diff --git a/.drone.yml b/.drone.yml index 35c6be52526..c288cd6315d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7050,17 +7050,13 @@ steps: - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana-ci-deploy:1.3.3 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM alpine:3.17.1 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM byrnedo/alpine-curl:0.1.8 - - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM mcr.microsoft.com/windows:1809 - - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/ci-wix:0.1.1 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM golang:1.20.4 - - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/grafana-ci-windows-test:0.1.0 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM plugins/slack - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM postgres:12.3-alpine - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM mysql:5.7.39 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM mysql:8.0.32 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM redis:6.2.11-alpine - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM memcached:1.6.9-alpine - - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM docker:windowsservercore-1809 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM us.gcr.io/kubernetes-dev/package-publish:latest - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM osixia/openldap:1.4.0 - trivy --exit-code 0 --severity UNKNOWN,LOW,MEDIUM grafana/drone-downstream @@ -7076,17 +7072,13 @@ steps: - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana-ci-deploy:1.3.3 - trivy --exit-code 1 --severity HIGH,CRITICAL alpine:3.17.1 - trivy --exit-code 1 --severity HIGH,CRITICAL byrnedo/alpine-curl:0.1.8 - - trivy --exit-code 1 --severity HIGH,CRITICAL mcr.microsoft.com/windows:1809 - - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/ci-wix:0.1.1 - trivy --exit-code 1 --severity HIGH,CRITICAL golang:1.20.4 - - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/grafana-ci-windows-test:0.1.0 - trivy --exit-code 1 --severity HIGH,CRITICAL plugins/slack - trivy --exit-code 1 --severity HIGH,CRITICAL postgres:12.3-alpine - trivy --exit-code 1 --severity HIGH,CRITICAL mysql:5.7.39 - trivy --exit-code 1 --severity HIGH,CRITICAL mysql:8.0.32 - trivy --exit-code 1 --severity HIGH,CRITICAL redis:6.2.11-alpine - trivy --exit-code 1 --severity HIGH,CRITICAL memcached:1.6.9-alpine - - trivy --exit-code 1 --severity HIGH,CRITICAL docker:windowsservercore-1809 - trivy --exit-code 1 --severity HIGH,CRITICAL us.gcr.io/kubernetes-dev/package-publish:latest - trivy --exit-code 1 --severity HIGH,CRITICAL osixia/openldap:1.4.0 - trivy --exit-code 1 --severity HIGH,CRITICAL grafana/drone-downstream @@ -7316,6 +7308,6 @@ kind: secret name: delivery-bot-app-private-key --- kind: signature -hmac: 44f95e0e3d9eb3fc8891e94f7205c18e85adacab25b69906d3c5212875baa383 +hmac: b3f3cd5171763ddaf3c62e0c83dad0f9705496e53ba7416f6dd3581fa9a5ec27 ... diff --git a/scripts/drone/pipelines/ci_images.star b/scripts/drone/pipelines/ci_images.star index 734b731c2a8..269798741c5 100644 --- a/scripts/drone/pipelines/ci_images.star +++ b/scripts/drone/pipelines/ci_images.star @@ -11,8 +11,8 @@ load( "from_secret", ) load( - "scripts/drone/utils/images.star", - "images", + "scripts/drone/utils/windows_images.star", + "windows_images", ) def publish_ci_windows_test_image_pipeline(): @@ -28,7 +28,7 @@ def publish_ci_windows_test_image_pipeline(): steps = [ { "name": "clone", - "image": images["wix_image"], + "image": windows_images["wix_image"], "environment": { "GITHUB_TOKEN": from_secret("github_token"), }, @@ -39,7 +39,7 @@ def publish_ci_windows_test_image_pipeline(): }, { "name": "build-and-publish", - "image": images["windows_server_core_image"], + "image": windows_images["windows_server_core_image"], "environment": { "DOCKER_USERNAME": from_secret("docker_username"), "DOCKER_PASSWORD": from_secret("docker_password"), diff --git a/scripts/drone/pipelines/windows.star b/scripts/drone/pipelines/windows.star index e2ecd7a4f22..f20759c18e7 100644 --- a/scripts/drone/pipelines/windows.star +++ b/scripts/drone/pipelines/windows.star @@ -15,8 +15,8 @@ load( "windows_wire_install_step", ) load( - "scripts/drone/utils/images.star", - "images", + "scripts/drone/utils/windows_images.star", + "windows_images", ) def windows_test_backend(trigger, edition, ver_mode): @@ -39,7 +39,7 @@ def windows_test_backend(trigger, edition, ver_mode): else: steps.extend([{ "name": "windows-init", - "image": images["windows_go_image"], + "image": windows_images["windows_go_image"], "depends_on": ["clone"], "commands": [], }]) diff --git a/scripts/drone/steps/lib.star b/scripts/drone/steps/lib.star index 3962936c21e..0292e177d62 100644 --- a/scripts/drone/steps/lib.star +++ b/scripts/drone/steps/lib.star @@ -11,6 +11,10 @@ load( "scripts/drone/utils/images.star", "images", ) +load( + "scripts/drone/utils/windows_images.star", + "windows_images", +) grabpl_version = "v3.0.38" @@ -56,7 +60,7 @@ def wire_install_step(): def windows_wire_install_step(edition): return { "name": "wire-install", - "image": images["windows_go_image"], + "image": windows_images["windows_go_image"], "commands": [ "go install github.com/google/wire/cmd/wire@v0.5.0", "wire gen -tags {} ./pkg/server".format(edition), @@ -78,7 +82,7 @@ def identify_runner_step(platform = "linux"): else: return { "name": "identify-runner", - "image": images["windows_image"], + "image": windows_images["1809_image"], "commands": [ "echo $env:DRONE_RUNNER_NAME", ], @@ -235,7 +239,7 @@ def windows_init_enterprise_steps(ver_mode): download_grabpl_step(platform = "windows"), { "name": "clone", - "image": images["wix_image"], + "image": windows_images["wix_image"], "environment": { "GITHUB_TOKEN": from_secret("github_token"), }, @@ -243,7 +247,7 @@ def windows_init_enterprise_steps(ver_mode): }, { "name": "windows-init", - "image": images["wix_image"], + "image": windows_images["wix_image"], "commands": init_cmds, "depends_on": ["clone"], "environment": {"GITHUB_TOKEN": from_secret("github_token")}, @@ -256,7 +260,7 @@ def download_grabpl_step(platform = "linux"): if platform == "windows": return { "name": "grabpl", - "image": images["wix_image"], + "image": windows_images["wix_image"], "commands": [ '$$ProgressPreference = "SilentlyContinue"', "Invoke-WebRequest https://grafana-downloads.storage.googleapis.com/grafana-build-pipeline/{}/windows/grabpl.exe -OutFile grabpl.exe".format( @@ -692,7 +696,7 @@ def test_backend_step(image = images["build_image"]): } def windows_test_backend_step(): - step = test_backend_step(image = images["windows_go_image"]) + step = test_backend_step(image = windows_images["windows_go_image"]) return step def test_backend_integration_step(): @@ -1415,7 +1419,7 @@ def publish_linux_packages_step(edition, package_manager = "deb"): def windows_clone_step(): return { "name": "clone", - "image": images["wix_image"], + "image": windows_images["wix_image"], "environment": { "GITHUB_TOKEN": from_secret("github_token"), }, @@ -1475,7 +1479,7 @@ def get_windows_steps(edition, ver_mode): [ { "name": "clone", - "image": images["wix_image"], + "image": windows_images["wix_image"], "environment": { "GITHUB_TOKEN": from_secret("github_token"), }, @@ -1483,7 +1487,7 @@ def get_windows_steps(edition, ver_mode): }, { "name": "windows-init", - "image": images["wix_image"], + "image": windows_images["wix_image"], "commands": init_cmds, "depends_on": ["clone"], "environment": {"GITHUB_TOKEN": from_secret("github_token")}, @@ -1502,7 +1506,7 @@ def get_windows_steps(edition, ver_mode): [ { "name": "windows-init", - "image": images["wix_image"], + "image": windows_images["wix_image"], "commands": init_cmds, }, ], @@ -1577,7 +1581,7 @@ def get_windows_steps(edition, ver_mode): steps.append( { "name": "build-windows-installer", - "image": images["wix_image"], + "image": windows_images["wix_image"], "depends_on": [ "windows-init", ], diff --git a/scripts/drone/utils/images.star b/scripts/drone/utils/images.star index 0450301c1c2..d260c1b28b0 100644 --- a/scripts/drone/utils/images.star +++ b/scripts/drone/utils/images.star @@ -8,17 +8,13 @@ images = { "publish_image": "grafana/grafana-ci-deploy:1.3.3", "alpine_image": "alpine:3.17.1", "curl_image": "byrnedo/alpine-curl:0.1.8", - "windows_image": "mcr.microsoft.com/windows:1809", - "wix_image": "grafana/ci-wix:0.1.1", "go_image": "golang:1.20.4", - "windows_go_image": "grafana/grafana-ci-windows-test:0.1.0", "plugins_slack_image": "plugins/slack", "postgres_alpine_image": "postgres:12.3-alpine", "mysql5_image": "mysql:5.7.39", "mysql8_image": "mysql:8.0.32", "redis_alpine_image": "redis:6.2.11-alpine", "memcached_alpine_image": "memcached:1.6.9-alpine", - "windows_server_core_image": "docker:windowsservercore-1809", "package_publish_image": "us.gcr.io/kubernetes-dev/package-publish:latest", "openldap_image": "osixia/openldap:1.4.0", "drone_downstream_image": "grafana/drone-downstream", diff --git a/scripts/drone/utils/windows_images.star b/scripts/drone/utils/windows_images.star new file mode 100644 index 00000000000..2a605727ba8 --- /dev/null +++ b/scripts/drone/utils/windows_images.star @@ -0,0 +1,12 @@ +""" +This module contains all the windows docker images that are used to build test and publish Grafana. +All the windows images needed to be in a different file than the other images, since they cannot be scanned +by trivy. Related issue: https://github.com/aquasecurity/trivy/issues/1392 +""" + +windows_images = { + "1809_image": "mcr.microsoft.com/windows:1809", + "wix_image": "grafana/ci-wix:0.1.1", + "windows_server_core_image": "docker:windowsservercore-1809", + "windows_go_image": "grafana/grafana-ci-windows-test:0.1.0", +}