-
Notifications
You must be signed in to change notification settings - Fork 0
Make newman kubed again #33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
denomolo
wants to merge
23
commits into
master
Choose a base branch
from
newman-kubed
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
23 commits
Select commit
Hold shift + click to select a range
609fc5d
Add temp k8 chart and test using mongo7
denomolo 7ec20a4
upgraded mongo client to new version
ramikhawaly-gigaspaces aa552cd
Working mongo-server
denomolo 9816b81
Fixed newman-server chart
denomolo 598d83b
Changed mongo to deplyoment and pvc to gp3
denomolo 2eded12
Working mongo helm chart
denomolo 5195f2c
Mongo works
denomolo 73fdaf5
Working mongo-server as sts
denomolo 3aa0ecf
Nearly working newman
denomolo 2b7afa0
Bump to newman server helm 1.8
denomolo 7dfd40a
Split changes to new Dockerfile.k8s
denomolo 54a4555
Update Dockerfile
galnadjar 8bab497
Update Dockerfile.k8s
galnadjar 7dc17d1
Bumped chart versions for new image
denomolo 707b26b
Add newman-server mongo credentials
denomolo 34744b9
Bump to 1.14
denomolo fa79a00
Bump the chart version
denomolo b311449
Change chart name to server
denomolo e0caade
Copy workflows to the branch
denomolo 6a1c96d
Copied the build newman workflow to the branch
denomolo 4a06fee
Get updated charts as well
denomolo da04571
Merge branch 'master' into newman-kubed
denomolo d8c4c46
Update the dockerfile to compile newman during build
denomolo File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| FROM ubuntu:24.04 | ||
|
|
||
| ARG user=newman | ||
| ARG group=newman | ||
| ARG uid=1001 | ||
| ARG gid=1001 | ||
|
|
||
| RUN apt-get update -y | ||
| RUN apt-get install coreutils wget -y | ||
|
|
||
| ENV MAVEN_VERSION=3.6.3 | ||
| ENV MAVEN_FILE=apache-maven-${MAVEN_VERSION}-bin.tar.gz | ||
| ENV NODE_VERSION=22.11.0 | ||
| ENV NODE_FILE=node-v${NODE_VERSION}-linux-x64.tar.gz | ||
|
|
||
| # Jenkins is run with user `newman`, uid = 1000 | ||
| # If you bind mount a volume from the host or a data container, | ||
| # ensure you use the same uid | ||
| RUN groupadd -g ${gid} ${group} \ | ||
| && useradd -d "/home/${user}" -u ${uid} -g ${gid} -m -s /bin/bash ${user} | ||
|
|
||
| # Install Java. | ||
| RUN apt-get update && apt-get install -y openjdk-8-jdk-headless unzip | ||
| ENV JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/ | ||
|
|
||
| # Install Maven | ||
| RUN wget --no-verbose -O /tmp/${MAVEN_FILE} \ | ||
| http://archive.apache.org/dist/maven/maven-3/${MAVEN_VERSION}/binaries/${MAVEN_FILE} | ||
|
|
||
| # stop building if md5sum does not match | ||
| RUN echo "9792c717f5845d952907d5144b8253c3 /tmp/${MAVEN_FILE}" | \ | ||
| md5sum -c | ||
|
|
||
| # install in /opt/maven | ||
| RUN mkdir -p /opt/maven | ||
|
|
||
| RUN tar xzf /tmp/${MAVEN_FILE} --strip-components=1 \ | ||
| -C /opt/maven | ||
|
|
||
| RUN ln -s /opt/maven/bin/mvn /usr/local/bin | ||
| RUN rm -f /tmp/${MAVEN_FILE} | ||
|
|
||
| # get node | ||
| RUN echo 'get node tar.gz' | ||
| RUN wget --no-verbose -O /tmp/${NODE_FILE} \ | ||
| https://nodejs.org/dist/v${NODE_VERSION}/${NODE_FILE} | ||
|
|
||
| RUN mkdir /opt/node | ||
|
|
||
| # unpack node tar.gz | ||
| RUN echo 'unpacking node tar.gz' && \ | ||
| tar zxvf /tmp/${NODE_FILE} --strip-components=1 \ | ||
| -C /opt/node && \ | ||
| rm -f /tmp/${NODE_FILE} | ||
|
|
||
| RUN ln -s /opt/node/bin/node /usr/local/bin && ln -s /opt/node/bin/npm /usr/local/bin | ||
|
|
||
| RUN node --version && \ | ||
| npm --version | ||
|
|
||
| VOLUME /data/ | ||
| ENV PATH=$JAVA_HOME/bin:$PATH | ||
|
|
||
| USER root | ||
| RUN apt-get install sudo curl -y netbase | ||
|
|
||
| RUN mkdir /.m2 && chown ${user}:${group} /.m2 | ||
| #COPY --chown=${user}:${group} --from=newman . /newman | ||
