diff --git a/.circleci/config.yml b/.circleci/config.yml index eb80514c..a3fe3a33 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,16 +1,5 @@ version: 2 jobs: - system_testing: - machine: - image: ubuntu-2204:2022.04.2 - steps: - - checkout - - run: - name: system.testing - command: | - ./ci/system_testing.sh - - store_artifacts: - path: ./test-log build_gcc48_opentracing_15: docker: - image: ubuntu:18.04 @@ -33,36 +22,13 @@ jobs: - run: ./ci/install_gcc4.8.sh - run: ./ci/install_opentracing.sh - run: ./ci/do_ci.sh build - openresty_docker_image: - machine: true - steps: - - checkout - - run: - command: docker build -t opentracing/openresty -f Dockerfile-openresty . - - push_docker_image: - machine: true - steps: - - checkout - - run: - command: ./ci/do_ci.sh push_docker_image workflows: version: 2 build_test_and_deploy: jobs: - - push_docker_image: - filters: - branches: - ignore: /.*/ - tags: &tags - only: /^v[0-9]+(\.[0-9]+)*$/ - - system_testing - build_gcc48_opentracing_15 - build_gcc48_opentracing_16: requires: - build_gcc48_opentracing_15 - - openresty_docker_image: - requires: - - system_testing diff --git a/.github/workflows/docker-openresty.yml b/.github/workflows/docker-openresty.yml new file mode 100644 index 00000000..e299352d --- /dev/null +++ b/.github/workflows/docker-openresty.yml @@ -0,0 +1,109 @@ +name: Docker Openresty + +on: + push: + branches: + - master + tags: + - "v[0-9]+.[0-9]+.[0-9]+" + pull_request: + branches: + - master + +concurrency: + group: ${{ github.ref_name }}-docker-openresty + cancel-in-progress: true + +jobs: + build-docker: + name: Build Docker Image + runs-on: ubuntu-22.04 + services: + registry: + image: registry:2 + ports: + - 5000:5000 + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + + - name: Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver-opts: network=host + + - name: DockerHub Login + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + if: github.event_name != 'pull_request' + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + if: github.event_name != 'pull_request' + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + name=opentracing/openresty,enable=${{ github.event_name != 'pull_request' }} + name=ghcr.io/opentracing-contrib/openresty,enable=${{ github.event_name != 'pull_request' }} + name=localhost:5000/opentracing/openresty + tags: | + type=edge + type=ref,event=pr + type=semver,pattern={{version}} + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index + + - name: Build and push + uses: docker/build-push-action@v6 + with: + file: Dockerfile-openresty + pull: true + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} + cache-from: type=gha,scope=openresty + cache-to: type=gha,scope=openresty,mode=max + sbom: true + provenance: mode=max + + - name: Inspect SBOM and output manifest + run: | + docker buildx imagetools inspect localhost:5000/opentracing/openresty:${{ steps.meta.outputs.version }} --format '{{ json .SBOM.SPDX }}' > sbom-openresty.json + docker buildx imagetools inspect localhost:5000/opentracing/openresty:${{ steps.meta.outputs.version }} --format '{{ json .Provenance.SLSA }}' > provenance-openresty.json + docker buildx imagetools inspect localhost:5000/opentracing/openresty:${{ steps.meta.outputs.version }} --raw + + - name: Scan SBOM + id: scan + uses: anchore/scan-action@v3 + with: + sbom: "sbom-openresty.json" + only-fixed: true + add-cpes-if-none: true + fail-build: false + + - name: Upload scan result to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + continue-on-error: true + with: + sarif_file: ${{ steps.scan.outputs.sarif }} + if: always() + + - name: Upload Scan Results + uses: actions/upload-artifact@v4 + continue-on-error: true + with: + name: scan-results-openresty + path: | + ${{ steps.scan.outputs.sarif }} + *.json + if: always() diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 5811862a..45477d85 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -50,7 +50,6 @@ jobs: - name: Docker Buildx uses: docker/setup-buildx-action@v3 with: - buildkitd-flags: --debug driver-opts: network=host - name: DockerHub Login diff --git a/.github/workflows/system-testing.yml b/.github/workflows/system-testing.yml new file mode 100644 index 00000000..70b19d67 --- /dev/null +++ b/.github/workflows/system-testing.yml @@ -0,0 +1,95 @@ +name: System Testing + +on: + push: + branches: + - master + tags: + - "v[0-9]+.[0-9]+.