.py | 78 ------------------- .../tests/requirements.txt | 20 ----- .../tests/test_support.py | 75 ------------------ 8 files changed, 331 deletions(-) delete mode 100644 scripts/docker-shared-components/bitbucket-pipelines.yml delete mode 100644 scripts/docker-shared-components/image/push-readme.py delete mode 100644 scripts/docker-shared-components/tests/Dockerfile-test delete mode 100644 scripts/docker-shared-components/tests/conftest.py delete mode 100644 scripts/docker-shared-components/tests/fixtures.py delete mode 100644 scripts/docker-shared-components/tests/helpers.py delete mode 100644 scripts/docker-shared-components/tests/requirements.txt delete mode 100644 scripts/docker-shared-components/tests/test_support.py diff --git a/scripts/docker-shared-components/bitbucket-pipelines.yml b/scripts/docker-shared-components/bitbucket-pipelines.yml deleted file mode 100644 index 8e2b4bf..0000000 --- a/scripts/docker-shared-components/bitbucket-pipelines.yml +++ /dev/null @@ -1,54 +0,0 @@ -image: atlassian/default-image:2 - -pipelines: - branches: - master: - - step: - name: Auto create PRs - script: - - > - export ACCESS_TOKEN=$(curl "https://bitbucket.org/site/oauth2/access_token" \ - --silent \ - --request POST \ - --user "${DOCKER_BOT_CLIENT_ID}:${DOCKER_BOT_CLIENT_SECRET}" \ - --data 'grant_type=client_credentials' \ - --data 'scopes=repository' | jq --raw-output '.access_token') - - > - function update_shared_components() { - local REPO="$1" - local REVIEWERS=$(curl "https://api.bitbucket.org/2.0/repositories/${REPO}/default-reviewers" \ - --silent \ - --header "Authorization: Bearer ${ACCESS_TOKEN}" \ - --header "Content-Type: application/json" | jq --raw-output '.values') - git clone "https://x-token-auth:${ACCESS_TOKEN}@bitbucket.org/${REPO}" ~/${REPO} - cd ~/${REPO} - git checkout -B update-shared-components - git submodule update --init --recursive - git submodule update --recursive --remote - git add . - git -c "user.name=Atlassian Docker Bot" -c "user.email=$DOCKER_BOT_EMAIL" commit -m "Update shared components" - if [[ $(git ls-remote --heads origin update-shared-components) ]]; then - local GIT_OPTS="--force-with-lease" - fi - git push ${GIT_OPTS} origin update-shared-components - local PR_DATA='{ - "title": "Update shared components", - "close_source_branch": true, - "source": { - "branch": { - "name": "update-shared-components" - } - }, - "reviewers": '${REVIEWERS}' - }' - curl "https://api.bitbucket.org/2.0/repositories/${REPO}/pullrequests" \ - --globoff \ - --request POST \ - --header "Authorization: Bearer ${ACCESS_TOKEN}" \ - --header "Content-Type: application/json" \ - --data "${PR_DATA}" - } - - update_shared_components atlassian-docker/docker-atlassian-bitbucket-server - - update_shared_components atlassian-docker/docker-atlassian-confluence-server - - update_shared_components atlassian-docker/docker-atlassian-jira - - update_shared_components atlassian-docker/docker-atlassian-crowd diff --git a/scripts/docker-shared-components/image/push-readme.py b/scripts/docker-shared-components/image/push-readme.py deleted file mode 100644 index 0c3d400..0000000 --- a/scripts/docker-shared-components/image/push-readme.py +++ /dev/null @@ -1,33 +0,0 @@ -import logging -import os - -import requests - - -logging.basicConfig(level=logging.INFO) - - -DOCKER_REPO = os.environ.get('DOCKER_REPO') -DOCKER_USERNAME = os.environ.get('DOCKER_USERNAME') -DOCKER_PASSWORD = os.environ.get('DOCKER_PASSWORD') -README_FILE = os.environ.get('README_FILE') or 'README.md' - - -logging.info('Generating Docker Hub JWT') -data = {'username': DOCKER_USERNAME, 'password': DOCKER_PASSWORD} -r = requests.post('https://hub.docker.com/v2/users/login/', json=data) -docker_token = r.json().get('token') - -logging.info(f'Updating Docker Hub description for {DOCKER_REPO}') -with open(README_FILE) as f: - full_description = f.read() -data = {'registry': 'registry-1.docker.io', 'full_description': full_description} -headers = {'Authorization': f'JWT {docker_token}'} -r = requests.patch(f'https://hub.docker.com/v2/repositories/{DOCKER_REPO}/', - json=data, headers=headers) - -if