Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Step 0 : Merge CCP changes to main with a separate image #653

Merged
merged 265 commits into from
Mar 14, 2024
Merged
Show file tree
Hide file tree
Changes from 250 commits
Commits
Show all changes
265 commits
Select commit Hold shift + click to select a range
e2f21c6
uncommenting all builds
rashmichandrashekar Aug 14, 2023
ca120c3
removing $$ since TA doesnt support env var substitution
rashmichandrashekar Aug 15, 2023
27e6241
adding $ manipulation for ds and rs
rashmichandrashekar Aug 15, 2023
f0f7de3
Updating operator submodules
rashmichandrashekar Aug 15, 2023
bbedb09
adding affinity
rashmichandrashekar Aug 16, 2023
05cc565
removing comment
rashmichandrashekar Aug 16, 2023
7c7e342
example service monitor CR and update reference app with label (#580)
bragi92 Aug 31, 2023
da272c2
TA fix for not detecting collector instances up from 0 to 1 (#581)
rashmichandrashekar Sep 1, 2023
9a40628
Changes for fallback toggle and cfgmap (#586)
rashmichandrashekar Sep 7, 2023
5067ca4
merging with main
rashmichandrashekar Sep 7, 2023
8cb75ce
Remove submodules for TA and prom operator (#587)
gracewehner Sep 7, 2023
1f2cd88
EV2 build, telemetry fix, requests and limits update (#588)
gracewehner Sep 7, 2023
6a4e356
fix scanning in build
gracewehner Sep 7, 2023
89eb36b
Merge remote-tracking branch 'origin/main' into operator-targetallocator
gracewehner Sep 14, 2023
d54159e
fix pipeline errors and warnings
gracewehner Sep 15, 2023
6ad94cf
HTTP proxy compatibility with target allocator (#597)
gracewehner Sep 15, 2023
f7c65eb
Add toggle for ARC through values.yaml (#590)
gracewehner Sep 15, 2023
06cc503
fixing pr comments
rashmichandrashekar Sep 15, 2023
1ef224b
Merge branch 'operator-targetallocator' of https://github.com/Azure/p…
rashmichandrashekar Sep 15, 2023
3c89dab
addressing pr comments
rashmichandrashekar Sep 21, 2023
edfb12b
Rename target allocator (#599)
gracewehner Sep 22, 2023
337e18b
hardcoding to kube-system
rashmichandrashekar Sep 25, 2023
75b0332
remove health check and debug logging
gracewehner Sep 26, 2023
a0b7848
removing comments
rashmichandrashekar Sep 27, 2023
5f2da3d
Merge branch 'operator-targetallocator' of https://github.com/Azure/p…
rashmichandrashekar Sep 27, 2023
380389d
adding chart setting telemetry
rashmichandrashekar Sep 27, 2023
89dfb9c
taking latest upgrades from vishwa/e3
rashmichandrashekar Sep 29, 2023
e2be19c
fixing space and writing tof ile
rashmichandrashekar Sep 29, 2023
0cc4993
upgrade all dependencies but collector
vishiy Oct 2, 2023
f2eecfb
update golang
vishiy Oct 2, 2023
10528e9
Update CVEs
vishiy Oct 3, 2023
2ccca1f
update config
vishiy Oct 3, 2023
abcc934
remove branch
vishiy Oct 3, 2023
3333773
Adding signing and reviewing licence (#617)
rashmichandrashekar Oct 4, 2023
a4c0013
make build fail when trivy fails
gracewehner Oct 4, 2023
7ec7bdb
test
bragi92 Oct 4, 2023
b1aca02
update to 1.20
bragi92 Oct 4, 2023
be6b5d8
dockerfile update
bragi92 Oct 4, 2023
32fc0b5
remove bash
bragi92 Oct 4, 2023
a5ee35c
Revert "taking latest upgrades from vishwa/e2"
rashmichandrashekar Oct 4, 2023
5bcefce
Merge branch 'operator-targetallocator' of https://github.com/Azure/p…
rashmichandrashekar Oct 5, 2023
ad212c8
taking Vishwa's upgrades
rashmichandrashekar Oct 5, 2023
b3c314f
Merge branch 'main' into kaveesh/shell_removal_from_ta_branch
bragi92 Oct 5, 2023
2457dfa
test push prometheuscollector.exe
bragi92 Oct 5, 2023
60d54a5
Merge remote-tracking branch 'origin/main' into operator-targetallocator
gracewehner Oct 6, 2023
a806670
remove duplicate line
gracewehner Oct 6, 2023
825f549
Upgrade components to v0.85.0 (#624)
