From b443cb1884d3b7882cebbecd06fe94419c0d9f82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Tue, 26 Mar 2024 09:35:12 +0000 Subject: [PATCH 01/11] Create scan_vulnerabilies.yml --- .github/workflows/scan_vulnerabilies.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/scan_vulnerabilies.yml diff --git a/.github/workflows/scan_vulnerabilies.yml b/.github/workflows/scan_vulnerabilies.yml new file mode 100644 index 00000000000..60dcdbc4ffd --- /dev/null +++ b/.github/workflows/scan_vulnerabilies.yml @@ -0,0 +1,24 @@ +name: Scan for vulnerabilities + +on: + pull_request_target: + types: [opened, synchronize] + workflow_dispatch: + +jobs: + scan_image: + runs-on: ubuntu-latest + steps: + - name: checkout repo content + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - run: ./gradlew clean assembleTarDistribution + - run: mkdir scan + - run: cd scan && tar -zxf ../build/logstash-*.tar.gz + - name: Scan image + uses: anchore/scan-action@v3 + with: + path: "scan/*" + fail-build: true + severity-cutoff: critical From ffabbed1d791d693d43dba147e4912e2a1e65f12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Tue, 26 Mar 2024 09:45:51 +0000 Subject: [PATCH 02/11] Update scan_vulnerabilies.yml --- .github/workflows/scan_vulnerabilies.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/scan_vulnerabilies.yml b/.github/workflows/scan_vulnerabilies.yml index 60dcdbc4ffd..56ce06ff967 100644 --- a/.github/workflows/scan_vulnerabilies.yml +++ b/.github/workflows/scan_vulnerabilies.yml @@ -14,8 +14,11 @@ jobs: with: fetch-depth: 0 - run: ./gradlew clean assembleTarDistribution + - run: ls -lha - run: mkdir scan - - run: cd scan && tar -zxf ../build/logstash-*.tar.gz + - run: tar -zxf ../build/logstash-*.tar.gz + working-directory: scan + - run: ls -lha - name: Scan image uses: anchore/scan-action@v3 with: From f0c2c0a0b657b295899ef175d418222e8cbea1b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Tue, 26 Mar 2024 10:05:14 +0000 Subject: [PATCH 03/11] Update scan_vulnerabilies.yml --- .github/workflows/scan_vulnerabilies.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/scan_vulnerabilies.yml b/.github/workflows/scan_vulnerabilies.yml index 56ce06ff967..dfa6cd1e384 100644 --- a/.github/workflows/scan_vulnerabilies.yml +++ b/.github/workflows/scan_vulnerabilies.yml @@ -17,11 +17,11 @@ jobs: - run: ls -lha - run: mkdir scan - run: tar -zxf ../build/logstash-*.tar.gz - working-directory: scan - - run: ls -lha + working-directory: ./scan + - run: ls -lha scan - name: Scan image uses: anchore/scan-action@v3 with: - path: "scan/*" + path: "./scan" fail-build: true severity-cutoff: critical From ed10e44d1126a601a35c2997b5c02869f15137cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Tue, 26 Mar 2024 10:14:42 +0000 Subject: [PATCH 04/11] Update rubyUtils.gradle --- rubyUtils.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rubyUtils.gradle b/rubyUtils.gradle index 5f47000a779..24a6d39cb61 100644 --- a/rubyUtils.gradle +++ b/rubyUtils.gradle @@ -292,7 +292,7 @@ tasks.register("downloadAndInstallJRuby", Copy) { f.path = f.path.replaceFirst("^jruby-${jRubyVersion}", '') } exclude "**/did_you_mean-*/evaluation/**" // licensing issue https://github.com/jruby/jruby/issues/6471 - exclude "vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9" + exclude "vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/*" exclude "**/lib/jni/**/**" includeEmptyDirs = false From 6d64880695d4ad0798c655cd2afc9dd2748daeb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Tue, 26 Mar 2024 10:23:01 +0000 Subject: [PATCH 05/11] Update rubyUtils.gradle --- rubyUtils.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rubyUtils.gradle b/rubyUtils.gradle index 24a6d39cb61..e16fa703c5c 100644 --- a/rubyUtils.gradle +++ b/rubyUtils.gradle @@ -292,7 +292,7 @@ tasks.register("downloadAndInstallJRuby", Copy) { f.path = f.path.replaceFirst("^jruby-${jRubyVersion}", '') } exclude "**/did_you_mean-*/evaluation/**" // licensing issue https://github.com/jruby/jruby/issues/6471 - exclude "vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/*" + exclude "vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/**/*" exclude "**/lib/jni/**/**" includeEmptyDirs = false From c2d1d2ccb51a15a045365d7e2fa2bb1741a48326 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Tue, 26 Mar 2024 10:35:33 +0000 Subject: [PATCH 06/11] Update artifacts.rake --- rakelib/artifacts.rake | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rakelib/artifacts.rake b/rakelib/artifacts.rake index c4705b5624b..89f81509196 100644 --- a/rakelib/artifacts.rake +++ b/rakelib/artifacts.rake @@ -99,8 +99,8 @@ namespace "artifact" do @exclude_paths << 