From d4eeee47cf8c86dc1dba56ab79f05a5872f39ee5 Mon Sep 17 00:00:00 2001 From: petretiandrea Date: Mon, 11 Mar 2024 10:16:29 +0100 Subject: [PATCH 1/2] fix affinity wrong nested level (#123) --- helm/rtd/values-prod.yaml | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/helm/rtd/values-prod.yaml b/helm/rtd/values-prod.yaml index 14722f8..d0215e1 100644 --- a/helm/rtd/values-prod.yaml +++ b/helm/rtd/values-prod.yaml @@ -18,27 +18,27 @@ microservice-chart: deployment: replicas: 2 - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node_type + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node_type + operator: In + values: + - user + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance operator: In values: - - user - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/instance - operator: In - values: - - rtd-ms-sender-auth - namespaces: [ "rtd" ] - topologyKey: topology.kubernetes.io/zone + - rtd-ms-sender-auth + namespaces: [ "rtd" ] + topologyKey: topology.kubernetes.io/zone envSecret: aks-api-url: cstar-p-weu-prod01-aks-apiserver-url From 2f4a4f7f2c79535f83aa2911f1daaf67f5f917a2 Mon Sep 17 00:00:00 2001 From: Luca Consalvi <117908483+lucaconsalvi@users.noreply.github.com> Date: Wed, 3 Apr 2024 15:12:09 +0200 Subject: [PATCH 2/2] fix: [RTD-2475] update spring boot (#125) * [RTD-2475] update spring boot * [RTD-2475] update release and cve scan action * [RTD-2475] update * [RTD-2475] update dockerfiles * [RTD-2475] update pom version --- .github/workflows/cve-scan.yml | 4 ++-- .github/workflows/release.yml | 4 ++-- Dockerfile | 4 ++-- Dockerfile.native | 2 +- pom.xml | 17 ++++++----------- 5 files changed, 13 insertions(+), 18 deletions(-) diff --git a/.github/workflows/cve-scan.yml b/.github/workflows/cve-scan.yml index 1d567a4..f75686a 100644 --- a/.github/workflows/cve-scan.yml +++ b/.github/workflows/cve-scan.yml @@ -36,12 +36,12 @@ jobs: environment: dev steps: - name: Checkout the code - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 #v3.6.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 - name: Build the Docker image run: docker build . --file ${{ env.DOCKERFILE }} --target cve --tag localbuild/testimage:latest - name: Run the Trivy scan action itself with GitHub Advanced Security code scanning integration enabled id: scan - uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f #v0.12.0 + uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d #v0.18.0 with: image-ref: "localbuild/testimage:latest" format: 'sarif' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 727a88b..aac6940 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,13 +17,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab #v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 with: persist-credentials: false fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d #v3 + uses: cycjimmy/semantic-release-action@61680d0e9b02ff86f5648ade99e01be17f0260a4 #v4.0.0 with: semantic_version: 18.0.0 extra_plugins: | diff --git a/Dockerfile b/Dockerfile index 3ebd8ad..585929b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,11 @@ -FROM maven:3.9.0-amazoncorretto-17@sha256:0d683f66624265935e836c9d2c3851ce3cf250cb48c9929d979d8d80f62d8590 AS buildtime +FROM maven:3.9.6-amazoncorretto-17-al2023@sha256:21dc2759ee325a59ee1c4721f3964884c9082d8f3f47e9537b68d6ec9f077e35 AS buildtime WORKDIR /build COPY . . RUN mvn clean package -DskipTests -FROM amazoncorretto:17.0.6-al2@sha256:86ad3a5620d6f7590f59fb6067b98687367e49e632a5ee719fb03bc9ffd1499f AS runtime +FROM amazoncorretto:17.0.10-al2023-headless@sha256:7a028a2e62640aec9e3c1e284539f5ff47f5b32140f9ad5ae29a2f92b937468a AS runtime VOLUME /tmp WORKDIR /app diff --git a/Dockerfile.native b/Dockerfile.native index b997c71..3135de5 100644 --- a/Dockerfile.native +++ b/Dockerfile.native @@ -5,7 +5,7 @@ COPY . . RUN ./mvnw clean package -Pnative -DskipTests -FROM ubuntu:mantic-20231011@sha256:4c32aacd0f7d1d3a29e82bee76f892ba9bb6a63f17f9327ca0d97c3d39b9b0ee AS cve +FROM ubuntu:mantic-20240216@sha256:5cd569b792a8b7b483d90942381cd7e0b03f0a15520d6e23fb7a1464a25a71b1 AS cve COPY --from=builder /build/target/rtd-ms-sender-auth*.jar . FROM ubuntu:noble-20240225@sha256:723ad8033f109978f8c7e6421ee684efb624eb5b9251b70c6788fdb2405d050b AS runtime diff --git a/pom.xml b/pom.xml index 293d229..9e0fe9a 100644 --- a/pom.xml +++ b/pom.xml @@ -5,12 +5,12 @@ org.springframework.boot spring-boot-starter-parent - 3.2.3 + 3.2.4 it.gov.pagopa.rtd.ms rtd-ms-sender-auth - 1.1.4 + 1.1.5 rtd-ms-sender-auth micro-service responsible to store the association between sender code and api key @@ -41,13 +41,8 @@ io.swagger swagger-annotations - 1.6.9 + 1.6.14 - - org.springframework - spring-core - 6.1.3 - io.opentelemetry.instrumentation @@ -74,19 +69,19 @@ org.testcontainers testcontainers - 1.19.3 + 1.19.7 test org.testcontainers junit-jupiter - 1.19.3 + 1.19.7 test org.testcontainers mongodb - 1.19.3 + 1.19.7 test