From 865d36dc0443e1d0a9e126193cc55e5afdfae836 Mon Sep 17 00:00:00 2001 From: chgl Date: Wed, 4 Oct 2023 20:11:36 +0200 Subject: [PATCH] chore(deps): updated all dependencies and fixed megalinter workflow (#74) * chore(deps): update all non-major dependencies * chore(deps): update github-actions * chore(deps): update container-images * chore: added dotnet-tools manifest with dotnet outdated * chore(deps): updated major deps * chore(deps): updated megalinter to latest to fix trivy * ci: fix iter8 workflow by manually downloading the cli --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .config/dotnet-tools.json | 14 +++++++ .github/workflows/ci.yaml | 26 +++++++------ .github/workflows/codeql.yaml | 6 +-- .github/workflows/lint-pr-title.yaml | 2 +- .github/workflows/mega-linter.yml | 14 +++---- .github/workflows/release-please.yaml | 2 +- .github/workflows/scorecards.yaml | 4 +- .github/workflows/trivy.yaml | 4 +- .kics.yaml | 3 ++ .markdownlintignore | 1 + .mega-linter.yml | 18 ++++++++- .trivy.yaml | 3 ++ .trivyignore | 6 +++ Dockerfile | 9 +++-- README.md | 30 +++++++-------- docker-compose.yaml | 6 ++- grpc-utils.Dockerfile | 6 +-- src/Vfps.Benchmarks/Vfps.Benchmarks.csproj | 2 +- src/Vfps.IntegrationTests/MigrationsTests.cs | 30 ++++++--------- .../Vfps.IntegrationTests.csproj | 9 +++-- src/Vfps.StressTests/Vfps.StressTests.csproj | 4 +- src/Vfps.Tests/Vfps.Tests.csproj | 12 +++--- src/Vfps/Vfps.csproj | 38 +++++++++---------- 23 files changed, 147 insertions(+), 102 deletions(-) create mode 100644 .config/dotnet-tools.json create mode 100644 .kics.yaml create mode 100644 .markdownlintignore create mode 100644 .trivy.yaml diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json new file mode 100644 index 0000000..8d66078 --- /dev/null +++ b/.config/dotnet-tools.json @@ -0,0 +1,14 @@ +{ + "version": 1, + "isRoot": true, + "tools": { + "dotnet-outdated-tool": { + "version": "4.5.3", + "commands": ["dotnet-outdated"] + }, + "csharpier": { + "version": "0.25.0", + "commands": ["dotnet-csharpier"] + } + } +} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b2a48d3..b4e7efe 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -86,7 +86,7 @@ jobs: cache-to: type=gha,mode=max - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 # 0.11.2 + uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0 with: image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }} severity: "CRITICAL,HIGH" @@ -129,7 +129,7 @@ jobs: - name: Upload container images if: ${{ github.event_name == 'pull_request' }} - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: container-image-artifacts path: | @@ -288,7 +288,14 @@ jobs: - name: Checkout uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - - uses: iter8-tools/iter8@9b867240dcaa77858d2458f52a3845e47ea2c657 # v0.13.17 + - name: install iter8 cli + env: + ITER8_CLI_URL: "https://github.com/iter8-tools/iter8/releases/download/v0.13.18/iter8-linux-amd64.tar.gz" + run: | + curl -LSs "${ITER8_CLI_URL}" | tar xz + mv linux-amd64/iter8 /usr/local/bin/iter8 + chmod +x /usr/local/bin/iter8 + iter8 version - name: Create KinD cluster uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 @@ -313,15 +320,12 @@ jobs: env: IMAGE_TAG: ${{ needs.build.outputs.api-image-version }} run: | - helm repo add miracum https://miracum.github.io/charts - helm repo update helm install \ --set="image.tag=${IMAGE_TAG}" \ -f tests/iter8/values.yaml \ --wait \ --timeout=15m \ - --version=^1.0.0 \ - vfps miracum/vfps + vfps oci://ghcr.io/miracum/charts/vfps - name: Launch iter8 experiment run: kubectl apply -f tests/iter8/experiment.yaml @@ -358,7 +362,7 @@ jobs: - name: Upload report if: always() - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: iter8-report.html path: | @@ -372,7 +376,7 @@ jobs: - name: Upload cluster dump if: always() - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: kind-cluster-dump.txt path: | @@ -419,14 +423,12 @@ jobs: - test-api-container permissions: actions: read # for detecting the Github Actions environment. - id-token: write # for creating OIDC tokens for signing. + id-token: write packages: write # for uploading attestations. uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: ${{ needs.build.outputs.api-image-name }} digest: ${{ needs.build.outputs.api-image-digest }} registry-username: ${{ github.actor }} - # TODO(https://github.com/slsa-framework/slsa-github-generator/issues/492): Remove after GA release. - compile-generator: true secrets: registry-password: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index f176c21..f4d3eef 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -44,7 +44,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2 + uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -57,7 +57,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2 + uses: github/codeql-action/autobuild@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -70,6 +70,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2 + uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/lint-pr-title.yaml b/.github/workflows/lint-pr-title.yaml index 88b5f2a..2b7b389 100644 --- a/.github/workflows/lint-pr-title.yaml +++ b/.github/workflows/lint-pr-title.yaml @@ -14,7 +14,7 @@ jobs: name: Lint PR title runs-on: ubuntu-22.04 steps: - - uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5.2.0 + - uses: amannn/action-semantic-pull-request@47b15d52c5c30e94a17ec87eb8dd51ff5221fed9 # v5.3.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 8b939e5..4fa52c2 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -6,9 +6,8 @@ name: MegaLinter on: # Trigger mega-linter at every push. Action will also be visible from Pull Requests to master pull_request: - branches: [master, main] + branches: [master] -# Declare default permissions as read only. permissions: read-all env: # Comment env block if you do not want to apply fixes @@ -31,8 +30,9 @@ jobs: steps: # Git Checkout - name: Checkout Code - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: + token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances # MegaLinter @@ -40,18 +40,18 @@ jobs: id: ml # You can override MegaLinter flavor used to have faster performances # More info at https://oxsecurity.github.io/megalinter/flavors/ - uses: oxsecurity/megalinter@93700f8c21c59ea784a32abe23896e49e54463b8 # v6.22.2 + uses: oxsecurity/megalinter@a87b2872713c6bdde46d2473c5d7ed23e5752dc2 # v7.4.0 env: # All available variables are described in documentation # https://oxsecurity.github.io/megalinter/configuration/ - VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }} + VALIDATE_ALL_CODEBASE: "true" GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY # Upload MegaLinter artifacts - name: Archive production artifacts - if: ${{ success() }} || ${{ failure() }} - uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # tag=v2 + if: ${{ always() }} + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: MegaLinter reports path: | diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index de3aaf2..72b283e 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -15,7 +15,7 @@ jobs: pull-requests: write steps: - - uses: google-github-actions/release-please-action@ca6063f4ed81b55db15b8c42d1b6f7925866342d # v3.7.11 + - uses: google-github-actions/release-please-action@4c5670f886fe259db4d11222f7dff41c1382304d # v3.7.12 