From 33dde6a1ba61d5a509b800508bc7ede5b41a500f Mon Sep 17 00:00:00 2001 From: outductor Date: Sun, 17 Dec 2023 12:35:16 +0900 Subject: [PATCH 1/3] add dockerignore and modify gitignore --- .dockerignore | 2 ++ .gitignore | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..dab41c9 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,2 @@ +.git +cloudflare-tunnel-ingress-controller diff --git a/.gitignore b/.gitignore index e006638..9ed0978 100644 --- a/.gitignore +++ b/.gitignore @@ -20,7 +20,8 @@ # Go workspace file go.work -./cloudflare-tunnel-ingress-controller +cloudflare-tunnel-ingress-controller +!image/cloudflare-tunnel-ingress-controller hack/dev/cloudflare-api.yaml # go test coverage report From a228f6000d5a77286bd22b04bbaaf0c53478ab3b Mon Sep 17 00:00:00 2001 From: outductor Date: Sun, 17 Dec 2023 12:35:26 +0900 Subject: [PATCH 2/3] modify go build and fix CVE --- go.mod | 10 +++++----- go.sum | 16 ++++++++-------- .../Dockerfile | 2 +- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index 0a8d943..95c9306 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/STRRL/cloudflare-tunnel-ingress-controller -go 1.19 +go 1.20 require ( github.com/cloudflare/cloudflare-go v0.76.0 @@ -54,11 +54,11 @@ require ( github.com/prometheus/common v0.42.0 // indirect github.com/prometheus/procfs v0.9.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - golang.org/x/net v0.14.0 // indirect + golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.5.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/term v0.11.0 // indirect - golang.org/x/text v0.12.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/term v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.9.3 // indirect gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect diff --git a/go.sum b/go.sum index 8d94f8b..77bb55d 100644 --- a/go.sum +++ b/go.sum @@ -181,8 +181,8 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= @@ -198,15 +198,15 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/image/cloudflare-tunnel-ingress-controller/Dockerfile b/image/cloudflare-tunnel-ingress-controller/Dockerfile index 857ef0d..4404a16 100644 --- a/image/cloudflare-tunnel-ingress-controller/Dockerfile +++ b/image/cloudflare-tunnel-ingress-controller/Dockerfile @@ -11,7 +11,7 @@ RUN go mod download && go mod verify COPY . . RUN --mount=type=cache,target=/go \ CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH GO111MODULE=on \ - go build -o cloudflare-tunnel-ingress-controller ./cmd/cloudflare-tunnel-ingress-controller + go build -ldflags="-s -w" -o cloudflare-tunnel-ingress-controller ./cmd/cloudflare-tunnel-ingress-controller # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details From 61c04060a8772018867328162d75e2b1e83fc70d Mon Sep 17 00:00:00 2001 From: outductor Date: Sun, 17 Dec 2023 12:35:35 +0900 Subject: [PATCH 3/3] update GHA --- .github/workflows/helm-package-test.yaml | 2 +- .github/workflows/integration-test.yaml | 6 +++--- .github/workflows/release-container-image.yaml | 14 ++++++++------ .github/workflows/release-helm.yaml | 2 +- .github/workflows/unit-test.yaml | 6 +++--- 5 files changed, 16 insertions(+), 14 deletions(-) diff --git a/.github/workflows/helm-package-test.yaml b/.github/workflows/helm-package-test.yaml index 85ea152..fd44b58 100644 --- a/.github/workflows/helm-package-test.yaml +++ b/.github/workflows/helm-package-test.yaml @@ -14,7 +14,7 @@ jobs: integration-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - uses: azure/setup-helm@v3 - name: Run helm package run: | diff --git a/.github/workflows/integration-test.yaml b/.github/workflows/integration-test.yaml index fbedba3..bc8d867 100644 --- a/.github/workflows/integration-test.yaml +++ b/.github/workflows/integration-test.yaml @@ -14,10 +14,10 @@ jobs: integration-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 with: - go-version: '1.20' + go-version-file: './go.mod' - name: Run integration tests run: | make integration-test diff --git a/.github/workflows/release-container-image.yaml b/.github/workflows/release-container-image.yaml index b880a48..d263a03 100644 --- a/.github/workflows/release-container-image.yaml +++ b/.github/workflows/release-container-image.yaml @@ -12,10 +12,10 @@ jobs: packages: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Docker meta id: meta - uses: docker/metadata-action@v3 + uses: docker/metadata-action@v5 with: # list of Docker images to use as base name for tags images: | @@ -29,20 +29,22 @@ jobs: type=semver,pattern={{major}} type=sha - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Docker Registry - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v5 with: file: image/cloudflare-tunnel-ingress-controller/Dockerfile platforms: linux/amd64,linux/arm,linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/.github/workflows/release-helm.yaml b/.github/workflows/release-helm.yaml index 1f124ec..1fadde0 100644 --- a/.github/workflows/release-helm.yaml +++ b/.github/workflows/release-helm.yaml @@ -11,7 +11,7 @@ jobs: release-chart: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: "Extract Version" id: extract_version run: | diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml index 9c0f267..1940f75 100644 --- a/.github/workflows/unit-test.yaml +++ b/.github/workflows/unit-test.yaml @@ -14,10 +14,10 @@ jobs: unit-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 with: - go-version: '1.20' + go-version-file: './go.mod' - name: Run unit tests run: | make unit-test