gracewehner Oct 6, 2023
4f89b56
.
bragi92 Oct 6, 2023
205ea2e
fix syntax error
gracewehner Oct 6, 2023
e0a6564
chmod 777
bragi92 Oct 6, 2023
d102719
Telegraf telemetry feedback (#628)
gracewehner Oct 9, 2023
a7275f7
liveness
bragi92 Oct 9, 2023
016c635
.
bragi92 Oct 9, 2023
ff92513
Merge branch 'operator-targetallocator' into kaveesh/shell_removal_fr…
bragi92 Oct 9, 2023
5bb1cde
.
bragi92 Oct 9, 2023
d070d90
test build
bragi92 Oct 9, 2023
196089d
keep bash, for debugging
bragi92 Oct 9, 2023
561a38e
build again
bragi92 Oct 9, 2023
4b0fc52
build within container
bragi92 Oct 9, 2023
70e514c
.
bragi92 Oct 10, 2023
b90eb2c
.
bragi92 Oct 10, 2023
4a3f554
1
bragi92 Oct 10, 2023
39efb75
try using exe as entrypoint
bragi92 Oct 10, 2023
c62e126
otel + me
bragi92 Oct 10, 2023
2328a3c
fix issues
bragi92 Oct 10, 2023
e57802c
set env properly
bragi92 Oct 11, 2023
94b9b27
set env per process
bragi92 Oct 11, 2023
9c3bccc
set mdsd env properly
bragi92 Oct 11, 2023
1bc3ba3
.
bragi92 Oct 11, 2023
cda4e78
...
bragi92 Oct 11, 2023
0c09b1f
new build
bragi92 Oct 11, 2023
4b88292
append env properly
bragi92 Oct 11, 2023
eb483c9
update in dockerfile
bragi92 Oct 12, 2023
c50bc13
trivy
bragi92 Oct 12, 2023
17ba302
one more try
bragi92 Oct 12, 2023
a6790b4
wait for 120s
bragi92 Oct 12, 2023
e2e4720
stdout, stderr pipe
bragi92 Oct 12, 2023
6c4153d
get me running
bragi92 Oct 12, 2023
c4fc16c
need to do individual arguments
bragi92 Oct 12, 2023
e127798
start config parsing
bragi92 Oct 12, 2023
739d7fa
stop waiting
bragi92 Oct 12, 2023
ad4380c
more updates for configmap parser
bragi92 Oct 13, 2023
2ddc42b
undefined io
bragi92 Oct 13, 2023
144622c
.
bragi92 Oct 13, 2023
951731b
update for setting env and inheriting in child process
bragi92 Oct 13, 2023
f2784cf
print env variables
bragi92 Oct 13, 2023
5ff9b27
proper print
bragi92 Oct 13, 2023
c38219f
no return
bragi92 Oct 13, 2023
e1e3003
start command and wait so that proper files get created
bragi92 Oct 13, 2023
8ae0049
config map merger puts
bragi92 Oct 13, 2023
8405573
print
bragi92 Oct 13, 2023
42aa2b5
copy the config file properly
bragi92 Oct 13, 2023
f85d5c7
no shell
bragi92 Oct 13, 2023
4a1aff7
no shell, try 2
bragi92 Oct 13, 2023
d9693c3
remove sh shell too
bragi92 Oct 13, 2023
8826bff
test
bragi92 Oct 13, 2023
cd70a1a
maybe?
bragi92 Oct 13, 2023
c3550dd
another attempt
bragi92 Oct 13, 2023
fdb02a9
.
bragi92 Oct 14, 2023
1d291aa
trivy
bragi92 Oct 14, 2023
1cb0a4f
liveness update, attempt 1
bragi92 Oct 16, 2023
309a6a1
actually remove shell (remove busybin)
bragi92 Oct 16, 2023
ba1de09
keep bash for now and update liveness to check for proper ME process
bragi92 Oct 16, 2023
40f2813
fix liveness, attempt 1
bragi92 Oct 16, 2023
a56a365
liveness, attempt 2
bragi92 Oct 17, 2023
8378328
bash dependencies
bragi92 Oct 17, 2023
a796f2c
attempt 3
bragi92 Oct 17, 2023
3b25812
do contains instead of equal for isprocessrunning
bragi92 Oct 17, 2023
1cf01df
config update check in liveness
bragi92 Oct 17, 2023
fed4aad
also include fail message in liveness output
bragi92 Oct 17, 2023
8226de4
run proper inotify
bragi92 Oct 17, 2023
1b023e7
config schema update
bragi92 Oct 17, 2023
0908874
ccp config : /etc/config/settings/ccp
bragi92 Oct 18, 2023
fd03bce
print the configs
bragi92 Oct 18, 2023
c68ae25
fix path
bragi92 Oct 18, 2023
90eac03
remove shell
bragi92 Oct 18, 2023
a0dea07
fix liveness
bragi92 Oct 18, 2023
352c0a1
remove shell again
bragi92 Oct 18, 2023
a61e66f
re-enable bash and revert the config map update, going to use the set…
bragi92 Oct 18, 2023
88a1625
ccp config map update to use ama-metrics-settings-configmap
bragi92 Oct 19, 2023
e5bb16d
typo in filename
bragi92 Oct 19, 2023
e4db187