with: token: ${{ secrets.MIRACUM_BOT_SEMANTIC_RELEASE_TOKEN }} release-type: simple diff --git a/.github/workflows/scorecards.yaml b/.github/workflows/scorecards.yaml index 8165597..c88ff18 100644 --- a/.github/workflows/scorecards.yaml +++ b/.github/workflows/scorecards.yaml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5 + uses: github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9 with: sarif_file: results.sarif diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index 0551d10..31e9f95 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -22,7 +22,7 @@ jobs: runs-on: "ubuntu-22.04" steps: - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 # 0.11.2 + uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0 with: image-ref: ghcr.io/${{ github.repository }}:latest format: "template" @@ -31,6 +31,6 @@ jobs: severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2 + uses: github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2 with: sarif_file: "trivy-results.sarif" diff --git a/.kics.yaml b/.kics.yaml new file mode 100644 index 0000000..7ee390d --- /dev/null +++ b/.kics.yaml @@ -0,0 +1,3 @@ +exclude-paths: + - "tests/" + - "src/Vfps/Protos/vfps/api/v1/*.proto" diff --git a/.markdownlintignore b/.markdownlintignore new file mode 100644 index 0000000..1b763b1 --- /dev/null +++ b/.markdownlintignore @@ -0,0 +1 @@ +CHANGELOG.md diff --git a/.mega-linter.yml b/.mega-linter.yml index c32fc89..6d2097e 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -10,10 +10,26 @@ DISABLE: DISABLE_LINTERS: - REPOSITORY_DEVSKIM + - SPELL_LYCHEE SHOW_ELAPSED_TIME: true FILEIO_REPORTER: false # DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass REPOSITORY_TRIVY_ARGUMENTS: - - "--severity='HIGH,CRITICAL'" + - "--severity=MEDIUM,HIGH,CRITICAL" + +REPOSITORY_CHECKOV_ARGUMENTS: + - "--skip-path=tests/" + +IGNORE_GITIGNORED_FILES: true + +REPOSITORY_KICS_ARGUMENTS: + - --fail-on=HIGH + +REPOSITORY_KICS_CONFIG_FILE: .kics.yaml + +MARKDOWN_MARKDOWN_TABLE_FORMATTER_ARGUMENTS: + - -p 0 + +REPOSITORY_TRIVY_CONFIG_FILE: .trivy.yaml diff --git a/.trivy.yaml b/.trivy.yaml new file mode 100644 index 0000000..fb39695 --- /dev/null +++ b/.trivy.yaml @@ -0,0 +1,3 @@ +scan: + skip-dirs: + - tests/ diff --git a/.trivyignore b/.trivyignore index bd0778b..376218d 100644 --- a/.trivyignore +++ b/.trivyignore @@ -1,3 +1,9 @@ # iter8 requires access to secrets AVD-KSV-0041 KSV041 + +# OK, already covered by hadolint +AVD-DS-0002 + +# no update yet. blocking build. +CVE-2023-4911 diff --git a/Dockerfile b/Dockerfile index 8660d06..f112b26 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,7 @@ # syntax=docker/dockerfile:1.4 -FROM mcr.microsoft.com/dotnet/nightly/aspnet:7.0.10-jammy-chiseled@sha256:8b0546dca6b23e438af6454a3242ffc4a3344a872e791e738f0a1be5fa4343b3 AS runtime +# kics false positive "Missing User Instruction": +# kics-scan ignore-line +FROM mcr.microsoft.com/dotnet/nightly/aspnet:7.0.11-jammy-chiseled@sha256:8b2a9b9a8d3c424a368aa347f333d4653e9ed6eb78c9af70e450b5cc514bf3b8 AS runtime WORKDIR /opt/vfps EXPOSE 8080/tcp 8081/tcp 8082/tcp USER 65534:65534 @@ -9,7 +11,7 @@ ENV DOTNET_ENVIRONMENT="Production" \ ASPNETCORE_URLS="" \ DOTNET_BUNDLE_EXTRACT_BASE_DIR=/tmp -FROM mcr.microsoft.com/dotnet/sdk:7.0.400-jammy@sha256:fff616cce9131105bd3a09bd7033e8604ac761490a703c5ece071751c155b218 AS build +FROM mcr.microsoft.com/dotnet/sdk:7.0.401-jammy@sha256:49f2cb277dc4b089d9d7642f06afae0f2da10224be55ea2a64eb8af798ec4994 AS build WORKDIR /build ENV DOTNET_CLI_TELEMETRY_OPTOUT=1 \ PATH="/root/.dotnet/tools:${PATH}" @@ -68,12 +70,13 @@ FROM build AS stress-test WORKDIR /opt/vfps-stress # https://github.com/hadolint/hadolint/pull/815 