opentracing-contrib · lucacome · Jun 28, 2024 · Jun 28, 2024
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,16 +1,5 @@
 version: 2
 jobs:
-  system_testing:
-    machine:
-      image: ubuntu-2204:2022.04.2
-    steps:
-      - checkout
-      - run:
-          name: system.testing
-          command: |
-            ./ci/system_testing.sh
-      - store_artifacts:
-          path: ./test-log
   build_gcc48_opentracing_15:
     docker:
       - image: ubuntu:18.04
@@ -33,36 +22,13 @@ jobs:
       - run: ./ci/install_gcc4.8.sh
       - run: ./ci/install_opentracing.sh
       - run: ./ci/do_ci.sh build
-  openresty_docker_image:
-    machine: true
-    steps:
-      - checkout
-      - run:
-          command: docker build -t opentracing/openresty -f Dockerfile-openresty .
-
-  push_docker_image:
-    machine: true
-    steps:
-      - checkout
-      - run:
-          command: ./ci/do_ci.sh push_docker_image
 
 
 workflows:
   version: 2
   build_test_and_deploy:
     jobs:
-      - push_docker_image:
-          filters:
-            branches:
-              ignore: /.*/
-            tags: &tags
-              only: /^v[0-9]+(\.[0-9]+)*$/
-      - system_testing
       - build_gcc48_opentracing_15
       - build_gcc48_opentracing_16:
           requires:
             - build_gcc48_opentracing_15
-      - openresty_docker_image:
-          requires:
-            - system_testing
diff --git a/.github/workflows/docker-openresty.yml b/.github/workflows/docker-openresty.yml
@@ -0,0 +1,109 @@
+name: Docker Openresty
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+  pull_request:
+    branches:
+      - master
+
+concurrency:
+  group: ${{ github.ref_name }}-docker-openresty
+  cancel-in-progress: true
+
+jobs:
+  build-docker:
+    name: Build Docker Image
+    runs-on: ubuntu-22.04
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: network=host
+
+      - name: DockerHub Login
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+        if: github.event_name != 'pull_request'
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+        if: github.event_name != 'pull_request'
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            name=opentracing/openresty,enable=${{ github.event_name != 'pull_request' }}
+            name=ghcr.io/opentracing-contrib/openresty,enable=${{ github.event_name != 'pull_request' }}
+            name=localhost:5000/opentracing/openresty
+          tags: |
+            type=edge
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          file: Dockerfile-openresty
+          pull: true
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          annotations: ${{ steps.meta.outputs.annotations }}
+          cache-from: type=gha,scope=openresty
+          cache-to: type=gha,scope=openresty,mode=max
+          sbom: true
+          provenance: mode=max
+
+      - name: Inspect SBOM and output manifest
+        run: |
+          docker buildx imagetools inspect localhost:5000/opentracing/openresty:${{ steps.meta.outputs.version }} --format '{{ json .SBOM.SPDX }}' > sbom-openresty.json
+          docker buildx imagetools inspect localhost:5000/opentracing/openresty:${{ steps.meta.outputs.version }} --format '{{ json .Provenance.SLSA }}' > provenance-openresty.json
+          docker buildx imagetools inspect localhost:5000/opentracing/openresty:${{ steps.meta.outputs.version }} --raw
+
+      - name: Scan SBOM
+        id: scan
+        uses: anchore/scan-action@v3
+        with:
+          sbom: "sbom-openresty.json"
+          only-fixed: true
+          add-cpes-if-none: true
+          fail-build: false
+
+      - name: Upload scan result to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        continue-on-error: true
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
+        if: always()
+
+      - name: Upload Scan Results
+        uses: actions/upload-artifact@v4
+        continue-on-error: true
+        with:
+          name: scan-results-openresty
+          path: |
+            ${{ steps.scan.outputs.sarif }}
+            *.json
+        if: always()
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -50,7 +50,6 @@ jobs:
       - name: Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
-          buildkitd-flags: --debug
           driver-opts: network=host
 
       - name: DockerHub Login

diff --git a/.github/workflows/system-testing.yml b/.github/workflows/system-testing.yml
@@ -0,0 +1,95 @@
+name: System Testing
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+  pull_request:
+    branches:
+      - master
+
+defaults:
+  run:
+    shell: bash
+
+concurrency:
+  group: ${{ github.ref_name }}-system-testing
+  cancel-in-progress: true
+
+jobs:
+  system-testing:
+    name: System Testing
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Get vars
+        id: vars
+        run: |
+          # replace with version from Dockerfile when fixed
+          echo "NGINX_VERSION=1.27.0" >> $GITHUB_OUTPUT
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: '.python-version'
+          cache: 'pip'
+
+      - name: Install Dependencies
+        run: pip install -r test/requirements.ci.txt
+
+      - name: Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build nginx
+        uses: docker/build-push-action@v6
+        with:
+          pull: true
+          load: true
+          file: test/Dockerfile-test
+          tags: nginx-opentracing-test/nginx
+          cache-from: type=gha,scope=system-nginx
+          cache-to: type=gha,scope=system-nginx,mode=max
+          build-args: |
+            NGINX_VERSION=${{ steps.vars.outputs.NGINX_VERSION }}
+
+      - name: Build backend
+        uses: docker/build-push-action@v6
+        with:
+          pull: true
+          load: true
+          file: test/Dockerfile-backend
+          context: test
+          tags: nginx-opentracing-test/backend
+          cache-from: type=gha,scope=system-backend
+          cache-to: type=gha,scope=system-backend,mode=max
+
+      - name: Build grpc-backend
+        uses: docker/build-push-action@v6
+        with:
+          pull: true
+          load: true
+          file: test/environment/grpc/Dockerfile
+          context: test/environment/grpc
+          tags: nginx-opentracing-test/grpc-backend
+          cache-from: type=gha,scope=system-grpc-backend
+          cache-to: type=gha,scope=system-grpc-backend,mode=max
+
+      - name: Run Tests
+        run: |
+          mkdir -p test-log
+          python3 nginx_opentracing_test.py
+        env:
+          PYTHONPATH: environment/grpc
+          LOG_DIR: ${{ github.workspace }}/test/test-log
+        working-directory: test
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: test-log
+          path: ./test/test-log
diff --git a/.gitignore b/.gitignore
@@ -41,3 +41,6 @@ test-log/
 .DS_Store
 