extra end
bragi92 Oct 19, 2023
2e6dc47
bug
bragi92 Oct 20, 2023
957847a
add wait for configmap sidecar sync + remove extra lines
bragi92 Oct 20, 2023
c67b9b2
fail if in linux daemonset for now
bragi92 Oct 20, 2023
27e6123
no shell
bragi92 Oct 20, 2023
80d8745
wait for configmap sync container
bragi92 Oct 20, 2023
160bef7
Merge branch 'main' into kaveesh/shell_removal_merge_attemp
bragi92 Oct 20, 2023
875b25f
remove
bragi92 Oct 20, 2023
20cee01
merge update
bragi92 Oct 20, 2023
798a4bc
missed comment
bragi92 Oct 20, 2023
3fb88b7
dont' wait for sidecar
bragi92 Oct 22, 2023
a1605b1
tolower
bragi92 Oct 22, 2023
a580c35
revert
bragi92 Oct 23, 2023
e4dbf23
build image for standalone
bragi92 Oct 25, 2023
6791c7d
no wait for sidecar, should not be needed
bragi92 Oct 25, 2023
de1a5fb
enable apiserver, etcd for reference app
bragi92 Oct 25, 2023
3703fa7
re-enable bash
bragi92 Oct 26, 2023
1ac8179
trivy
bragi92 Oct 26, 2023
aff5591
test new image
bragi92 Oct 27, 2023
2a68b5a
update configs
bragi92 Oct 31, 2023
febca82
trivy
bragi92 Oct 31, 2023
43ac8fd
try outputting otelcollector log to file
bragi92 Oct 31, 2023
ca2c7b0
work for overlay (my test)
bragi92 Oct 31, 2023
bffe4ef
collector log
bragi92 Oct 31, 2023
5efc2ed
try to output to file
bragi92 Oct 31, 2023
22c461b
revert bash and stuff
bragi92 Oct 31, 2023
cc18c18
my test
bragi92 Nov 1, 2023
cfebb7f
revert changes, so that this works for CCP.
bragi92 Nov 1, 2023
2354344
update to - instead of _ and change config for tests
bragi92 Nov 1, 2023
d29e8c6
one more
bragi92 Nov 1, 2023
b5924b2
debug
bragi92 Nov 1, 2023
b717c74
revert for ccp, final build (?)
bragi92 Nov 1, 2023
47abea1
rebuild with bash
bragi92 Nov 2, 2023
f5611d6
.
bragi92 Nov 2, 2023
9c7ad8c
is it curl?
bragi92 Nov 2, 2023
12b1d17
remove bash and test
bragi92 Nov 2, 2023
223d10c
build for ccp (configmap works)
bragi92 Nov 2, 2023
b059cb8
one more image
bragi92 Nov 2, 2023
a522ffd
build with otelcollector logs being sent to collector.log.json
bragi92 Nov 7, 2023
ecf8099
debug image
bragi92 Nov 7, 2023
ca2a185
fix job name
bragi92 Nov 8, 2023
817f7b5
Merge branch 'ccp_shell_removal_branch' of https://github.com/Azure/p…
bragi92 Nov 8, 2023
64df59a
remove debug changes
bragi92 Nov 8, 2023
3fd2a1e
update otelconfig struct
bragi92 Nov 8, 2023
312ebcc
dockerfile
bragi92 Nov 8, 2023
0b6a33e
fix struct
bragi92 Nov 8, 2023
f744885
revert dockerfile, final image for sharing!
bragi92 Nov 9, 2023
89e865a
Ccp metrics updates (#668)
sgeannina Nov 11, 2023
f8971f8
Update list of minimal metrics
Nov 20, 2023
a935e92
Merge pull request #682 from Azure/update-metrics
sgeannina Nov 20, 2023
6a0cf1a
update tokenadapter wait time to 20secs from 60secs
vishiy Dec 4, 2023
0c55449
Drop etcd2 metrics (#688)
sgeannina Dec 6, 2023
2bcc8b4
Remove apiserver-token secret (#693)
sgeannina Dec 12, 2023
b60d262
Update tls (#698)
sgeannina Dec 22, 2023
2086783
upgrade prometheus-operator
rashmichandrashekar Jan 2, 2024
6da0fe5
upgrade ta-0.90.0
rashmichandrashekar Jan 2, 2024
7c44fbb
scheduling build
rashmichandrashekar Jan 2, 2024
085e3a3
upgrade otelcollector with has fix from ta fix
rashmichandrashekar Jan 3, 2024
194b808
updating golang ref and removing unwanted dockerfiles
rashmichandrashekar Jan 3, 2024
2e87d02
updating golang for binary scanning
rashmichandrashekar Jan 3, 2024
d72f513
removing memory leak yaml
rashmichandrashekar Jan 3, 2024
376f762
upgrading to 0.91 for otelcollector
rashmichandrashekar Jan 3, 2024
a82a78d
Revert "upgrading to 0.91 for otelcollector"
rashmichandrashekar Jan 3, 2024
acf79f6
clean up trivyignore
rashmichandrashekar Jan 3, 2024
2b67b8a
comment out go version in sdl scan
