Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release-1.28] Backports for 2024-09 #10845

Merged
merged 10 commits into from
Sep 6, 2024
49 changes: 49 additions & 0 deletions .github/workflows/trivy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: PR Comment Triggered Trivy Scan

on:
issue_comment:
types: [created]

jobs:
trivy_scan:
if: github.event.issue.pull_request && github.event.comment.body == '/trivy'
runs-on: ubuntu-latest
permissions:
pull-requests: write
env:
GH_TOKEN: ${{ github.token }}
steps:
- name: Checkout PR code
uses: actions/checkout@v4
with:
ref: refs/pull/${{ github.event.issue.number }}/head

- name: Comment Status on PR
run: |
gh repo set-default ${{ github.repository }}
gh pr comment ${{ github.event.issue.number }} -b ":construction: Running Trivy scan on PR :construction: "

- name: Build K3s Image
run: |
make local
make package-image
make tag-image-latest

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0
with:
image-ref: 'rancher/k3s:latest'
format: 'table'
severity: "HIGH,CRITICAL"
output: "trivy-report.txt"

- name: Add Trivy Report to PR
run: |
echo '```' | cat - trivy-report.txt > temp && mv temp trivy-report.txt
echo '```' >> trivy-report.txt
gh issue comment ${{ github.event.issue.number }} --edit-last -F trivy-report.txt

- name: Report Failure
if: ${{ failure() }}
run: |
gh issue comment ${{ github.event.issue.number }} --edit-last -b ":x: Trivy scan action failed, check logs :x:"
65 changes: 33 additions & 32 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
module github.com/k3s-io/k3s

go 1.22.0

toolchain go1.22.2
go 1.22.4

replace (
github.com/Microsoft/hcsshim => github.com/Microsoft/hcsshim v0.11.0
github.com/Microsoft/hcsshim => github.com/Microsoft/hcsshim v0.11.7
github.com/Mirantis/cri-dockerd => github.com/k3s-io/cri-dockerd v0.3.12-k3s1.28 // k3s/release-1.28
github.com/cloudnativelabs/kube-router/v2 => github.com/k3s-io/kube-router/v2 v2.2.1
github.com/containerd/containerd => github.com/k3s-io/containerd v1.7.20-k3s2.28
github.com/containerd/containerd => github.com/k3s-io/containerd v1.7.21-k3s2.28
github.com/containerd/imgcrypt => github.com/containerd/imgcrypt v1.1.11
github.com/distribution/reference => github.com/distribution/reference v0.5.0
github.com/docker/cli => github.com/docker/cli v27.1.2+incompatible
github.com/docker/distribution => github.com/docker/distribution v2.8.3+incompatible
github.com/docker/docker => github.com/docker/docker v24.0.10-0.20240723193628-852759a7df45+incompatible
github.com/emicklei/go-restful/v3 => github.com/emicklei/go-restful/v3 v3.9.0
Expand All @@ -18,7 +18,7 @@ replace (
github.com/googleapis/gax-go/v2 => github.com/googleapis/gax-go/v2 v2.12.0
github.com/kubernetes-sigs/cri-tools => github.com/k3s-io/cri-tools v1.26.0-rc.0-k3s1
github.com/open-policy-agent/opa => github.com/open-policy-agent/opa v0.59.0 // github.com/Microsoft/hcsshim using bad version v0.42.2
github.com/opencontainers/runc => github.com/k3s-io/runc v1.1.12-k3s1
github.com/opencontainers/runc => github.com/k3s-io/runc v1.1.14-k3s1
github.com/opencontainers/selinux => github.com/opencontainers/selinux v1.11.0
github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0
github.com/prometheus/common => github.com/prometheus/common v0.45.0
Expand Down Expand Up @@ -91,12 +91,12 @@ replace (
)

