fix: fix cve, update ruby, ubi

Vihas Splunk · Vihas Splunk · commit 20c44984faba · 2023-08-28T18:04:58.000+05:30
diff --git a/.github/workflows/ci_build_test.yaml b/.github/workflows/ci_build_test.yaml
@@ -13,18 +13,19 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v2
 
-      - name: Set up Ruby 2.6.1
+      - name: Setup Ruby and install gems
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.6.1
+          bundler-cache: true
+          ruby-version: 3.1
 
       - name: Install dependencies
         run: |
           sudo ci_scripts/install_dep.sh
 
       - name: Builder
         run: |
-          rake build -t -v
+          bundle exec rake build -t -v
           cp -R pkg /tmp
 
       - name: Cache pkg
@@ -62,12 +63,12 @@ jobs:
       CI_SPLUNK_PORT: 8089
       CI_SPLUNK_USERNAME: admin
       CI_SPLUNK_HEC_TOKEN: a6b5e77f-d5f6-415a-bd43-930cecb12959
-      CI_SPLUNK_PASSWORD: helloworld
+      CI_SPLUNK_PASSWORD: changeme2
       CI_INDEX_EVENTS: ci_events
       CI_INDEX_OBJECTS: ci_objects
       CI_INDEX_METRICS: ci_metrics
       KUBERNETES_VERSION: v1.23.2
-      MINIKUBE_VERSION: v1.24.0
+      MINIKUBE_VERSION: latest
       MINIKUBE_NODE_COUNTS: 2
       GITHUB_ACTIONS: true
 
@@ -158,6 +159,8 @@ jobs:
           curl -X POST -u $CI_SPLUNK_USERNAME:$CI_SPLUNK_PASSWORD -k https://$CI_SPLUNK_HOST:$CI_SPLUNK_PORT/servicesNS/nobody/splunk_httpinput/data/inputs/http/http/enable
           # Create new HEC token
           curl -X POST -u $CI_SPLUNK_USERNAME:$CI_SPLUNK_PASSWORD -k -d "name=splunk_hec_token&token=a6b5e77f-d5f6-415a-bd43-930cecb12959&disabled=0&index=default-events&indexes=default-events,$CI_INDEX_METRICS,$CI_INDEX_OBJECTS,$CI_INDEX_EVENTS,ns-anno,pod-anno" https://$CI_SPLUNK_HOST:$CI_SPLUNK_PORT/servicesNS/nobody/splunk_httpinput/data/inputs/http
+          # lower the limit to 50MiB. Higher limits throws error 'Search not executed XXXX'
+          kubectl exec -it splunk -- bash -c 'echo -e "\n[diskUsage]\nminFreeSpace = 50" >> /opt/splunk/etc/system/local/server.conf'
           # Restart Splunk
           curl -k -u $CI_SPLUNK_USERNAME:$CI_SPLUNK_PASSWORD https://$CI_SPLUNK_HOST:$CI_SPLUNK_PORT/services/server/control/restart -X POST
 
diff --git a/ci_scripts/k8s-splunk.yml b/ci_scripts/k8s-splunk.yml
@@ -26,6 +26,6 @@ spec:
     - name: SPLUNK_USER
       value: root
     - name: SPLUNK_PASSWORD
-      value: helloworld
+      value: changeme2
     - name: SPLUNK_LAUNCH_CONF
       value: OPTIMISTIC_ABOUT_FILE_LOCKING=1
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM ruby:2.7.4-buster as builder
+FROM ruby:3.1.4-buster as builder
 
 ADD ./ /app/
 WORKDIR /app
@@ -8,7 +8,7 @@ RUN bundle install
 
 RUN bundle exec rake build -t -v
 
-FROM registry.access.redhat.com/ubi8/ruby-27
+FROM registry.access.redhat.com/ubi9/ruby-31
 
 ARG VERSION
 
@@ -31,8 +31,6 @@ RUN mkdir /licenses
 COPY --from=builder /app/LICENSE /licenses/LICENSE
 
 COPY --from=builder /app/docker/Gemfile* ./
-RUN gem update date cgi
-RUN rm -f /usr/share/gems/specifications/default/cgi-0.1.0.gemspec /usr/share/gems/specifications/default/date-3.0.0.gemspec
 RUN yum update -y \
    && yum remove -y nodejs npm \
    && gem install bundler \
diff --git a/docker/Gemfile b/docker/Gemfile
@@ -13,6 +13,8 @@ gem 'bigdecimal', '=3.0.0'
 gem 'kubeclient', '=4.9.3'
 gem 'http_parser.rb', '=0.8.0'
 gem 'rack', '>= 3.0.0'
+gem 'cgi', '~> 0.3.6'
+gem 'date', '~> 3.3.3'
 
 gem "fluent-plugin-splunk-hec", "= 1.3.2"
 gem 'fluent-plugin-kubernetes-metrics', path: 'gem/'
diff --git a/docker/Gemfile.lock b/docker/Gemfile.lock
@@ -10,9 +10,9 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activesupport (7.0.4.3)
+    activemodel (7.0.7.2)
+      activesupport (= 7.0.7.2)
+    activesupport (7.0.7.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -23,9 +23,11 @@ GEM
     attr_required (1.0.1)
     bigdecimal (3.0.0)
     bindata (2.4.14)
+    cgi (0.3.6)
     concurrent-ruby (1.1.10)
     connection_pool (2.3.0)
     cool.io (1.7.1)
+    date (3.3.3)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     faraday (2.7.1)
@@ -118,7 +120,7 @@ GEM
       webfinger (>= 1.0.1)
     prometheus-client (4.0.0)
     public_suffix (4.0.7)
-    rack (3.0.6.1)
+    rack (3.0.8)
     rack-oauth2 (1.21.3)
       activesupport
       attr_required
@@ -167,6 +169,8 @@ PLATFORMS
 
 DEPENDENCIES
   bigdecimal (= 3.0.0)
+  cgi (~> 0.3.6)
+  date (~> 3.3.3)
   fluent-plugin-jq (= 0.5.1)
   fluent-plugin-kubernetes-metrics!
   fluent-plugin-prometheus (>= 2.0)
@@ -180,4 +184,4 @@ DEPENDENCIES
   rack (>= 3.0.0)
 
 BUNDLED WITH
-   2.1.4
+  2.3.11