rashmichandrashekar Jan 3, 2024
cd88c8e
fixing build issues
rashmichandrashekar Jan 3, 2024
c96ae8c
removing ta build from makefile
rashmichandrashekar Jan 3, 2024
856a361
commenting ta build from all
rashmichandrashekar Jan 3, 2024
1fa1d2f
add eula statement
rashmichandrashekar Jan 4, 2024
9a593e3
delay config reader file write
rashmichandrashekar Jan 4, 2024
cecf4b3
cleaning up for PR
rashmichandrashekar Jan 4, 2024
314f5d0
Merge branch 'rashmi/ta-wrapperandupgrade' into ccp_shell_removal_branch
bragi92 Jan 4, 2024
4c80e36
stop arc
bragi92 Jan 4, 2024
133e148
Merge branch 'main' into ccp_shell_removal_branch
bragi92 Jan 4, 2024
1cb2e66
Remove ruby from ccp (#712)
bragi92 Jan 27, 2024
6816611
test before sharing
bragi92 Jan 27, 2024
d0dd74f
test me err log
bragi92 Jan 30, 2024
cbd6c5b
test me err log
bragi92 Jan 30, 2024
2baf2d7
share with ccp
bragi92 Jan 31, 2024
1a7d80a
merge from main
bragi92 Feb 5, 2024
f2487b9
build ccp image
bragi92 Feb 6, 2024
d2be728
step 0
bragi92 Feb 23, 2024
a558b9c
prune
bragi92 Feb 23, 2024
7fa0f76
comment Linux_Prometheus_Collector
bragi92 Feb 23, 2024
439cfab
.
bragi92 Feb 23, 2024
42b5ccf
prune..
bragi92 Feb 23, 2024
147686d
add depends on as the build keeps failing from running out of space
bragi92 Feb 23, 2024
62fca57
delete dangling images
bragi92 Feb 23, 2024
5983108
?
bragi92 Feb 23, 2024
7f91d3d
changes for merging into ccp_shell_removal
bragi92 Feb 23, 2024
86bb50a
try building together
bragi92 Feb 23, 2024
7ed28b3
build
bragi92 Feb 23, 2024
ad50a7d
remove from dockerfile
bragi92 Feb 23, 2024
294d2e5
merge conflicts
bragi92 Feb 23, 2024
72d9a50
one more
bragi92 Feb 23, 2024
d35769e
fix
bragi92 Feb 23, 2024
25935e3
serial build for space?
bragi92 Feb 23, 2024
4174063
no cache
bragi92 Feb 23, 2024
c1285e9
fix
bragi92 Feb 23, 2024
4f35f6b
one more
bragi92 Feb 24, 2024
0cd0e84
cache
bragi92 Feb 26, 2024
cf4b906
updates for test build and final pr
bragi92 Feb 26, 2024
0b03053
syntax
bragi92 Feb 26, 2024
2276398
debug image for testing
bragi92 Feb 27, 2024
6a290de
copy to file only
bragi92 Feb 27, 2024
ea89a4d
docker
bragi92 Feb 27, 2024
d6fb5d1
Fix merge logic (#758)
bragi92 Feb 27, 2024
3f0c4c9
collector logs
bragi92 Feb 27, 2024
73f7f3c
missed configvalidator check
bragi92 Feb 28, 2024
b2a0085
only to stdout & stderr and test $$1
bragi92 Feb 28, 2024
983208a
react
bragi92 Feb 28, 2024
404a5e8
revert debug image update
bragi92 Feb 28, 2024
6699607
# libssl.so.1.1 & libcrypto.so.1.1 are already available with openssl…
bragi92 Feb 28, 2024
f76af40
revert prom confic change for merge
bragi92 Feb 29, 2024
78b2024
pr feedback (#764)
bragi92 Mar 2, 2024
f801fc6
more feedback
bragi92 Mar 5, 2024
f2b3168
one more test
bragi92 Mar 6, 2024
73ea37c
if no configmap
bragi92 Mar 6, 2024
63d6bba
only .azurepipeline revert left
bragi92 Mar 6, 2024
0fb5492
final, before readme
bragi92 Mar 6, 2024
65033a8
readme from Nina
bragi92 Mar 6, 2024
db7d165
cleanup
bragi92 Mar 7, 2024
589c1a5
trivy
bragi92 Mar 7, 2024
e3e9135
merge from main
bragi92 Mar 7, 2024
0d47d12
merge from main
bragi92 Mar 8, 2024
695449a
Merge branch 'main' into ccp_shell_removal_branch
bragi92 Mar 8, 2024
9521824
Merge branch 'main' into ccp_shell_removal_branch
bragi92 Mar 12, 2024
970e259
Merge branch 'main' into ccp_shell_removal_branch
bragi92 Mar 14, 2024
44e7f3c
trivy fix
bragi92 Mar 14, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
165 changes: 162 additions & 3 deletions .pipelines/azure-pipeline-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,11 @@ jobs:
LINUX_IMAGE_TAG=$SEMVER
# Truncating to 128 characters as it is required by docker
LINUX_IMAGE_TAG=$(echo "${LINUX_IMAGE_TAG}" | cut -c1-128)

