diff --git a/.snyk b/.snyk new file mode 100644 index 000000000..5ef0b057d --- /dev/null +++ b/.snyk @@ -0,0 +1,6 @@ +# Snyk guide: https://docs.snyk.io/snyk-cli/commands/ignore +exclude: + global: + # ignore tests + - "**/*_test.go" + - "test/**" \ No newline at end of file diff --git a/.tekton/network-observability-console-plugin-pull-request.yaml b/.tekton/network-observability-console-plugin-pull-request.yaml index 237ef199d..de12e612e 100644 --- a/.tekton/network-observability-console-plugin-pull-request.yaml +++ b/.tekton/network-observability-console-plugin-pull-request.yaml @@ -94,11 +94,11 @@ spec: description: Skip checks against built image name: skip-checks type: string - - default: "false" + - default: "true" description: Execute the build with network isolation name: hermetic type: string - - default: "" + - default: "{\"type\":\"npm\", \"path\":\"./web\"}" description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string @@ -203,6 +203,8 @@ spec: params: - name: input value: $(params.prefetch-input) + - name: dev-package-managers + value: true runAfter: - clone-repository - update-downstream @@ -405,28 +407,6 @@ spec: operator: in values: - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: sbom-json-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:acc9cb8a714f33c0e48d6ca219b6bd0191f09cdd767af4ef3a35d0a5cac53b5d - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - name: apply-tags params: - name: IMAGE diff --git a/.tekton/network-observability-console-plugin-push.yaml b/.tekton/network-observability-console-plugin-push.yaml index 50470fd1b..c74ac4ccb 100644 --- a/.tekton/network-observability-console-plugin-push.yaml +++ b/.tekton/network-observability-console-plugin-push.yaml @@ -5,6 +5,7 @@ metadata: build.appstudio.openshift.io/repo: https://github.com/netobserv/network-observability-console-plugin?rev={{revision}} build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' + build.appstudio.openshift.io/build-nudge-files: "hack/container_digest.sh" pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" @@ -91,11 +92,11 @@ spec: description: Skip checks against built image name: skip-checks type: string - - default: "false" + - default: "true" description: Execute the build with network isolation name: hermetic type: string - - default: "" + - default: "{\"type\":\"npm\", \"path\":\"./web\"}" description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string @@ -402,28 +403,6 @@ spec: operator: in values: - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: sbom-json-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:acc9cb8a714f33c0e48d6ca219b6bd0191f09cdd767af4ef3a35d0a5cac53b5d - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - name: apply-tags params: - name: IMAGE diff --git a/Dockerfile b/Dockerfile index 025f00e2f..8c8bb5168 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,6 @@ # We do not use --platform feature to auto fill this ARG because of incompatibility between podman and docker -ARG BUILDSCRIPT= -ARG LDFLAGS= -ARG TARGETPLATFORM=linux/amd64 -ARG BUILDPLATFORM=linux/amd64 -FROM --platform=$BUILDPLATFORM docker.io/library/node:18-alpine as web-builder +ARG TARGETARCH +FROM docker.io/library/node:18-alpine as web-builder USER node @@ -15,7 +12,7 @@ WORKDIR /opt/app-root COPY --chown=node web/package.json web/package.json COPY --chown=node web/package-lock.json web/package-lock.json WORKDIR /opt/app-root/web -RUN npm ci +RUN CYPRESS_INSTALL_BINARY=0 npm --legacy-peer-deps ci WORKDIR /opt/app-root COPY --chown=node web web @@ -25,7 +22,7 @@ WORKDIR /opt/app-root/web RUN npm run format-all RUN npm run build$BUILDSCRIPT -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22 as go-builder +FROM docker.io/library/golang:1.22 as go-builder ARG TARGETPLATFORM ARG TARGETARCH=amd64 @@ -41,7 +38,7 @@ COPY pkg/ pkg/ RUN CGO_ENABLED=0 GOARCH=$TARGETARCH go build -ldflags "$LDFLAGS" -mod vendor -o plugin-backend cmd/plugin-backend.go -FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal:9.4 +FROM --platform=linux/$TARGETARCH registry.access.redhat.com/ubi9/ubi-minimal:9.4 COPY --from=web-builder /opt/app-root/web/dist ./web/dist COPY --from=go-builder /opt/app-root/plugin-backend ./ diff --git a/Makefile b/Makefile index 5e76fa72d..84706ab25 100644 --- a/Makefile +++ b/Makefile @@ -59,7 +59,7 @@ BUILD_FLAGS ?= -ldflags "${LDFLAGS}" # build a single arch target provided as argument define build_target echo 'building image for arch $(1)'; \ - DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --ulimit nofile=20480:20480 --load --build-arg LDFLAGS="${LDFLAGS}" --build-arg BUILDSCRIPT=${BUILDSCRIPT} --build-arg TARGETPLATFORM=linux/$(1) --build-arg TARGETARCH=$(1) --build-arg BUILDPLATFORM=linux/amd64 ${OCI_BUILD_OPTS} -t ${IMAGE}-$(1) -f Dockerfile .; + DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --ulimit nofile=20480:20480 --load --build-arg LDFLAGS="${LDFLAGS}" --build-arg BUILDSCRIPT=${BUILDSCRIPT} --build-arg TARGETARCH=$(1) ${OCI_BUILD_OPTS} -t ${IMAGE}-$(1) -f Dockerfile .; endef # push a single arch target image @@ -122,7 +122,7 @@ start: YQ build-backend install-frontend ## Run backend and frontend $(YQ) '.server.port |= 9002 | .server.metricsPort |= 9003 | .loki.useMocks |= false' ./config/sample-config.yaml > ./config/config.yaml @echo "### Starting backend on http://localhost:9002" bash -c "trap 'fuser -k 9002/tcp' EXIT; \ - ./plugin-backend $(CMDLINE_ARGS) & cd web && npm run start" + ./plugin-backend $(CMDLINE_ARGS) & cd web && npm run start" .PHONY: start-backend start-backend: YQ build-backend @@ -159,7 +159,7 @@ fmt-frontend: i18n ## Run frontend i18n and fmt lint-frontend: ## Lint frontend code @echo "### Linting frontend code" cd web && npm run lint - + .PHONY: test-frontend test-frontend: ## Test frontend using jest @echo "### Testing frontend" diff --git a/hack/update-build.sh b/hack/update-build.sh index b37d186ec..cb3eae714 100755 --- a/hack/update-build.sh +++ b/hack/update-build.sh @@ -15,4 +15,11 @@ LABEL maintainer="support@redhat.com" LABEL io.openshift.tags="network-observability-console-plugin" LABEL upstream-vcs-ref="${COMMIT}" LABEL upstream-vcs-type="git" +LABEL description="Based on Openshift Console dynamic plugin, this plugin implement the console elements for Network Observability." EOF + +sed -i 's/\(FROM.*\)docker.io\/library\/golang:1.22\(.*\)/\1brew.registry.redhat.io\/rh-osbs\/openshift-golang-builder:v1.22.5-202407301806.g4c8b32d.el9\2/g' ./Dockerfile +sed -i 's/\(FROM.*\)docker.io\/library\/node:18-alpine\(.*\)/\1registry.access.redhat.com\/ubi9\/nodejs-18:1-108.1716477799\2/g' ./Dockerfile + +sed -i 's/USER node//g' ./Dockerfile +sed -i 's/--chown=node/--chown=default/g' ./Dockerfile