'vendor/**/gems/**/Gemfile' @exclude_paths << 'vendor/jruby/lib/ruby/gems/shared/gems/rake-*' - # exclude the maven jars until https://github.com/jruby/ruby-maven-libs/pull/4 - @exclude_paths << 'vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9' + # exclude ruby-maven-libs 3.3.9 jars until JRuby ships with >= 3.8.9 + @exclude_paths << 'vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/**/*' @exclude_paths end From 7127639fef499c92307923661d841c607421f5f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Tue, 26 Mar 2024 10:42:34 +0000 Subject: [PATCH 07/11] Update artifacts.rake --- rakelib/artifacts.rake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rakelib/artifacts.rake b/rakelib/artifacts.rake index 89f81509196..e1c3176f897 100644 --- a/rakelib/artifacts.rake +++ b/rakelib/artifacts.rake @@ -100,7 +100,7 @@ namespace "artifact" do @exclude_paths << 'vendor/jruby/lib/ruby/gems/shared/gems/rake-*' # exclude ruby-maven-libs 3.3.9 jars until JRuby ships with >= 3.8.9 - @exclude_paths << 'vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/**/*' + @exclude_paths << 'vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/**/**' @exclude_paths end From 665675c2faedb04da10bc209e5cec61ffce79af8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Tue, 26 Mar 2024 10:42:55 +0000 Subject: [PATCH 08/11] Update rubyUtils.gradle --- rubyUtils.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rubyUtils.gradle b/rubyUtils.gradle index e16fa703c5c..0fb2953c9ce 100644 --- a/rubyUtils.gradle +++ b/rubyUtils.gradle @@ -292,7 +292,7 @@ tasks.register("downloadAndInstallJRuby", Copy) { f.path = f.path.replaceFirst("^jruby-${jRubyVersion}", '') } exclude "**/did_you_mean-*/evaluation/**" // licensing issue https://github.com/jruby/jruby/issues/6471 - exclude "vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/**/*" + exclude "vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/**/**" exclude "**/lib/jni/**/**" includeEmptyDirs = false From 8aa70707fd92d59268172a1f370cf193dca00c35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Tue, 26 Mar 2024 11:11:14 +0000 Subject: [PATCH 09/11] Update artifacts.rake --- rakelib/artifacts.rake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rakelib/artifacts.rake b/rakelib/artifacts.rake index e1c3176f897..89f81509196 100644 --- a/rakelib/artifacts.rake +++ b/rakelib/artifacts.rake @@ -100,7 +100,7 @@ namespace "artifact" do @exclude_paths << 'vendor/jruby/lib/ruby/gems/shared/gems/rake-*' # exclude ruby-maven-libs 3.3.9 jars until JRuby ships with >= 3.8.9 - @exclude_paths << 'vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/**/**' + @exclude_paths << 'vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/**/*' @exclude_paths end From cd78d78494677014b0781a9818adc01388cefeaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Tue, 26 Mar 2024 11:11:28 +0000 Subject: [PATCH 10/11] Update rubyUtils.gradle --- rubyUtils.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rubyUtils.gradle b/rubyUtils.gradle index 0fb2953c9ce..e16fa703c5c 100644 --- a/rubyUtils.gradle +++ b/rubyUtils.gradle @@ -292,7 +292,7 @@ tasks.register("downloadAndInstallJRuby", Copy) { f.path = f.path.replaceFirst("^jruby-${jRubyVersion}", '') } exclude "**/did_you_mean-*/evaluation/**" // licensing issue https://github.com/jruby/jruby/issues/6471 - exclude "vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/**/**" + exclude "vendor/bundle/jruby/**/gems/ruby-maven-libs-3.3.9/**/*" exclude "**/lib/jni/**/**" includeEmptyDirs = false From 9b51d6e9025e4c81749deaec84008843689c62b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= Date: Tue, 26 Mar 2024 11:27:43 +0000 Subject: [PATCH 11/11] Delete .github/workflows/scan_vulnerabilies.yml --- .github/workflows/scan_vulnerabilies.yml | 27 ------------------------ 1 file changed, 27 deletions(-) delete mode 100644 .github/workflows/scan_vulnerabilies.yml diff --git a/.github/workflows/scan_vulnerabilies.yml b/.github/workflows/scan_vulnerabilies.yml deleted file mode 100644 index dfa6cd1e384..00000000000 --- a/.github/workflows/scan_vulnerabilies.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Scan for vulnerabilities - -on: - pull_request_target: - types: [opened, synchronize] - workflow_dispatch: - -jobs: - scan_image: - runs-on: ubuntu-latest - steps: - - name: checkout repo content - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - run: ./gradlew clean assembleTarDistribution - - run: ls -lha - - run: mkdir scan - - run: tar -zxf ../build/logstash-*.tar.gz - working-directory: ./scan - - run: ls -lha scan - - name: Scan image - uses: anchore/scan-action@v3 - with: - path: "./scan" - fail-build: true - severity-cutoff: critical