Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
9c8549c
Update docs.yml
kaggis Aug 12, 2025
a7cd38a
Remove docs from jenkins
kaggis Aug 12, 2025
92e330f
Merge pull request #515 from kaggis/remove-docs-jenkins
themiszamani Aug 12, 2025
224dc21
remove failing go workflow
kaggis Aug 12, 2025
e6217e6
Update docs.yml
kaggis Aug 12, 2025
da004e9
Update docs.yml
kaggis Aug 12, 2025
d692ed1
Merge pull request #516 from kaggis/remove-go-workflow
themiszamani Aug 12, 2025
a6f4c11
Update training_material.md
kaggis Aug 12, 2025
6184b6d
Upgrade Golang to version 1.25
agelostsal Apr 13, 2025
afc4fcb
Merge pull request #519 from agelostsal/upgrade/go125
themiszamani Aug 26, 2025
29a7885
AM-401 Support for MongoDB 7
agelostsal Sep 1, 2025
a2bee98
Merge pull request #520 from agelostsal/upgrade/mongo7
themiszamani Sep 1, 2025
a0919f7
Add rocky9 build repo and checksec detailed security check
agelostsal Sep 2, 2025
eaa2d8b
Merge pull request #521 from agelostsal/upgrade/jenkinsfile-security-…
agelostsal Sep 2, 2025
47dc322
Create trivy.yml
themiszamani Sep 17, 2025
908f977
Update trivy.yml
themiszamani Sep 17, 2025
4f9a55f
Update trivy.yml
themiszamani Sep 17, 2025
babe48e
Update trivy.yml
themiszamani Sep 17, 2025
8786b0b
Update trivy.yml
themiszamani Sep 17, 2025
ef253f0
Merge pull request #522 from ARGOeu/trivy
themiszamani Sep 17, 2025
1068fcc
Upgrade test-containers to latest version for security fixes
agelostsal Oct 8, 2025
83be9bb
Merge pull request #523 from agelostsal/devel
themiszamani Oct 8, 2025
7a3265f
Create trivy-master.yml
themiszamani Oct 15, 2025
2591a93
Merge pull request #524 from ARGOeu/trivy@master
themiszamani Oct 15, 2025
e249900
Update trivy-master.yml
themiszamani Oct 15, 2025
23961a3
Update trivy-master.yml
themiszamani Oct 15, 2025
ae067e2
Merge branch 'master' into devel
themiszamani Oct 15, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: Deploy documentation to github pages

# Define when to run action
on:
# run action on push to devel bhranch
# run action on push to devel branch
push:
branches: [ devel ]

Expand Down Expand Up @@ -38,6 +38,7 @@ jobs:
with:
node-version: '22'
cache: 'npm'
cache-dependency-path: website/package-lock.json

- name: Install deps
run: npm i
Expand All @@ -51,8 +52,8 @@ jobs:
- name: Upload docs
uses: actions/upload-pages-artifact@v3
with:
path: 'build'
path: 'website/build'

- name: Run gh action to deploy to github pages
id: deployment
uses: actions/deploy-pages@v5
uses: actions/deploy-pages@v4
16 changes: 0 additions & 16 deletions .github/workflows/go.yml

This file was deleted.

35 changes: 35 additions & 0 deletions .github/workflows/trivy-master.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
on:
push:
branches:
- master
jobs:
supply-chain:
runs-on: ubuntu-latest
steps:
- name: checkout code
uses: actions/checkout@v4
- name: Scan and Generate SBOM
uses: aquasecurity/trivy-action@0.32.0
with:
format: "cyclonedx"
exit-code: "1"
hide-progress: true
output: "dependencies.cdx.json"
ignore-unfixed: true
scan-type: "fs"
scan-ref: "."
severity: "CRITICAL,HIGH"
github-pat: ${{ secrets.GITHUB_TOKEN }}
skip-dirs: website
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
- name: Deliver BOM to Dependency Tracker
run: |
curl -v -X POST \
-H "X-Api-Key: ${{ secrets.DEPTRACK_API_KEY }}" \
-H 'Accept: application/json' \
-H 'Content-Type: multipart/form-data' \
-F "project=${{ secrets.DEPTRACK_PROJECT_ID }}" \
-F "bom=@dependencies.cdx.json" \
-F "isLatest=true" \
https://sms.eoscnode.org/api/v1/bom
56 changes: 56 additions & 0 deletions .github/workflows/trivy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