#Truncating this to 124 to add the cfg suffix
LINUX_IMAGE_TAG_PREFIX=$(echo "${LINUX_IMAGE_TAG}" | cut -c1-124)
LINUX_CONFIG_READER_IMAGE_TAG=$LINUX_IMAGE_TAG_PREFIX-cfg
LINUX_CCP_IMAGE_TAG=$LINUX_IMAGE_TAG_PREFIX-ccp

#Truncating this to 113 to add the ref app suffices
LINUX_REF_APP_IMAGE_TAG_PREFIX=$(echo "${LINUX_IMAGE_TAG}" | cut -c1-113)
Expand Down Expand Up @@ -81,6 +82,7 @@ jobs:
LINUX_FULL_IMAGE_NAME=$ACR_REGISTRY$ACR_REPOSITORY:$LINUX_IMAGE_TAG
TARGET_ALLOCATOR_FULL_IMAGE_NAME=$ACR_REGISTRY$ACR_REPOSITORY:$TARGET_ALLOCATOR_IMAGE_TAG
LINUX_CONFIG_READER_FULL_IMAGE_NAME=$ACR_REGISTRY$ACR_REPOSITORY:$LINUX_CONFIG_READER_IMAGE_TAG
LINUX_CCP_FULL_IMAGE_NAME=$ACR_REGISTRY$ACR_REPOSITORY:$LINUX_CCP_IMAGE_TAG
WINDOWS_FULL_IMAGE_NAME=$ACR_REGISTRY$ACR_REPOSITORY:$WINDOWS_IMAGE_TAG
HELM_FULL_IMAGE_NAME=$ACR_REGISTRY$ACR_REPOSITORY_HELM/$HELM_CHART_NAME:$SEMVER
ARC_HELM_FULL_IMAGE_NAME=$ACR_REGISTRY$ACR_REPOSITORY_HELM/$ARC_HELM_CHART_NAME:$SEMVER
Expand All @@ -95,6 +97,7 @@ jobs:
echo "##vso[task.setvariable variable=TARGET_ALLOCATOR_IMAGE_TAG;isOutput=true]$TARGET_ALLOCATOR_IMAGE_TAG"
echo "##vso[task.setvariable variable=TARGET_ALLOCATOR_FULL_IMAGE_NAME;isOutput=true]$TARGET_ALLOCATOR_FULL_IMAGE_NAME"
echo "##vso[task.setvariable variable=LINUX_CONFIG_READER_FULL_IMAGE_NAME;isOutput=true]$LINUX_CONFIG_READER_FULL_IMAGE_NAME"
echo "##vso[task.setvariable variable=LINUX_CCP_FULL_IMAGE_NAME;isOutput=true]$LINUX_CCP_FULL_IMAGE_NAME"
echo "##vso[task.setvariable variable=WINDOWS_FULL_IMAGE_NAME;isOutput=true]$WINDOWS_FULL_IMAGE_NAME"
echo "##vso[task.setvariable variable=LINUX_REF_APP_GOLANG_FULL_IMAGE_NAME;isOutput=true]$LINUX_REF_APP_GOLANG_FULL_IMAGE_NAME"
echo "##vso[task.setvariable variable=LINUX_REF_APP_PYTHON_FULL_IMAGE_NAME;isOutput=true]$LINUX_REF_APP_PYTHON_FULL_IMAGE_NAME"
Expand Down Expand Up @@ -258,7 +261,6 @@ jobs:
targetType: 'F'
targetArgument: '$(Build.SourcesDirectory)'