r.status_code == requests.codes.ok: - logging.info(f'Successfully updated {README_FILE} for {DOCKER_REPO}') -else: - logging.info(f'Unable to update {README_FILE} for {DOCKER_REPO}, response code: {r.status_code}') - r.raise_for_status() \ No newline at end of file diff --git a/scripts/docker-shared-components/tests/Dockerfile-test b/scripts/docker-shared-components/tests/Dockerfile-test deleted file mode 100644 index f41d309..0000000 --- a/scripts/docker-shared-components/tests/Dockerfile-test +++ /dev/null @@ -1,4 +0,0 @@ -ARG BASE_IMAGE=atlassian/jira-software:latest -FROM $BASE_IMAGE - -COPY support /opt/atlassian/support diff --git a/scripts/docker-shared-components/tests/conftest.py b/scripts/docker-shared-components/tests/conftest.py deleted file mode 100644 index 0b18cc0..0000000 --- a/scripts/docker-shared-components/tests/conftest.py +++ /dev/null @@ -1,3 +0,0 @@ -import pytest - -from fixtures import docker_cli, image, run_user \ No newline at end of file diff --git a/scripts/docker-shared-components/tests/fixtures.py b/scripts/docker-shared-components/tests/fixtures.py deleted file mode 100644 index c48d5cf..0000000 --- a/scripts/docker-shared-components/tests/fixtures.py +++ /dev/null @@ -1,64 +0,0 @@ -import pytest - -import os - -import docker -import requests - - -DOCKERFILE = os.environ.get('DOCKERFILE') or 'Dockerfile' -DOCKERFILE_BUILDARGS = os.environ.get('DOCKERFILE_BUILDARGS') -DOCKERFILE_VERSION_ARG = os.environ.get('DOCKERFILE_VERSION_ARG') -MAC_PRODUCT_KEY = os.environ.get('MAC_PRODUCT_KEY') or 'docker-testapp' - - -def parse_buildargs(buildargs): - if buildargs is None or len(buildargs) == 0: - return {} - return dict(item.split("=") for item in buildargs.split(",")) - - -def make_image(): - buildargs = parse_buildargs(DOCKERFILE_BUILDARGS) - if MAC_PRODUCT_KEY != 'docker-testapp': - r = requests.get(f'https://marketplace.atlassian.com/rest/2/products/key/{MAC_PRODUCT_KEY}/versions/latest') - version = r.json().get('name') - buildargs[DOCKERFILE_VERSION_ARG] = version - docker_cli = docker.from_env() - tag = ''.join(ch for ch in DOCKERFILE if ch.isalnum()) - image = docker_cli.images.build(path='.', - tag=f'{MAC_PRODUCT_KEY}:{tag}'.lower(), - buildargs=buildargs, - dockerfile=DOCKERFILE, - rm=True)[0] - return image - - -def get_run_user(): - i = make_image() - image_env = {k:v for k,v in (x.split('=') for x in i.attrs['ContainerConfig']['Env'])} - run_user = f'{image_env["RUN_UID"]}:{image_env["RUN_GID"]}' - return run_user - - -# This fixture returns a temporary Docker CLI that cleans up running test containers after each test -@pytest.fixture -def docker_cli(): - docker_cli = docker.from_env() - yield docker_cli - for container in docker_cli.containers.list(): - for tag in container.image.tags: - if tag.startswith(MAC_PRODUCT_KEY): - container.remove(force=True) - - -# This fixture returns an image for the Docker build being tested -@pytest.fixture(scope='module') -def image(): - return make_image() - - -# This fixture returns the uid:gid for the Docker build being tested -@pytest.fixture(scope='module', params=['0:0', get_run_user()]) -def run_user(request): - return request.param \ No newline at end of file diff --git a/scripts/docker-shared-components/tests/helpers.py b/scripts/docker-shared-components/tests/helpers.py deleted file mode 100644 index 01b9a9e..0000000 --- a/scripts/docker-shared-components/tests/helpers.py +++ /dev/null @@ -1,78 +0,0 @@ -import time -import xml.etree.ElementTree as etree - -import requests -import testinfra - - -# Helper functions to get config values from support scripts -def get_app_home(container): - cmd = "/bin/bash -c 'source /opt/atlassian/support/common.sh && get_app_home'" - home = container.check_output(cmd) - return home - -def get_app_install_dir(container): - cmd = "/bin/bash -c 'source /opt/atlassian/support/common.sh && get_app_install_dir'" - home = container.check_output(cmd) - return home - -def get_bootstrap_proc(container): - cmd = "/bin/bash -c 'source /opt/atlassian/support/common.sh && echo ${BOOTSTRAP_PROC}'" - proc = container.check_output(cmd) - return proc - -# Run an image and wrap it in a TestInfra host for convenience. -# FIXME: There's probably a way to turn this into a fixture with parameters. -def run_image(docker_cli, image, **kwargs): - container = docker_cli.containers.run(image, detach=True, **kwargs) - return testinfra.get_host("docker://"+container.id) - -# TestInfra's process command doesn't seem to work for arg matching -def get_procs(container): - ps = container.run('ps -axo args') - return ps.stdout.split('\n') - -def parse_properties(container, properties): - properties_raw = container.file(properties).content - properties_str = properties_raw.decode().strip().split('\n') - return dict(item.split("=") for item in properties_str) - -def parse_xml(container, xml): - return etree.fromstring(container.file(xml).content) - -def wait_for_proc(container, proc_str, max_wait=10): - waited = 0 - while waited < max_wait: - procs = list(filter(lambda p: proc_str in p, get_procs(container))) - if len(procs) > 0: - return procs[0] - time.sleep(0.1) - waited += 0.1 - - raise TimeoutError("Failed to find target process") - -def wait_for_file(container, path, max_wait=10): - waited = 0 - while waited < max_wait: - if container.file(path).exists: - return - time.sleep(0.1) - waited += 0.1 - - raise TimeoutError("Failed to find target process") - -def wait_for_http_response(url, expected_status=200, expected_state=None, max_wait=20): - timeout = time.time() + max_wait - while time.time() < timeout: - try: - r = requests.get(url) - except requests.exceptions.ConnectionError: - pass - else: - if r.status_code == expected_status: - if expected_state is not None: - state = r.json().get('state') - assert state in expected_state - return - time.sleep(1) - raise TimeoutError \ No newline at end of file diff --git a/scripts/docker-shared-components/tests/requirements.txt b/scripts/docker-shared-components/tests/requirements.txt deleted file mode 100644 index 9eb3baf..0000000 --- a/scripts/docker-shared-components/tests/requirements.txt +++ /dev/null @@ -1,20 +0,0 @@ -atomicwrites==1.3.0 -attrs==19.1.0 -certifi==2019.6.16 -chardet==3.0.4 -docker==4.0.2 -idna==2.8 -importlib-metadata==0.19 -more-itertools==7.2.0 -packaging==19.1 -pluggy==0.12.0 -py==1.8.0 -pyparsing==2.4.2 -pytest==5.0.1 -requests==2.22.0 -six==1.12.0 -testinfra==3.0.6 -urllib3==1.25.3 -wcwidth==0.1.7 -websocket-client==0.56.0 -zipp==0.5.2 diff --git a/scripts/docker-shared-components/tests/test_support.py b/scripts/docker-shared-components/tests/test_support.py deleted file mode 100644 index 1e95192..0000000 --- a/scripts/docker-shared-components/tests/test_support.py +++ /dev/null @@ -1,75 +0,0 @@ -import pytest - -from helpers import get_app_home, get_bootstrap_proc, run_image, wait_for_proc - - -def test_thread_dumps(docker_cli, image, run_user): - COUNT = 3 - INTERVAL = 1 - container = run_image(docker_cli, image, user=run_user) - wait_for_proc(container, get_bootstrap_proc(container)) - - thread_cmd = f'/opt/atlassian/support/thread-dumps.sh --count {COUNT} --interval {INTERVAL}' - container.run(thread_cmd) - - find_thread_cmd = f'find {get_app_home(container)} -name "*_THREADS.*.txt"' - thread_dumps = container.run(find_thread_cmd).stdout.splitlines() - assert len(thread_dumps) == COUNT - - find_top_cmd = f'find {get_app_home(container)} -name "*_CPU_USAGE.*.txt"' - top_dumps = container.run(find_top_cmd).stdout.splitlines() - assert len(top_dumps) == COUNT - -def test_thread_dumps_no_top(docker_cli, image, run_user): - COUNT = 3 - INTERVAL = 1 - container = run_image(docker_cli, image, user=run_user) - wait_for_proc(container, get_bootstrap_proc(container)) - - thread_cmd = f'/opt/atlassian/support/thread-dumps.sh --no-top --count {COUNT} --interval {INTERVAL}' - container.run(thread_cmd) - - find_thread_cmd = f'find {get_app_home(container)} -name "*_THREADS.*.txt"' - thread_dumps = container.run(find_thread_cmd).stdout.splitlines() - assert len(thread_dumps) == COUNT - - find_top_cmd = f'find {get_app_home(container)} -name "*_CPU_USAGE.