[0-9]+" + pull_request: + branches: + - master + +defaults: + run: + shell: bash + +concurrency: + group: ${{ github.ref_name }}-system-testing + cancel-in-progress: true + +jobs: + system-testing: + name: System Testing + runs-on: ubuntu-22.04 + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + + - name: Get vars + id: vars + run: | + # replace with version from Dockerfile when fixed + echo "NGINX_VERSION=1.27.0" >> $GITHUB_OUTPUT + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version-file: '.python-version' + cache: 'pip' + + - name: Install Dependencies + run: pip install -r test/requirements.ci.txt + + - name: Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build nginx + uses: docker/build-push-action@v6 + with: + pull: true + load: true + file: test/Dockerfile-test + tags: nginx-opentracing-test/nginx + cache-from: type=gha,scope=system-nginx + cache-to: type=gha,scope=system-nginx,mode=max + build-args: | + NGINX_VERSION=${{ steps.vars.outputs.NGINX_VERSION }} + + - name: Build backend + uses: docker/build-push-action@v6 + with: + pull: true + load: true + file: test/Dockerfile-backend + context: test + tags: nginx-opentracing-test/backend + cache-from: type=gha,scope=system-backend + cache-to: type=gha,scope=system-backend,mode=max + + - name: Build grpc-backend + uses: docker/build-push-action@v6 + with: + pull: true + load: true + file: test/environment/grpc/Dockerfile + context: test/environment/grpc + tags: nginx-opentracing-test/grpc-backend + cache-from: type=gha,scope=system-grpc-backend + cache-to: type=gha,scope=system-grpc-backend,mode=max + + - name: Run Tests + run: | + mkdir -p test-log + python3 nginx_opentracing_test.py + env: + PYTHONPATH: environment/grpc + LOG_DIR: ${{ github.workspace }}/test/test-log + working-directory: test + + - name: Upload artifact + uses: actions/upload-artifact@v4 + if: always() + with: + name: test-log + path: ./test/test-log diff --git a/.gitignore b/.gitignore index b5d11599..50ef4661 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,6 @@ test-log/ .DS_Store out +bin +lib +pyvenv.cfg diff --git a/.python-version b/.python-version index 7d4ef04f..455808f8 100644 --- a/.python-version +++ b/.python-version @@ -1 +1 @@ -3.10.3 +3.12.4 diff --git a/Makefile b/Makefile index 534d485c..f957b0e3 100644 --- a/Makefile +++ b/Makefile @@ -1,18 +1,23 @@ +NGINX_VERSION=1.27.0 + .PHONY: docker-image docker-image: - DOCKER_BUILDKIT=1 docker build -f Dockerfile -t opentracing-contrib/nginx-opentracing --target final . + docker build -f Dockerfile -t opentracing-contrib/nginx-opentracing --target final . .PHONY: docker-image-alpine docker-image-alpine: - DOCKER_BUILDKIT=1 docker build -f Dockerfile -t opentracing-contrib/nginx-opentracing --target final --build-arg BUILD_OS=alpine . + docker build -f Dockerfile -t opentracing-contrib/nginx-opentracing --target final --build-arg BUILD_OS=alpine . docker-build-binaries: - DOCKER_BUILDKIT=1 docker buildx build --build-arg NGINX_VERSION=1.27.0 --platform linux/amd64 -f build/Dockerfile -t nginx-opentracing-binaries --target=export --output "type=local,dest=out" --progress=plain --no-cache --pull . + docker buildx build --build-arg NGINX_VERSION=$(NGINX_VERSION) --platform linux/amd64 -f build/Dockerfile -t nginx-opentracing-binaries --target=export --output "type=local,dest=out" --progress=plain --no-cache --pull . .PHONY: test test: - ./ci/system_testing.sh + docker build -t nginx-opentracing-test/nginx -f test/Dockerfile-test . --build-arg NGINX_VERSION=$(NGINX_VERSION) + docker build -t nginx-opentracing-test/backend -f test/Dockerfile-backend ./test + docker build -t nginx-opentracing-test/grpc-backend -f test/environment/grpc/Dockerfile ./test/environment/grpc + cd test && LOG_DIR=$(CURDIR)/test/test-log PYTHONPATH=environment/grpc python3 nginx_opentracing_test.py .PHONY: clean clean: - rm -fr test-log + rm -fr test/test-log diff --git a/ci/do_ci.sh b/ci/do_ci.sh index 605f2ca5..d00da449 100755 --- a/ci/do_ci.sh +++ b/ci/do_ci.sh @@ -5,31 +5,10 @@ set -e [ -z "${SRC_DIR}" ] && export SRC_DIR="$(pwd)" [ -z "${BUILD_DIR}" ] && export BUILD_DIR=/build -if [[ "$1" == "system.testing" ]]; then - docker build -t nginx-opentracing-test/nginx -f Dockerfile-test . - cd test - docker build -t nginx-opentracing-test/backend -f Dockerfile-backend . - cd environment/grpc - docker build -t nginx-opentracing-test/grpc-backend . - cd - - PYTHONPATH=environment/grpc python3 nginx_opentracing_test.py - exit 0 -elif [[ "$1" == "build" ]]; then +if [[ "$1" == "build" ]]; then mkdir -p "${BUILD_DIR}" ./ci/build_nginx_opentracing_module.sh exit 0 -elif [[ "$1" == "push_docker_image" ]]; then - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - VERSION_TAG="$(git describe --abbrev=0 --tags)" - VERSION="${VERSION_TAG/v/}" - - # openresty - docker build -t opentracing/openresty -f Dockerfile-openresty . - docker tag opentracing/openresty opentracing/openresty:${VERSION} - docker push opentracing/openresty:${VERSION} - docker tag opentracing/openresty opentracing/openresty:latest - docker push opentracing/openresty:latest - exit 0 else echo "Invalid do_ci.sh target" exit 1 diff --git a/ci/install_dependencies.sh b/ci/install_dependencies.sh deleted file mode 100755 index 8cd7b0d0..00000000 --- a/ci/install_dependencies.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -set -x -set -e - -# workaround to install docker-compose v1 -sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose -sudo chmod +x /usr/local/bin/docker-compose - -docker version -docker-compose version - -pyenv versions -pyenv local 3.10.3 -python --version -pip --version -pip install --upgrade pip -pip install --upgrade setuptools -pip install -r test/requirements.ci.txt diff --git a/ci/system_testing.sh b/ci/system_testing.sh deleted file mode 100755 index c3a78d99..00000000 --- a/ci/system_testing.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -./ci/install_dependencies.sh - -set -x -mkdir ./test-log -chmod a+rwx ./test-log -export LOG_DIR=$PWD/test-log -./ci/do_ci.sh system.testing diff --git a/test/Dockerfile-backend b/test/Dockerfile-backend index 9f85d168..caed0fc5 100644 --- a/test/Dockerfile-backend +++ b/test/Dockerfile-backend @@ -1,20 +1,11 @@ -FROM ubuntu:22.04 +FROM python:3.12 -RUN apt-get update \ - && apt-get install -y \ - curl \ - python3 \ - python3-dev \ - build-essential \ - && rm -rf /var/lib/apt/lists/* \ - && curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \ - && python3 get-pip.py \ - && rm get-pip.py +COPY requirements.txt . +RUN pip install -r requirements.txt COPY . /app WORKDIR /app -RUN pip install -r requirements.txt ENTRYPOINT ["python3"] CMD ["environment/app.py"] diff --git a/Dockerfile-test b/test/Dockerfile-test similarity index 93% rename from Dockerfile-test rename to test/Dockerfile-test index 971e18d8..8d35623d 100644 --- a/Dockerfile-test +++ b/test/Dockerfile-test @@ -1,24 +1,27 @@ FROM ubuntu:24.04 ARG OPENTRACING_CPP_VERSION=v1.6.0 -ARG NGINX_VERSION=1.27.0 +ARG NGINX_VERSION RUN set -x \ && apt-get update \ && DEBIAN_FRONTEND="noninteractive" apt-get install --no-install-recommends --no-install-suggests -y \ build-essential \ - gettext \ + ca-certificates \ cmake \ + curl \ + gettext \ git \ gnupg2 \ - software-properties-common \ - curl \ - python3 \ jq \ - ca-certificates \ - wget \ libpcre3 libpcre3-dev \ - zlib1g-dev + libssl-dev \ + python3 \ + software-properties-common \ + wget \ + zlib1g-dev \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* ### Build opentracing-cpp RUN cd / \ @@ -32,7 +35,6 @@ RUN cd / \ COPY ./opentracing /opentracing ### Build nginx -RUN apt-get install -y libssl-dev RUN cd / \ && wget -O nginx-release-${NGINX_VERSION}.tar.gz https://github.com/nginx/nginx/archive/release-${NGINX_VERSION}.tar.gz \ && tar zxf nginx-release-${NGINX_VERSION}.tar.gz \ diff --git a/test/environment/docker-compose.yaml b/test/environment/docker-compose.yaml index 2b7af29d..99ce6b31 100644 --- a/test/environment/docker-compose.yaml +++ b/test/environment/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: nginx: @@ -44,7 +43,7 @@ services: - "5001:5001" php_fpm: - image: php:7-fpm + image: php:8-fpm networks: testnet: aliases: diff --git a/test/nginx_opentracing_test.py b/test/nginx_opentracing_test.py index df5dd48c..986bb822 100644 --- a/test/nginx_opentracing_test.py +++ b/test/nginx_opentracing_test.py @@ -42,12 +42,12 @@ def setUp(self): ) self.environment_handle = subprocess.Popen( - ["docker-compose", "up"], + ["docker", "compose", "up", "--wait", "--wait-timeout", "60"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, ) self.client = get_docker_client() - timeout = time.time() + 60 + timeout = time.time() + 120 while len(self.client.containers.list()) != 4: if time.time() > timeout: raise TimeoutError() @@ -107,7 +107,7 @@ def _stopDocker(self): if not self.running: return self.running = False - subprocess.check_call(["docker-compose", "down"]) + subprocess.check_call(["docker", "compose", "down"]) stdout, stderr = self.environment_handle.communicate() self.environment_stdout = stdout self.environment_stderr = stderr