- job: SDL_Binary_Scan
displayName: "SDL: linux binary scanning"
pool:
Expand Down Expand Up @@ -339,15 +341,16 @@ jobs:

# Necessary due to necessary due to https://stackoverflow.com/questions/60080264/docker-cannot-build-multi-platform-images-with-docker-buildx
sudo apt-get update && sudo apt-get -y install qemu binfmt-support qemu-user-static
#docker system prune --volumes -y
docker system prune --all -f
docker images -q --filter "dangling=true" | xargs docker rmi
docker login containerinsightsprod.azurecr.io -u $(ACR_USERNAME) -p $(ACR_PASSWORD)
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes

docker buildx create --name dockerbuilder
docker buildx use dockerbuilder
docker buildx build . --platform=linux/amd64,linux/arm64 --file ./build/linux/Dockerfile -t $(LINUX_FULL_IMAGE_NAME) --metadata-file $(Build.ArtifactStagingDirectory)/linux/metadata.json --push # --cache-to type=registry,ref=$(ACR_REGISTRY)$(ACR_REPOSITORY)/cache:prometheuscollector,mode=max --cache-from type=registry,ref=$(ACR_REGISTRY)$(ACR_REPOSITORY)/cache:prometheuscollector
docker pull $(LINUX_FULL_IMAGE_NAME)
docker system prune --all -f
workingDirectory: $(Build.SourcesDirectory)/otelcollector/
displayName: "Build: build and push image to dev ACR"