isn't yet in mega-linter # hadolint ignore=DL3022 -COPY --from=docker.io/bitnami/kubectl:1.27.5@sha256:f8c9112ed8e93374559de09ddb2f4459a8677a3e478206e23efae674dff0dc1f /opt/bitnami/kubectl/bin/kubectl /usr/bin/kubectl +COPY --from=docker.io/bitnami/kubectl:1.28.2@sha256:52a1c97ff9f4e82bce5f15cca73f9f454b70910afbf241ae0ecb5d60956fec05 /opt/bitnami/kubectl/bin/kubectl /usr/bin/kubectl COPY tests/chaos/chaos.yaml /tmp/ COPY --from=build-stress-test /build/publish . # currently running into # when running as non-root. + # hadolint ignore=DL3002 USER 0:0 ENTRYPOINT ["dotnet"] diff --git a/README.md b/README.md index bc9854a..f1731a0 100644 --- a/README.md +++ b/README.md @@ -58,21 +58,21 @@ See for a production Available configuration options which can be set as environment variables: -| Variable | Type | Default | Description | -| -------------------------------------------------- | ------------ | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `ConnectionStrings__PostgreSQL` | `string` | `""` | Connection string to the PostgreSQL database. See for options. | -| `ForceRunDatabaseMigrations` | `bool` | `false` | Run database migrations as part of the startup. Only recommended when a single replica of the application is used. | -| `Tracing__IsEnabled` | `bool` | `false` | Enable distributed tracing support. | -| `Tracing__Exporter` | `string` | `"jaeger"` | The tracing export format. One of `jaeger`, `otlp`. | -| `Tracing__ServiceName` | `string` | `"vfps"` | Tracing service name. | -| `Tracing__RootSampler` | `string` | `"AlwaysOnSampler"` | Tracing parent root sampler. One of `AlwaysOnSampler`, `AlwaysOffSampler`, `TraceIdRatioBasedSampler` | -| `Tracing__SamplingProbability` | `double` | `0.1` | Sampling probability to use if `Tracing__RootSampler` is set to `TraceIdRatioBasedSampler`. | -| `Tracing__Jaeger` | `object` | `{}` | Jaeger exporter options. See . | -| `Tracing__Otlp__Endpoint` | `string` | `""` | The OTLP gRPC Endpoint URL. | -| `Pseudonymization__Caching__Namespaces__IsEnabled` | `bool` | `false` | Set to `true` to enable namespace caching. | -| `Pseudonymization__Caching__Pseudonyms__IsEnabled` | `bool` | `false` | Set to `true` to enable pseudonym caching. | -| `Pseudonymization__Caching__SizeLimit` | `int` | `65534` | Maximum number of entries in the cache. The cache is shared between the pseudonyms and namespaces. | -| `Pseudonymization__Caching__AbsoluteExpiration` | `D.HH:mm:nn` | `0.01:00:00` | Time after which a cache entry expires. | +| Variable | Type | Default | Description | +| -------------------------------------------------- | ------------ | ------------------- | ----------------------------------------------------------------------------------------------------------------------------- | +| `ConnectionStrings__PostgreSQL` | `string` | `""` | Connection string to the PostgreSQL database. See for options. | +| `ForceRunDatabaseMigrations` | `bool` | `false` | Run database migrations as part of the startup. Only recommended when a single replica of the application is used. | +| `Tracing__IsEnabled` | `bool` | `false` | Enable distributed tracing support. | +| `Tracing__Exporter` | `string` | `"jaeger"` | The tracing export format. One of `jaeger`, `otlp`. | +| `Tracing__ServiceName` | `string` | `"vfps"` | Tracing service name. | +| `Tracing__RootSampler` | `string` | `"AlwaysOnSampler"` | Tracing parent root sampler. One of `AlwaysOnSampler`, `AlwaysOffSampler`, `TraceIdRatioBasedSampler` | +| `Tracing__SamplingProbability` | `double` | `0.1` | Sampling probability to use if `Tracing__RootSampler` is set to `TraceIdRatioBasedSampler`. | +| `Tracing__Jaeger` | `object` | `{}` | Jaeger