*.txt"' - top_dumps = container.run(find_top_cmd).stdout.splitlines() - assert len(top_dumps) == 0 - -def test_heap_dump(docker_cli, image, run_user): - container = run_image(docker_cli, image, user=run_user) - wait_for_proc(container, get_bootstrap_proc(container)) - - heap_cmd = f'/opt/atlassian/support/heap-dump.sh' - container.run(heap_cmd) - - ls_cmd = f'ls -la {get_app_home(container)}/heap.bin' - heap_dump = container.run(ls_cmd).stdout.splitlines() - assert len(heap_dump) == 1 - -def test_heap_dump_overwrite_false(docker_cli, image, run_user): - container = run_image(docker_cli, image, user=run_user) - wait_for_proc(container, get_bootstrap_proc(container)) - - heap_cmd = f'/opt/atlassian/support/heap-dump.sh' - ls_cmd = f'ls -la --time-style=full-iso {get_app_home(container)}/heap.bin' - - container.run(heap_cmd) - heap_dump_1 = container.run(ls_cmd).stdout.splitlines() - container.run(heap_cmd) - heap_dump_2 = container.run(ls_cmd).stdout.splitlines() - assert heap_dump_1 == heap_dump_2 - -def test_heap_dump_overwrite_true(docker_cli, image, run_user): - container = run_image(docker_cli, image, user=run_user) - wait_for_proc(container, get_bootstrap_proc(container)) - - heap_cmd = f'/opt/atlassian/support/heap-dump.sh --force' - ls_cmd = f'ls -la {get_app_home(container)}/heap.bin' - - container.run(heap_cmd) - heap_dump_1 = container.run(ls_cmd).stdout.splitlines() - container.run(heap_cmd) - heap_dump_2 = container.run(ls_cmd).stdout.splitlines() - assert heap_dump_1 != heap_dump_2 -- GitLab From fc85322a71d77581de58674529daa505163a0b2c Mon Sep 17 00:00:00 2001 From: "thomas.shepherd" Date: Fri, 7 May 2021 16:49:58 +0000 Subject: [PATCH 09/12] Add new file --- trufflehog-config.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 trufflehog-config.yaml diff --git a/trufflehog-config.yaml b/trufflehog-config.yaml new file mode 100644 index 0000000..8540135 --- /dev/null +++ b/trufflehog-config.yaml @@ -0,0 +1,8 @@ +skip_strings: + # These are the false positives we want to ignore + # will only be skipped in corresponding files + Dockerfile: + - "bitbucket-pipelines.yml" +# The config file must be skipped by truffleHog +skip_paths: + - trufflehog-config.yaml -- GitLab From 578c361e29577b7d1d17b05cf24e32dbe6c14eae Mon Sep 17 00:00:00 2001 From: "thomas.shepherd" Date: Fri, 7 May 2021 16:54:21 +0000 Subject: [PATCH 10/12] Update trufflehog-config.yaml --- trufflehog-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/trufflehog-config.yaml b/trufflehog-config.yaml index 8540135..e6d6d68 100644 --- a/trufflehog-config.yaml +++ b/trufflehog-config.yaml @@ -1,8 +1,8 @@ skip_strings: # These are the false positives we want to ignore # will only be skipped in corresponding files - Dockerfile: - - "bitbucket-pipelines.yml" + scripts/docker-shared-components/bitbucket-pipelines.yml: + - "8976df740a9ad224b4c05a688bcf868584bd63b0" # The config file must be skipped by truffleHog skip_paths: - trufflehog-config.yaml -- GitLab From ab8127a551147f8086e29c2f0e32e98e32179253 Mon Sep 17 00:00:00 2001 From: "thomas.shepherd" Date: Fri, 7 May 2021 17:00:09 +0000 Subject: [PATCH 11/12] Update trufflehog-config.yaml --- trufflehog-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/trufflehog-config.yaml b/trufflehog-config.yaml index e6d6d68..a5d0385 100644 --- a/trufflehog-config.yaml +++ b/trufflehog-config.yaml @@ -2,7 +2,7 @@ skip_strings: # These are the false positives we want to ignore # will only be skipped in corresponding files scripts/docker-shared-components/bitbucket-pipelines.yml: - - "8976df740a9ad224b4c05a688bcf868584bd63b0" + - "x-token-auth:${ACCESS_TOKEN}@bitbucket.org" # The config file must be skipped by truffleHog skip_paths: - trufflehog-config.yaml -- GitLab From 237d3a1455b50f8bc85420bf9e9eadd266cc4e61 Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Tue, 11 May 2021 13:40:11 +0000 Subject: [PATCH 12/12] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index c7eb604..2816de8 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,7 @@ # JIRA Data Center + +## It is reccomended that this container only be used behind CNAP. + ## jira-node ### Build and run image -- GitLab