 out
+bin
+lib
+pyvenv.cfg
diff --git a/.python-version b/.python-version
@@ -1 +1 @@
-3.10.3
+3.12.4
diff --git a/Makefile b/Makefile
@@ -1,18 +1,23 @@
+NGINX_VERSION=1.27.0
+
 .PHONY: docker-image
 docker-image:
-	DOCKER_BUILDKIT=1 docker build -f Dockerfile -t opentracing-contrib/nginx-opentracing --target final .
+	docker build -f Dockerfile -t opentracing-contrib/nginx-opentracing --target final .
 
 .PHONY: docker-image-alpine
 docker-image-alpine:
-	DOCKER_BUILDKIT=1 docker build -f Dockerfile -t opentracing-contrib/nginx-opentracing --target final --build-arg BUILD_OS=alpine .
+	docker build -f Dockerfile -t opentracing-contrib/nginx-opentracing --target final --build-arg BUILD_OS=alpine .
 
 docker-build-binaries:
-	DOCKER_BUILDKIT=1 docker buildx build --build-arg NGINX_VERSION=1.27.0 --platform linux/amd64 -f build/Dockerfile -t nginx-opentracing-binaries --target=export --output "type=local,dest=out" --progress=plain --no-cache --pull .
+	docker buildx build --build-arg NGINX_VERSION=$(NGINX_VERSION) --platform linux/amd64 -f build/Dockerfile -t nginx-opentracing-binaries --target=export --output "type=local,dest=out" --progress=plain --no-cache --pull .
 
 .PHONY: test
 test:
-	./ci/system_testing.sh
+	docker build -t nginx-opentracing-test/nginx -f test/Dockerfile-test . --build-arg NGINX_VERSION=$(NGINX_VERSION)
+	docker build -t nginx-opentracing-test/backend -f test/Dockerfile-backend ./test
+	docker build -t nginx-opentracing-test/grpc-backend -f test/environment/grpc/Dockerfile ./test/environment/grpc
+	cd test && LOG_DIR=$(CURDIR)/test/test-log PYTHONPATH=environment/grpc python3 nginx_opentracing_test.py
 
 .PHONY: clean
 clean:
-	rm -fr test-log
+	rm -fr test/test-log
diff --git a/ci/do_ci.sh b/ci/do_ci.sh
@@ -5,31 +5,10 @@ set -e
 [ -z "${SRC_DIR}" ] && export SRC_DIR="$(pwd)"
 [ -z "${BUILD_DIR}" ] && export BUILD_DIR=/build
 
-if [[ "$1" == "system.testing" ]]; then
-  docker build -t nginx-opentracing-test/nginx -f Dockerfile-test .
-  cd test
-  docker build -t nginx-opentracing-test/backend -f Dockerfile-backend .
-  cd environment/grpc
-  docker build -t nginx-opentracing-test/grpc-backend .
-  cd -
-  PYTHONPATH=environment/grpc python3 nginx_opentracing_test.py
-  exit 0
-elif [[ "$1" == "build" ]]; then
+if [[ "$1" == "build" ]]; then
   mkdir -p "${BUILD_DIR}"
   ./ci/build_nginx_opentracing_module.sh
   exit 0
-elif [[ "$1" == "push_docker_image" ]]; then
-  echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
-  VERSION_TAG="$(git describe --abbrev=0 --tags)"
-  VERSION="${VERSION_TAG/v/}"
-
-  # openresty
-  docker build -t opentracing/openresty -f Dockerfile-openresty .
-  docker tag opentracing/openresty opentracing/openresty:${VERSION}
-  docker push opentracing/openresty:${VERSION}
-  docker tag opentracing/openresty opentracing/openresty:latest
-  docker push opentracing/openresty:latest
-  exit 0
 else
   echo "Invalid do_ci.sh target"
   exit 1

diff --git a/ci/install_dependencies.sh b/ci/install_dependencies.sh
diff --git a/ci/system_testing.sh b/ci/system_testing.sh
diff --git a/test/Dockerfile-backend b/test/Dockerfile-backend
@@ -1,20 +1,11 @@
-FROM ubuntu:22.04
+FROM python:3.12
 
-RUN apt-get update \
-    && apt-get install -y \
-    curl \
-    python3 \
-    python3-dev \
-    build-essential \
-    && rm -rf /var/lib/apt/lists/* \
-    && curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
-    && python3 get-pip.py \
-    && rm get-pip.py
+COPY requirements.txt .
+RUN pip install -r requirements.txt
 
 COPY . /app
 WORKDIR /app
 
-RUN pip install -r requirements.txt
 
 ENTRYPOINT ["python3"]
 CMD ["environment/app.py"]
-Original file line number
+Diff line change
@@ Expand Up / @@ -41,3 +41,6 @@ test-log/ @@
     .DS_Store
     out
+    bin
+    lib
+    pyvenv.cfg