exporter options. | +| `Tracing__Otlp__Endpoint` | `string` | `""` | The OTLP gRPC Endpoint URL. | +| `Pseudonymization__Caching__Namespaces__IsEnabled` | `bool` | `false` | Set to `true` to enable namespace caching. | +| `Pseudonymization__Caching__Pseudonyms__IsEnabled` | `bool` | `false` | Set to `true` to enable pseudonym caching. | +| `Pseudonymization__Caching__SizeLimit` | `int` | `65534` | Maximum number of entries in the cache. The cache is shared between the pseudonyms and namespaces. | +| `Pseudonymization__Caching__AbsoluteExpiration` | `D.HH:mm:nn` | `0.01:00:00` | Time after which a cache entry expires. | ## Observability diff --git a/docker-compose.yaml b/docker-compose.yaml index 15cec5d..930bd3a 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,6 +1,6 @@ services: postgresql: - image: docker.io/library/postgres:15.4@sha256:a5e89e5f2679863bedef929c4a7ec5d1a2cb3c045f13b47680d86f8701144ed7 + image: docker.io/library/postgres:16.0@sha256:f1aaf6f8be5552bef66c5580efbd2942c37d7277cd0416ef4939fa34bf0baf31 restart: unless-stopped deploy: resources: @@ -13,13 +13,14 @@ services: - "no-new-privileges:true" privileged: false environment: + # kics-scan ignore-line POSTGRES_PASSWORD: postgres POSTGRES_DB: vfps ports: - "127.0.0.1:35432:5432" jaeger: - image: docker.io/jaegertracing/all-in-one:1.48.0@sha256:667c849ae08d74cde03b1a4b0ba5ab3081f8a43c895325eb62ab5871a1dd764c + image: docker.io/jaegertracing/all-in-one:1.49.0@sha256:0edcea978eb4a631a0d9078f435908852f20013cf5d66908521c5ac2815aeb28 restart: unless-stopped deploy: resources: @@ -64,6 +65,7 @@ services: ForceRunDatabaseMigrations: "true" ConnectionStrings__PostgreSQL: "Host=postgresql:5432;Database=vfps;Timeout=60;Max Auto Prepare=5;Application Name=vfps;Maximum Pool Size=50;" PGUSER: postgres + # kics-scan ignore-line PGPASSWORD: postgres ports: # Http1, Http2, Http3 diff --git a/grpc-utils.Dockerfile b/grpc-utils.Dockerfile index 0543713..526b286 100644 --- a/grpc-utils.Dockerfile +++ b/grpc-utils.Dockerfile @@ -1,9 +1,9 @@ # syntax=docker/dockerfile:1.4 -FROM docker.io/library/ubuntu:22.10@sha256:e322f4808315c387868a9135beeb11435b5b83130a8599fd7d0014452c34f489 +FROM docker.io/library/ubuntu:22.04@sha256:9b8dec3bf938bc80fbe758d856e96fdfab5f56c39d44b0cff351e847bb1b01ea SHELL ["/bin/bash", "-eo", "pipefail", "-c"] -ENV GRPCURL_URL=https://github.com/fullstorydev/grpcurl/releases/download/v1.8.7/grpcurl_1.8.7_linux_x86_64.tar.gz \ - GHZ_URL=https://github.com/bojand/ghz/releases/download/v0.110.0/ghz-linux-x86_64.tar.gz +ENV GRPCURL_URL=https://github.com/fullstorydev/grpcurl/releases/download/v1.8.8/grpcurl_1.8.8_linux_x86_64.tar.gz \ + GHZ_URL=https://github.com/bojand/ghz/releases/download/v0.117.0/ghz-linux-x86_64.tar.gz # hadolint ignore=DL3008 RUN < - + diff --git a/src/Vfps.IntegrationTests/MigrationsTests.cs b/src/Vfps.IntegrationTests/MigrationsTests.cs index 038aa64..eab7fad 100644 --- a/src/Vfps.IntegrationTests/MigrationsTests.cs +++ b/src/Vfps.IntegrationTests/MigrationsTests.cs @@ -1,6 +1,7 @@ using DotNet.Testcontainers.Builders; using DotNet.Testcontainers.Configurations; using DotNet.Testcontainers.Containers; +using Testcontainers.PostgreSql; using Xunit.Abstractions; namespace Vfps.IntegrationTests; @@ -9,33 +10,26 @@ public class MigrationsTests : IAsyncLifetime, IClassFixture { private readonly ITestOutputHelper output; - private readonly TestcontainerDatabase postgresqlContainer; + private readonly PostgreSqlContainer postgresqlContainer; private readonly string connectionString; private readonly string migrationsImage; - private readonly ContainerBuilder migrationsContainerBuilder; + private readonly