Expand Down Expand Up @@ -475,6 +478,162 @@ jobs:
GdnBreakGdnToolSemmle: true
GdnBreakGdnToolSemmleSeverity: 'Warning'

- job: Linux_CCP_Prometheus_Collector
bragi92 marked this conversation as resolved.
Show resolved Hide resolved
displayName: "Build: linux CCP prometheus-collector image"
pool:
name: Azure-Pipelines-CI-Test-EO
dependsOn: Image_Tags_and_Ev2_Artifacts
variables:
LINUX_CCP_FULL_IMAGE_NAME: $[ dependencies.Image_Tags_and_Ev2_Artifacts.outputs['setup.LINUX_CCP_FULL_IMAGE_NAME'] ]
# This is necessary because of: https://github.com/moby/moby/issues/37965
DOCKER_BUILDKIT: 1
steps:
- checkout: self
submodules: true

- task: CodeQL3000Init@0
displayName: 'SDL: init codeql'

- task: GoTool@0
displayName: "Build: specify golang version"
inputs:
version: '1.20'

- bash: |
mkdir -p $(Build.ArtifactStagingDirectory)/linuxccp

# Necessary due to necessary due to https://stackoverflow.com/questions/60080264/docker-cannot-build-multi-platform-images-with-docker-buildx
sudo apt-get update && sudo apt-get -y install qemu binfmt-support qemu-user-static
docker system prune --volumes -y
docker system prune --all -f
docker images -q --filter "dangling=true" | xargs docker rmi
docker login containerinsightsprod.azurecr.io -u $(ACR_USERNAME) -p $(ACR_PASSWORD)
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes

docker buildx create --name dockerbuilder
docker buildx use dockerbuilder
docker buildx build . --platform=linux/amd64 --file ./build/linux/ccp/Dockerfile -t $(LINUX_CCP_FULL_IMAGE_NAME) --metadata-file $(Build.ArtifactStagingDirectory)/linuxccp/metadata.json --push # --cache-to type=registry,ref=$(ACR_REGISTRY)$(ACR_REPOSITORY)/cache:prometheuscollectorccp,mode=max --cache-from type=registry,ref=$(ACR_REGISTRY)$(ACR_REPOSITORY)/cache:prometheuscollectorccp
docker pull $(LINUX_CCP_FULL_IMAGE_NAME)
docker system prune --all -f
workingDirectory: $(Build.SourcesDirectory)/otelcollector/
displayName: "Build: build and push CCP image to dev ACR"

- bash: |
MEDIA_TYPE=$(docker manifest inspect -v $(LINUX_CCP_FULL_IMAGE_NAME) | jq '.Descriptor.mediaType')
DIGEST=$(docker manifest inspect -v $(LINUX_CCP_FULL_IMAGE_NAME) | jq '.Descriptor.digest')
SIZE=$(docker manifest inspect -v $(LINUX_CCP_FULL_IMAGE_NAME) | jq '.Descriptor.size')
cat <<EOF >>$(Build.ArtifactStagingDirectory)/linuxccp/payload.json
{"targetArtifact":{"mediaType":$MEDIA_TYPE,"digest":$DIGEST,"size":$SIZE}}
EOF
workingDirectory: $(Build.SourcesDirectory)/otelcollector/
displayName: "Build: Set values in payload.json for signing"
condition: eq(variables.IS_MAIN_BRANCH, true)

- task: EsrpCodeSigning@3
displayName: "ESRP CodeSigning for Prometheus"
inputs:
ConnectedServiceName: "ESRPServiceConnectionForPrometheusImages"
FolderPath: $(Build.ArtifactStagingDirectory)/linuxccp/
Pattern: "*.json"
signConfigType: inlineSignParams
inlineOperation: |
[
{
"keyCode": "CP-469451",
"operationSetCode": "NotaryCoseSign",
"parameters": [
{
"parameterName": "CoseFlags",
"parameterValue": "chainunprotected"
}
],
"toolName": "sign",
"toolVersion": "1.0"
}
]