| RUN wget https://github.com/giga-dev/newman/archive/refs/heads/master.zip -O /tmp/master.zip \ | ||
| && unzip /tmp/master.zip -d /tmp \ | ||
| && mv /tmp/newman-master /newman \ | ||
| && rm /tmp/master.zip | ||
| RUN chown -R ${user}:${group} /newman | ||
| USER ${user} | ||
| WORKDIR /newman | ||
| RUN mvn clean install | ||
| WORKDIR / | ||
| # ENTRYPOINT [ "sh", "-c", "/newman", "/newman/newman-server/bin/newman-server.sh"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| #!/bin/bash | ||
| DIRNAME=`cd $(dirname ${BASH_SOURCE[0]}) && pwd` | ||
|
|
||
| docker build --build-arg user=$USER --build-arg uid=$(id -u) --build-arg gid=$(id -g) -t newman ${DIRNAME} | ||
| docker build --build-arg user=$USER --build-arg uid=$(id -u) --build-arg gid=$(id -g) -t newman/newman-server:latest ${DIRNAME} | ||
|
|
||
| docker pull mongo | ||
| #docker pull mongo:4.0.27 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Patterns to ignore when building packages. | ||
| # This supports shell glob matching, relative path matching, and | ||
| # negation (prefixed with !). Only one pattern per line. | ||
| .DS_Store | ||
| # Common VCS dirs | ||
| .git/ | ||
| .gitignore | ||
| .bzr/ | ||
| .bzrignore | ||
| .hg/ | ||
| .hgignore | ||
| .svn/ | ||
| # Common backup files | ||
| *.swp | ||
| *.bak | ||
| *.tmp | ||
| *.orig | ||
| *~ | ||
| # Various IDEs | ||
| .project | ||
| .idea/ | ||
| *.tmproj | ||
| .vscode/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| apiVersion: v2 | ||
| name: mongo-server | ||
| description: A Helm chart for deploying MongoDB | ||
| type: application | ||
| version: 0.1.10 | ||
| appVersion: "4.0.27" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: "{{ .Release.Name }}-config" | ||
| namespace: {{ .Release.Namespace }} | ||
| labels: | ||
| app: mongo-server | ||
| data: | ||
| mongodb.conf: | | ||
| storage: | ||
| dbPath: /data/db | ||
| net: | ||
| bindIp: 0.0.0.0 | ||
| port: 27017 | ||
| security: | ||
| authorization: enabled |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| apiVersion: v1 | ||
| kind: PersistentVolumeClaim | ||
| metadata: | ||
| name: "{{ .Release.Name }}-pvc" | ||
| namespace: {{ .Release.Namespace }} | ||
| labels: | ||
| app: mongo-server | ||
| spec: | ||
| accessModes: {{ .Values.persistence.accessModes | toJson }} | ||
| resources: | ||
| requests: | ||
| storage: {{ .Values.persistence.size }} | ||
| storageClassName: {{ .Values.persistence.storageClass | quote }} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: {{ .Release.Name }} | ||
| namespace: {{ .Release.Namespace }} | ||
| labels: | ||
| app: mongo-server | ||
| spec: | ||
| ports: | ||
| - port: {{ .Values.service.port }} | ||
| targetPort: {{ .Values.service.port }} | ||
| selector: | ||
| app: mongo-server |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security control: Static Code Analysis Yaml
Shell Injection In Github Actions
Using variable interpolation
${{...}}withgithubcontext data in arun:step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code.githubcontext data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable withenv:to store the data and use the environment variable in therun:script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".Severity: HIGH
Learn more about this issue
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_fpIgnore and mark this specific single instance of finding as “False Positive”#jit_ignore_acceptIgnore and mark this specific single instance of finding as “Accept Risk”#jit_ignore_type_in_fileIgnore any finding of type "Shell Injection in GitHub Actions" in .github/workflows/build-newman.yaml; future occurrences will also be ignored.#jit_undo_ignoreUndo ignore command