name: trivy

on:
push:
branches: [ "devel" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "devel" ]
# schedule:
# - cron: '44 1 * * 3'

permissions:
contents: read

jobs:
build:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Scan repository with Trivy
uses: aquasecurity/trivy-action@0.20.0
with:
scan-type: fs
ignore-unfixed: true
format: 'sarif'
limit-severities-for-sarif: true #By default SARIF format enforces output of all vulnerabilities. To override this behavior set this parameter to true
severity: 'HIGH,CRITICAL'
output: trivy-results.sarif
skip-dirs: website
continue-on-error: true # still upload SARIF even if vulnerabilities exist

- name: Debug SARIF
run: |
head -n 20 trivy-results.sarif
jq .version trivy-results.sarif

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: trivy-results.sarif
# Optional category for the results
# Used to differentiate multiple results for one commit


51 changes: 19 additions & 32 deletions Jenkinsfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
pipeline {
agent {
docker {
image 'argo.registry:5000/epel-7-go1.21'
image 'argo.registry:5000/rocky9-go1.25:latest'
args '-u jenkins:jenkins'
}
}
Expand All @@ -13,6 +13,8 @@ pipeline {
PROJECT_DIR="argo-messaging"
GH_USER = 'newgrnetci'
GH_EMAIL = '<argo@grnet.gr>'
GOCACHE = '/tmp/go-cache'
GOMODCACHE = '/tmp/go-mod-cache'
GOPATH="${WORKSPACE}/go"
GIT_COMMIT=sh(script: "cd ${WORKSPACE}/$PROJECT_DIR && git log -1 --format=\"%H\"",returnStdout: true).trim()
GIT_COMMIT_HASH=sh(script: "cd ${WORKSPACE}/$PROJECT_DIR && git log -1 --format=\"%H\" | cut -c1-7",returnStdout: true).trim()
Expand All @@ -23,6 +25,7 @@ pipeline {
steps {
echo 'Build...'
sh """
go version
mkdir -p ${WORKSPACE}/go/src/github.com/ARGOeu
ln -sf ${WORKSPACE}/${PROJECT_DIR} ${WORKSPACE}/go/src/github.com/ARGOeu/${PROJECT_DIR}
rm -rf ${WORKSPACE}/go/src/github.com/ARGOeu/${PROJECT_DIR}/${PROJECT_DIR}
Expand All @@ -36,7 +39,18 @@ pipeline {
steps {
sh """
cd ${WORKSPACE}/go/src/github.com/ARGOeu/${PROJECT_DIR}
/home/jenkins/checksec.py -b ./argo-messaging

checksec --file=./argo-messaging --format=xml > ./checksec.xml

set +x
# define function that receives field/value and checks them in checksec.xml output
checksec_point(){ f=\$1; v=\$2; r=\$(xmllint --xpath "string(//file/@\$f)" checksec.xml); \
echo -n "\$f(expected:\$v)=\$r"; [[ "\$r" == "\$v" ]] && \
echo -e "\t✓ PASS" || { echo -e "\t𐄂 FAIL"; return 1; }; }