- bash: |
set -euxo pipefail
curl -LO "https://github.com/oras-project/oras/releases/download/v1.0.0/oras_1.0.0_linux_amd64.tar.gz"
mkdir -p oras-install/
tar -zxf oras_1.0.0_*.tar.gz -C oras-install/
sudo mv oras-install/oras /usr/local/bin/
rm -rf oras_1.0.0_*.tar.gz oras-install/
oras attach $(LINUX_CCP_FULL_IMAGE_NAME) \
--artifact-type 'application/vnd.cncf.notary.signature' \
./payload.json:application/cose \
-a "io.cncf.notary.x509chain.thumbprint#S256=[\"79E6A702361E1F60DAA84AEEC4CBF6F6420DE6BA\"]"
workingDirectory: $(Build.ArtifactStagingDirectory)/linuxccp/
displayName: "ORAS Push Artifacts in $(Build.ArtifactStagingDirectory)/linuxccp/"
condition: eq(variables.IS_MAIN_BRANCH, true)

- bash: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
trivy image --ignore-unfixed --no-progress --severity HIGH,CRITICAL,MEDIUM --exit-code 1 $(LINUX_CCP_FULL_IMAGE_NAME)
if [ $? -ne 0 ]; then
exit 1
fi
workingDirectory: $(Build.SourcesDirectory)
displayName: "Build: run trivy scan"

- task: CodeQL3000Finalize@0
displayName: 'SDL: run codeql'

- task: ComponentGovernanceComponentDetection@0
displayName: "SDL: run component governance"
inputs:
scanType: 'Register'
verbosity: 'Verbose'
dockerImagesToScan: '$(LINUX_CCP_FULL_IMAGE_NAME)'
alertWarningLevel: 'High'
sourceScanPath: '$(Build.SourcesDirectory)/otelcollector'
ignoreDirectories: '$(Build.SourcesDirectory)/mixins,$(Build.SourcesDirectory)/tools,$(Build.SourcesDirectory)/otelcollector/react'

- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
displayName: "Ev2: Generate image artifacts"
condition: and(eq(variables.IS_PR, false), eq(variables.IS_MAIN_BRANCH, true))
inputs:
BuildDropPath: '$(Build.ArtifactStagingDirectory)/linuxccp'
DockerImagesToScan: '$(LINUX_CCP_FULL_IMAGE_NAME)'

- task: SdtReport@2
displayName: 'SDL: generate report'
inputs:
GdnExportAllTools: false
GdnExportGdnToolBinSkim: true
GdnExportGdnToolBinSkimSeverity: 'Note'
GdnExportGdnToolGosec: true
GdnExportGdnToolGosecSeverity: 'Note'
GdnExportGdnToolSemmle: true
GdnExportGdnToolSemmleSeverity: 'Note'

- task: PublishSecurityAnalysisLogs@3
displayName: 'SDL: publish report'
inputs:
ArtifactName: 'CodeAnalysisLogs'
ArtifactType: 'Container'
PublishProcessedResults: true
AllTools: true
ToolLogsNotFoundAction: 'Standard'

- task: PublishBuildArtifacts@1
displayName: "Ev2: Publish image artifacts"
condition: and(eq(variables.IS_PR, false), eq(variables.IS_MAIN_BRANCH, true))
inputs:
pathToPublish: '$(Build.ArtifactStagingDirectory)'
artifactName: drop

- task: PostAnalysis@2
displayName: 'SDL: Post-Build Analysis'
inputs:
GdnBreakAllTools: false
GdnBreakGdnToolBinSkim: true
GdnBreakGdnToolBinSkimSeverity: 'Warning'
GdnBreakGdnToolGosec: true
GdnBreakGdnToolGosecSeverity: 'Warning'
GdnBreakGdnToolSemmle: true
GdnBreakGdnToolSemmleSeverity: 'Warning'

- job: Linux_Target_Allocator
displayName: "Build: target allocator image"
pool:
Expand Down
Loading
Loading