ContainerBuilder migrationsContainerBuilder; public MigrationsTests(ITestOutputHelper output, NetworkFixture networkFixture) { this.output = output; - postgresqlContainer = new ContainerBuilder() - .WithDatabase( - new PostgreSqlTestcontainerConfiguration( - "docker.io/bitnami/postgresql:14.5.0-debian-11-r17" - ) - { - Database = "vfps", - Username = "postgres", - Password = "postgres", - } - ) + postgresqlContainer = new PostgreSqlBuilder() + .WithDatabase("vfps") + .WithUsername("postgres") + .WithPassword("postgres") .WithName("postgres") .WithHostname("postgres") .WithEnvironment("PGUSER", "postgres") - .WithNetwork(networkFixture.Network.Id, networkFixture.Network.Name) + .WithNetwork(networkFixture.Network.Name) .Build(); this.connectionString = @@ -44,10 +38,10 @@ public MigrationsTests(ITestOutputHelper output, NetworkFixture networkFixture) var migrationsImageTag = Environment.GetEnvironmentVariable("VFPS_IMAGE_TAG") ?? "latest"; this.migrationsImage = $"ghcr.io/miracum/vfps:{migrationsImageTag}"; - migrationsContainerBuilder = new TestcontainersBuilder() + migrationsContainerBuilder = new ContainerBuilder() .WithImage(migrationsImage) .WithName("migrations") - .WithNetwork(networkFixture.Network.Id, networkFixture.Network.Name) + .WithNetwork(networkFixture.Network.Name) .WithEntrypoint("/opt/vfps/efbundle") .WithCommand("--verbose", $"--connection={connectionString}"); } @@ -66,7 +60,7 @@ public async Task RunMigrationsContainer_WithCorrectConnectionString_ShouldSucce await migrationsContainer.StartAsync(); - var exitCode = await migrationsContainer.GetExitCode(); + var exitCode = await migrationsContainer.GetExitCodeAsync(); consumer.Stdout.Seek(0, SeekOrigin.Begin); using var stdoutReader = new StreamReader(consumer.Stdout); @@ -95,7 +89,7 @@ public async Task RunMigrationsContainer_WithWrongConnectionString_ShouldFail() await migrationsContainer.StartAsync(); - var exitCode = await migrationsContainer.GetExitCode(); + var exitCode = await migrationsContainer.GetExitCodeAsync(); consumer.Stdout.Seek(0, SeekOrigin.Begin); using var stdoutReader = new StreamReader(consumer.Stdout); diff --git a/src/Vfps.IntegrationTests/Vfps.IntegrationTests.csproj b/src/Vfps.IntegrationTests/Vfps.IntegrationTests.csproj index d3edbfd..fff7c4f 100644 --- a/src/Vfps.IntegrationTests/Vfps.IntegrationTests.csproj +++ b/src/Vfps.IntegrationTests/Vfps.IntegrationTests.csproj @@ -5,15 +5,16 @@ - + runtime; build; native; contentfiles; analyzers; buildtransitive all - - - + + + + runtime; build; native; contentfiles; analyzers; buildtransitive all diff --git a/src/Vfps.StressTests/Vfps.StressTests.csproj b/src/Vfps.StressTests/Vfps.StressTests.csproj index e5d19c8..4e5e026 100644 --- a/src/Vfps.StressTests/Vfps.StressTests.csproj +++ b/src/Vfps.StressTests/Vfps.StressTests.csproj @@ -6,10 +6,10 @@ - + - + runtime; build; native; contentfiles; analyzers; buildtransitive all diff --git a/src/Vfps.Tests/Vfps.Tests.csproj b/src/Vfps.Tests/Vfps.Tests.csproj index f6636ea..a8f89e8 100644 --- a/src/Vfps.Tests/Vfps.Tests.csproj +++ b/src/Vfps.Tests/Vfps.Tests.csproj @@ -5,7 +5,7 @@ - + runtime; build; native; contentfiles; analyzers; buildtransitive all @@ -16,12 +16,12 @@ runtime; build; native; contentfiles; analyzers; buildtransitive - - - + + + - - + + runtime; build; native; contentfiles; analyzers; buildtransitive all diff --git a/src/Vfps/Vfps.csproj b/src/Vfps/Vfps.csproj index 321dc17..f4ec70f 100644 --- a/src/Vfps/Vfps.csproj +++ b/src/Vfps/Vfps.csproj @@ -5,29 +5,29 @@ - - - - - - - + + + + + + + all runtime; build; native; contentfiles; analyzers; buildtransitive - - - - - - + + + + + + - - - - - - + + + + + +