chore: fix dependabot alerts (#2684)

* chore: fix dependabot alerts Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * ci: fix clustering test by creating separate local dirs Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * ci: free up disk space in cluster tests Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * ci: revert to stacker v1.0.0-rc16 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> * ci: fix revert to stacker v1.0.0-rc16 Signed-off-by: Andrei Aaron <aaaron@luxoft.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> Signed-off-by: Andrei Aaron <aaaron@luxoft.com> Co-authored-by: Andrei Aaron <aaaron@luxoft.com>
2026-06-17 21:17:58 +08:00 · 2024-10-01 01:11:27 -07:00
parent df4f9ca9d3
commit a31842bd7e
8 changed files with 66 additions and 46 deletions
@@ -45,6 +45,12 @@ jobs:
          # install haproxy
          sudo apt-get install haproxy

+      - name: Build binaries
+        run: |
+          cd $GITHUB_WORKSPACE
+          make binary
+          make bench
+
      - name: Setup minio service
        run: |
            docker run -d -p 9000:9000 --name minio \
@@ -92,14 +98,29 @@ jobs:
      - name: Prepare configuration files
        run: |
            cp test/cluster/config-minio.json test/cluster/config-minio1.json
-            sed -i 's/8081/8082/g' test/cluster/config-minio.json
+            sed -i 's/8081/8081/g' test/cluster/config-minio1.json
+            sed -i 's/\/tmp\/zot/\/tmp\/zot1/g' test/cluster/config-minio1.json
            cp test/cluster/config-minio.json test/cluster/config-minio2.json
-            sed -i 's/8082/8083/g' test/cluster/config-minio.json
+            sed -i 's/8081/8082/g' test/cluster/config-minio2.json
+            sed -i 's/\/tmp\/zot/\/tmp\/zot2/g' test/cluster/config-minio2.json
            cp test/cluster/config-minio.json test/cluster/config-minio3.json
+            sed -i 's/8081/8083/g' test/cluster/config-minio3.json
+            sed -i 's/\/tmp\/zot/\/tmp\/zot3/g' test/cluster/config-minio3.json
+
+      - name: Free up disk space
+        uses: jlumbroso/free-disk-space@main
+        with:
+          # This might remove tools that are actually needed, if set to "true" but frees about 6 GB
+          tool-cache: true
+          # All of these default to true, but feel free to set to "false" if necessary for your workflow
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: true
+          swap-storage: true

      - name: Run push-pull tests
        run: |
-            make binary
            ./bin/zot-linux-amd64 serve test/cluster/config-minio1.json &
            ./bin/zot-linux-amd64 serve test/cluster/config-minio2.json &
            ./bin/zot-linux-amd64 serve test/cluster/config-minio3.json &
@@ -127,7 +148,6 @@ jobs:

      - name: Run benchmark with --src-cidr arg
        run: |
-            make bench
            ./bin/zot-linux-amd64 serve test/cluster/config-minio1.json &
            ./bin/zot-linux-amd64 serve test/cluster/config-minio2.json &
            ./bin/zot-linux-amd64 serve test/cluster/config-minio3.json &
@@ -145,7 +165,6 @@ jobs:

      - name: Run benchmark with --src-ips arg
        run: |
-            make bench
            ./bin/zot-linux-amd64 serve test/cluster/config-minio1.json &
            ./bin/zot-linux-amd64 serve test/cluster/config-minio2.json &
            ./bin/zot-linux-amd64 serve test/cluster/config-minio3.json &
@@ -53,7 +53,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.26.9
+      uses: github/codeql-action/init@v3.26.10
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@@ -64,7 +64,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3.26.9
+      uses: github/codeql-action/autobuild@v3.26.10

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@@ -77,4 +77,4 @@ jobs:
    #   make release

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.26.9
+      uses: github/codeql-action/analyze@v3.26.10
@@ -237,7 +237,7 @@ jobs:
          TRIVY_USERNAME: ${{ github.actor }}
          TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3.26.9
+        uses: github/codeql-action/upload-sarif@v3.26.10
        with:
          sarif_file: 'trivy-results.sarif'

@@ -274,7 +274,7 @@ jobs:
          TRIVY_USERNAME: ${{ github.actor }}
          TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3.26.9
+        uses: github/codeql-action/upload-sarif@v3.26.10
        with:
          sarif_file: 'trivy-results.sarif'

@@ -57,6 +57,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3.26.9
+        uses: github/codeql-action/upload-sarif@v3.26.10
        with:
          sarif_file: results.sarif
@@ -56,7 +56,7 @@ jobs:
        env:
          FLAVOR: ${{ matrix.flavor }}
      - name: ZAP Scan Rest API
-        uses: zaproxy/action-baseline@v0.12.0
+        uses: zaproxy/action-baseline@v0.13.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'