require (
github.com/Microsoft/hcsshim v0.12.3
github.com/Microsoft/hcsshim v0.12.6
github.com/Mirantis/cri-dockerd v0.0.0-00010101000000-000000000000
github.com/blang/semver/v4 v4.0.0
github.com/cloudnativelabs/kube-router/v2 v2.0.0-00010101000000-000000000000
github.com/containerd/aufs v1.0.0
github.com/containerd/cgroups/v3 v3.0.2
github.com/containerd/cgroups/v3 v3.0.3
github.com/containerd/containerd v1.7.16
github.com/containerd/fuse-overlayfs-snapshotter v1.0.8
github.com/containerd/stargz-snapshotter v0.15.1
Expand All @@ -120,9 +120,9 @@ require (
github.com/ipfs/go-log/v2 v2.5.1
github.com/joho/godotenv v1.5.1
github.com/json-iterator/go v1.1.12
github.com/k3s-io/helm-controller v0.15.10
github.com/k3s-io/kine v0.11.11
github.com/klauspost/compress v1.17.7
github.com/k3s-io/helm-controller v0.15.13
github.com/k3s-io/kine v0.12.0
github.com/klauspost/compress v1.17.9
github.com/kubernetes-sigs/cri-tools v0.0.0-00010101000000-000000000000
github.com/lib/pq v1.10.2
github.com/libp2p/go-libp2p v0.33.2
Expand All @@ -149,7 +149,7 @@ require (
github.com/spegel-org/spegel v0.0.0-00010101000000-000000000000
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.9.0
github.com/urfave/cli v1.22.14
github.com/urfave/cli v1.22.15
github.com/vishvananda/netlink v1.2.1-beta.2
github.com/yl2chen/cidranger v1.0.2
go.etcd.io/etcd/api/v3 v3.5.15
Expand Down Expand Up @@ -212,32 +212,32 @@ require (
github.com/blang/semver v3.5.1+incompatible // indirect
github.com/bronze1man/goStrongswanVici v0.0.0-20221114103242-3f6dc524986c // indirect
github.com/canonical/go-dqlite v1.5.1 // indirect
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/chai2010/gettext-go v1.0.2 // indirect
github.com/checkpoint-restore/go-criu/v5 v5.3.0 // indirect
github.com/cilium/ebpf v0.9.1 // indirect
github.com/cilium/ebpf v0.11.0 // indirect
github.com/container-storage-interface/spec v1.8.0 // indirect
github.com/containerd/btrfs/v2 v2.0.0 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
github.com/containerd/console v1.0.3 // indirect
github.com/containerd/containerd/api v1.7.19 // indirect
github.com/containerd/console v1.0.4 // indirect
github.com/containerd/containerd/api v1.8.0-rc.3 // indirect
github.com/containerd/continuity v0.4.3 // indirect
github.com/containerd/errdefs v0.1.0 // indirect
github.com/containerd/fifo v1.1.0 // indirect
github.com/containerd/go-cni v1.1.9 // indirect
github.com/containerd/go-runc v1.0.0 // indirect
github.com/containerd/imgcrypt v1.1.8 // indirect
github.com/containerd/go-cni v1.1.10 // indirect
github.com/containerd/go-runc v1.1.0 // indirect
github.com/containerd/imgcrypt v1.2.0-rc1 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/nri v0.6.1 // indirect
github.com/containerd/platforms v0.2.1 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
github.com/containerd/ttrpc v1.2.5 // indirect
github.com/containerd/typeurl v1.0.2 // indirect
github.com/containerd/typeurl/v2 v2.1.1 // indirect
github.com/containernetworking/cni v1.1.2 // indirect
github.com/containerd/typeurl/v2 v2.2.0 // indirect
github.com/containernetworking/cni v1.2.3 // indirect
github.com/containernetworking/plugins v1.5.1 // indirect
github.com/containers/ocicrypt v1.1.10 // indirect
github.com/containers/ocicrypt v1.2.0 // indirect
github.com/coreos/go-oidc v2.2.1+incompatible // indirect
github.com/coreos/go-semver v0.3.1 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
Expand All @@ -247,7 +247,7 @@ require (
github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/cli v24.0.7+incompatible // indirect
github.com/docker/cli v27.1.2+incompatible // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
github.com/docker/docker-credential-helpers v0.7.0 // indirect
github.com/docker/go-connections v0.5.0 // indirect
Expand All @@ -269,7 +269,7 @@ require (
github.com/fvbommel/sortorder v1.1.0 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-jose/go-jose/v3 v3.0.3 // indirect
github.com/go-jose/go-jose/v4 v4.0.2 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
Expand Down Expand Up @@ -299,7 +299,7 @@ require (
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
github.com/hanwen/go-fuse/v2 v2.4.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
Expand All @@ -312,7 +312,7 @@ require (
github.com/huin/goupnp v1.3.0 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/intel/goresctrl v0.3.0 // indirect
github.com/intel/goresctrl v0.7.0 // indirect
github.com/ipfs/boxo v0.10.0 // indirect
github.com/ipfs/go-cid v0.4.1 // indirect
github.com/ipfs/go-datastore v0.6.0 // indirect
Expand Down Expand Up @@ -374,7 +374,8 @@ require (
github.com/moby/sys/sequential v0.5.0 // indirect
github.com/moby/sys/signal v0.7.0 // indirect
github.com/moby/sys/symlink v0.2.0 // indirect
github.com/moby/sys/user v0.1.0 // indirect
github.com/moby/sys/user v0.3.0 // indirect
github.com/moby/sys/userns v0.1.0 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
Expand Down Expand Up @@ -408,7 +409,7 @@ require (
github.com/opentracing/opentracing-go v1.2.0 // indirect
github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pierrec/lz4 v2.6.0+incompatible // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
Expand All @@ -431,7 +432,7 @@ require (
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cobra v1.8.0 // indirect
github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect
github.com/stoewer/go-strcase v1.2.0 // indirect
github.com/stoewer/go-strcase v1.3.0 // indirect
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
github.com/syndtr/goleveldb v1.0.0 // indirect
github.com/tchap/go-patricia/v2 v2.3.1 // indirect
Expand Down Expand Up @@ -481,7 +482,7 @@ require (
gonum.org/v1/gonum v0.13.0 // indirect
google.golang.org/api v0.169.0 // indirect
google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect
google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/gcfg.v1 v1.2.3 // indirect
Expand Down Expand Up @@ -515,6 +516,6 @@ require (
sigs.k8s.io/kustomize/kustomize/v5 v5.0.4-0.20230601165947-6ce0bf390ce3 // indirect
sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
tags.cncf.io/container-device-interface v0.7.2 // indirect
tags.cncf.io/container-device-interface/specs-go v0.7.0 // indirect
tags.cncf.io/container-device-interface v0.8.0 // indirect
tags.cncf.io/container-device-interface/specs-go v0.8.0 // indirect
)
Loading
Loading