# for pairs of field/value items check if they exist in the checksec.xml output - break if not
for pair in "pie yes" "nx yes" "relro full" "rpath no" "runpath no" "symbols no" "fortify_source yes"; \
do set -- \$pair; checksec_point "\$1" "\$2"; done
"""
}
}
Expand All @@ -45,8 +59,8 @@ pipeline {
echo 'Test & Coverage...'
sh """
cd ${WORKSPACE}/go/src/github.com/ARGOeu/${PROJECT_DIR}
gocov test -p 1 \$(go list ./... | grep -v /vendor/) | gocov-xml > ${WORKSPACE}/coverage.xml
go test -p 1 \$(go list ./... | grep -v /vendor/) -v=1 | go-junit-report > ${WORKSPACE}/junit.xml
gotestsum --junitfile ${WORKSPACE}/junit.xml -- -p 1 -v -coverprofile=coverage.out ./...
gocover-cobertura < coverage.out > ${WORKSPACE}/coverage.xml
"""
junit '**/junit.xml'
cobertura coberturaReportFile: '**/coverage.xml'
Expand All @@ -58,7 +72,7 @@ pipeline {
echo 'Building Rpm...'
withCredentials(bindings: [sshUserPrivateKey(credentialsId: 'jenkins-rpm-repo', usernameVariable: 'REPOUSER', \
keyFileVariable: 'REPOKEY')]) {
sh "/home/jenkins/build-rpm.sh -w ${WORKSPACE} -b ${BRANCH_NAME} -d centos7 -p ${PROJECT_DIR} -s ${REPOKEY}"
sh "/home/jenkins/build-rpm.sh -w ${WORKSPACE} -b ${BRANCH_NAME} -d rocky9 -p ${PROJECT_DIR} -s ${REPOKEY}"
}
archiveArtifacts artifacts: '**/*.rpm', fingerprint: true
}
Expand All @@ -68,33 +82,6 @@ pipeline {
}
}
}
stage ('Deploy Docs') {
when {
branch 'devel'
}
agent {
docker {
image 'node:18-buster'
}
}
steps {
echo 'Publish argo-messaging docs...'
sh '''
cd $WORKSPACE/$PROJECT_DIR
cd website
npm install
'''
sshagent (credentials: ['jenkins-master']) {
sh '''
cd $WORKSPACE/$PROJECT_DIR/website
mkdir ~/.ssh && ssh-keyscan -H github.com > ~/.ssh/known_hosts
git config --global user.email ${GH_EMAIL}
git config --global user.name ${GH_USER}
GIT_USER=${GH_USER} USE_SSH=true npm run deploy
'''
}
}
}
}
post{
always {
Expand Down
3 changes: 3 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,6 @@ go-test:
go get github.com/AlekSi/gocov-xml && \
${GOPATH}/bin/gocov test ${GOFILES_NOVENDOR} | ${GOPATH}/bin/gocov-xml > ${APPDIR}/coverage.xml &&\
chown ${hostUID} ${APPDIR}/coverage.xml

clean:
@echo "Clean target - nothing to clean"
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,10 @@ specific topics and receive messages.

#### Build Requirements

- Golang 1.21
- Golang 1.25

#### Datastore Requirements
- The service has been tested with mongodb from version `6.0.14`.
- The service has been tested with mongodb from version `7.0.23`.

#### Broker requirements

Expand Down
4 changes: 2 additions & 2 deletions auth/auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ package auth
import (
"context"
"errors"
"io/ioutil"
"io"
"testing"
"time"

Expand All @@ -27,7 +27,7 @@ func (suite *AuthTestSuite) SetupTest() {
"store_host":"localhost",
"store_db":"argo_msg"
}`
log.SetOutput(ioutil.Discard)
log.SetOutput(io.Discard)
}

func (suite *AuthTestSuite) TestAuth() {
Expand Down
6 changes: 3 additions & 3 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"encoding/json"
"errors"
"fmt"
"io"
"strconv"
"time"

Expand All @@ -14,7 +15,6 @@ import (
lSyslog "github.com/sirupsen/logrus/hooks/syslog"
"github.com/spf13/pflag"
"github.com/spf13/viper"
"io/ioutil"
"log/syslog"
"os"
"path/filepath"
Expand Down Expand Up @@ -219,7 +219,7 @@ func (cfg *APICfg) LoadCAs() (roots *x509.CertPool) {
}

if ok, _ := filepath.Match(pattern, info.Name()); ok {
bytes, err := ioutil.ReadFile(filepath.Join(cfg.CertificateAuthoritiesDir, info.Name()))
bytes, err := os.ReadFile(filepath.Join(cfg.CertificateAuthoritiesDir, info.Name()))
if err != nil {
return err
}
Expand Down Expand Up @@ -294,7 +294,7 @@ func setLogFacilities(facilities []string) {

// if the console option has not been specified close the standard logging
if !consoleEnabled {
log.SetOutput(ioutil.Discard)
log.SetOutput(io.Discard)
}
}

Expand Down
4 changes: 2 additions & 2 deletions config/config_test.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package config

import (
"io/ioutil"
"io"
"testing"

log "github.com/sirupsen/logrus"
Expand Down Expand Up @@ -122,6 +122,6 @@ func (suite *ConfigTestSuite) TestAuthOption() {
}

func TestConfigTestSuite(t *testing.T) {
log.SetOutput(ioutil.Discard)
log.SetOutput(io.Discard)
suite.Run(t, new(ConfigTestSuite))
}
Loading