Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 4768de1984 | |||
| b774297ddb | |||
| a3ddae8ca7 | |||
| 3d61e7b57c | |||
| 096e244171 | |||
| ee27ba1774 | |||
| 2314e8a57b | |||
| b07da4a40c | |||
| 249afa7cb9 | |||
| 81add9de29 | |||
| a245d88f8c |
@ -46,7 +46,7 @@ test:: ## test built artificats
|
||||
|
||||
scan: ## Scan image using trivy
|
||||
echo "Scanning $(IMAGE):$(TAG)-$(_ARCH) using Trivy $(TRIVY_REMOTE)"
|
||||
trivy image $(TRIVY_OPTS) --quiet --no-progress localhost/$(IMAGE):$(TAG)-$(_ARCH)
|
||||
trivy image $(TRIVY_OPTS) --quiet --no-progress --ignorefile ./.trivyignore.yaml localhost/$(IMAGE):$(TAG)-$(_ARCH)
|
||||
|
||||
# first tag and push all actual images
|
||||
# create new manifest for each tag and add all available TAG-ARCH before pushing
|
||||
|
||||
7
.trivyignore.yaml
Normal file
7
.trivyignore.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
secrets:
|
||||
- id: gcp-service-account
|
||||
paths:
|
||||
- "/venv/lib/python*/site-packages/pulumi_aws/glue/connection.py"
|
||||
- id: private-key
|
||||
paths:
|
||||
- "/venv/lib/python*/site-packages/pulumi_aws/glue/connection.py"
|
||||
@ -1,5 +1,5 @@
|
||||
ARG RUNTIME_VERSION="3.11"
|
||||
ARG DISTRO_VERSION="3.19"
|
||||
ARG DISTRO_VERSION="3.20"
|
||||
|
||||
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder
|
||||
ARG RUNTIME_VERSION="3.11"
|
||||
@ -33,9 +33,6 @@ RUN curl -fsSL https://get.pulumi.com/ | sh -s -- --version $(pip show pulumi --
|
||||
# minimal pulumi
|
||||
RUN cd /root/.pulumi/bin && rm -f *dotnet *yaml *go *java && strip pulumi* || true
|
||||
|
||||
# Remove AWS keys from docstring to prevent trivy alerts later
|
||||
RUN sed -i -e 's/AKIA.*//' /venv/lib/python${RUNTIME_VERSION}/site-packages/pulumi_aws/lightsail/bucket_access_key.py
|
||||
|
||||
# Now build the final runtime, incl. running rootless containers
|
||||
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION}
|
||||
|
||||
|
||||
@ -447,10 +447,10 @@ def _provision(cb, stacks):
|
||||
# Pulumi is still not thread safe
|
||||
if _anyPulumi(step):
|
||||
_threads = 1
|
||||
else
|
||||
else:
|
||||
_threads = len(step)
|
||||
|
||||
with ThreadPoolExecutor(max_workers=_threads)) as group:
|
||||
with ThreadPoolExecutor(max_workers=_threads) as group:
|
||||
futures = []
|
||||
for stack in step:
|
||||
if stack.mode != "pulumi":
|
||||
|
||||
@ -57,6 +57,8 @@ def pulumi_ws(func):
|
||||
self.work_dir = tempfile.mkdtemp(
|
||||
dir=tempfile.gettempdir(), prefix="cloudbender-"
|
||||
)
|
||||
cwd = os.getcwd()
|
||||
os.chdir(self.work_dir)
|
||||
|
||||
# add all artifact_paths/pulumi to the search path for easier
|
||||
# imports in the pulumi code
|
||||
@ -146,7 +148,8 @@ def pulumi_ws(func):
|
||||
try:
|
||||
_min_version = self._pulumi_code.MIN_CLOUDBENDER_VERSION
|
||||
if semver.compare(
|
||||
semver.Version.parse(__version__.strip("v")).finalize_version(),
|
||||
semver.Version.parse(
|
||||
__version__.strip("v")).finalize_version(),
|
||||
_min_version.strip("v")) < 0:
|
||||
raise ValueError(
|
||||
f"Minimal required CloudBender version is {_min_version}, but we are {__version__}!"
|
||||
@ -189,7 +192,7 @@ def pulumi_ws(func):
|
||||
)
|
||||
|
||||
project_settings = pulumi.automation.ProjectSettings(
|
||||
name=project_name, runtime="python", backend={"url": pulumi_backend}
|
||||
name=project_name, runtime="python", backend=pulumi.automation.ProjectBackend(url=pulumi_backend)
|
||||
)
|
||||
|
||||
self.pulumi_ws_opts = pulumi.automation.LocalWorkspaceOptions(
|
||||
@ -202,6 +205,9 @@ def pulumi_ws(func):
|
||||
response = func(self, *args, **kwargs)
|
||||
|
||||
# Cleanup temp workspace
|
||||
if cwd:
|
||||
os.chdir(cwd)
|
||||
|
||||
if self.work_dir and os.path.exists(self.work_dir):
|
||||
shutil.rmtree(self.work_dir)
|
||||
|
||||
|
||||
@ -535,7 +535,6 @@ class Stack(object):
|
||||
logger.info("Passed.")
|
||||
return 0
|
||||
|
||||
@pulumi_ws
|
||||
def get_outputs(self, include=".*", values=False):
|
||||
"""gets outputs of the stack"""
|
||||
|
||||
@ -852,6 +851,7 @@ class Stack(object):
|
||||
|
||||
return status
|
||||
|
||||
@pulumi_ws
|
||||
@exec_hooks
|
||||
def update(self):
|
||||
"""Updates an existing stack"""
|
||||
@ -1305,7 +1305,6 @@ class Stack(object):
|
||||
logger.info(" ".join([self.region, self.stackname, text]))
|
||||
|
||||
def _get_pulumi_stack(self, create=False):
|
||||
|
||||
if create:
|
||||
pulumi_stack = pulumi.automation.create_or_select_stack(
|
||||
stack_name=self.pulumi_stackname,
|
||||
|
||||
@ -11,21 +11,21 @@ authors = [
|
||||
description = "Deploy and maintain infrastructure in automated and trackable manner"
|
||||
readme = "README.md"
|
||||
license = "AGPL-3.0-or-later"
|
||||
requires-python = ">=3.9"
|
||||
requires-python = ">=3.11"
|
||||
dependencies = [
|
||||
"boto3==1.34.89",
|
||||
"boto3==1.35.15",
|
||||
"mock==5.1.0",
|
||||
"Jinja2==3.1.3",
|
||||
"Jinja2==3.1.4",
|
||||
"click==8.1.7",
|
||||
"pexpect==4.9.0",
|
||||
"python-minifier==2.9.0",
|
||||
"cfn-lint==0.86.4",
|
||||
"cfn-lint==1.12.4",
|
||||
"ruamel.yaml==0.18.6",
|
||||
"pulumi==3.113.3",
|
||||
"pulumi-aws==6.32.0",
|
||||
"pulumi-aws-native==0.103.0",
|
||||
"pulumi-policy==1.11.0",
|
||||
"pulumi-command==0.10.0",
|
||||
"pulumi==3.131.0",
|
||||
"pulumi-aws==6.51.0",
|
||||
"pulumi-aws-native==0.121.0",
|
||||
"pulumi-policy==1.12.0",
|
||||
"pulumi-command==1.0.1",
|
||||
]
|
||||
|
||||
classifiers = [
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user