Mirrored_Repos/docker-atlassian-confluence-server
1
0
Fork 0
mirror of https://bitbucket.org/atlassian-docker/docker-atlassian-confluence-server.git synced 2024-08-30 18:22:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged in CLIP-1907-update-skuk-threshold (pull request #176)

Browse Source 
Update snyk threshold for ubi tags

* Update snyk threshold for ubi tags


Approved-by: Yifei Zhang
This commit is contained in:
Eugene Ivantsov 2024-07-31 01:27:07 +00:00
parent fc4a43042c
commit f06258364b
4 changed files with 18 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.snyk
View File

@ -2,22 +2,3 @@
# Un-comment everything below this line to enable. # Un-comment everything below this line to enable.
# version: v1.19.0 # version: v1.19.0
# According to https://access.redhat.com/security/cve/cve-2024-2961#Mitigation ubi tags aren't vulnerable
ignore:
SNYK-RHEL9-PYTHON3SETUPTOOLS-7547262:
- '*':
reason: Waiting for a fix
expires: 2024-09-01T00:00:00.000Z
SNYK-RHEL9-PYTHON3SETUPTOOLSWHEEL-7547266:
- '*':
reason: Waiting for a fix
expires: 2024-09-01T00:00:00.000Z
SNYK-RHEL9-PYTHON3LIBS-6675303:
- '*':
reason: Waiting for a fix
expires: 2024-09-01T00:00:00.000Z
SNYK-RHEL9-PYTHON3-6675327:
- '*':
reason: Waiting for a fix
expires: 2024-09-01T00:00:00.000Z

10
bitbucket-pipelines.yml
View File

@ -956,6 +956,7 @@ pipelines:
- for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi - for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi
- docker buildx create --name container --driver docker-container --use - docker buildx create --name container --driver docker-container --use
- docker buildx ls - docker buildx ls
- export SEV_THRESHOLD=critical
- > - >
python /usr/src/app/make-releases.py \ python /usr/src/app/make-releases.py \
--update \ --update \
@ -983,6 +984,7 @@ pipelines:
- for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi - for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi
- docker buildx create --name container --driver docker-container --use - docker buildx create --name container --driver docker-container --use
- docker buildx ls - docker buildx ls
- export SEV_THRESHOLD=critical
- > - >
python /usr/src/app/make-releases.py \ python /usr/src/app/make-releases.py \
--update \ --update \
@ -1010,6 +1012,7 @@ pipelines:
- for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi - for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi
- docker buildx create --name container --driver docker-container --use - docker buildx create --name container --driver docker-container --use
- docker buildx ls - docker buildx ls
- export SEV_THRESHOLD=critical
- > - >
python /usr/src/app/make-releases.py \ python /usr/src/app/make-releases.py \
--update \ --update \
@ -1037,6 +1040,7 @@ pipelines:
- for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi - for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi
- docker buildx create --name container --driver docker-container --use - docker buildx create --name container --driver docker-container --use
- docker buildx ls - docker buildx ls
- export SEV_THRESHOLD=critical
- > - >
python /usr/src/app/make-releases.py \ python /usr/src/app/make-releases.py \
--update \ --update \
@ -1064,6 +1068,7 @@ pipelines:
- for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi - for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi
- docker buildx create --name container --driver docker-container --use - docker buildx create --name container --driver docker-container --use
- docker buildx ls - docker buildx ls
- export SEV_THRESHOLD=critical
- > - >
python /usr/src/app/make-releases.py \ python /usr/src/app/make-releases.py \
--update \ --update \
@ -1091,6 +1096,7 @@ pipelines:
- for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi - for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi
- docker buildx create --name container --driver docker-container --use - docker buildx create --name container --driver docker-container --use
- docker buildx ls - docker buildx ls
- export SEV_THRESHOLD=critical
- > - >
python /usr/src/app/make-releases.py \ python /usr/src/app/make-releases.py \
--update \ --update \
@ -1118,6 +1124,7 @@ pipelines:
- for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi - for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi
- docker buildx create --name container --driver docker-container --use - docker buildx create --name container --driver docker-container --use
- docker buildx ls - docker buildx ls
- export SEV_THRESHOLD=critical
- > - >
python /usr/src/app/make-releases.py \ python /usr/src/app/make-releases.py \
--update \ --update \
@ -1145,6 +1152,7 @@ pipelines:
- for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi - for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi
- docker buildx create --name container --driver docker-container --use - docker buildx create --name container --driver docker-container --use
- docker buildx ls - docker buildx ls
- export SEV_THRESHOLD=critical
- > - >
python /usr/src/app/make-releases.py \ python /usr/src/app/make-releases.py \
--update \ --update \
@ -1232,6 +1240,7 @@ pipelines:
- export CONFLUENCE_VERSION="8.9.4" # remove it after 9.0.0 is out - export CONFLUENCE_VERSION="8.9.4" # remove it after 9.0.0 is out
- docker build --build-arg CONFLUENCE_VERSION=${CONFLUENCE_VERSION} -t test-image-ubi . -f Dockerfile.ubi - docker build --build-arg CONFLUENCE_VERSION=${CONFLUENCE_VERSION} -t test-image-ubi . -f Dockerfile.ubi
- export IS_RELEASE=false - export IS_RELEASE=false
- export SEV_THRESHOLD=critical
- /usr/src/app/post_build.sh test-image-ubi $IS_RELEASE - /usr/src/app/post_build.sh test-image-ubi $IS_RELEASE
custom: custom:
@ -1371,6 +1380,7 @@ pipelines:
- for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi - for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi
- docker buildx create --name container --driver docker-container --use - docker buildx create --name container --driver docker-container --use
- docker buildx ls - docker buildx ls
- export SEV_THRESHOLD=critical
- > - >
python /usr/src/app/make-releases.py \ python /usr/src/app/make-releases.py \
--create \ --create \

7
bitbucket-pipelines.yml.j2
View File

@ -39,6 +39,9 @@ pipelines:
- for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi - for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi
- docker buildx create --name container --driver docker-container --use - docker buildx create --name container --driver docker-container --use
- docker buildx ls - docker buildx ls
{% if appdata.snyk_threshold is defined %}
- export SEV_THRESHOLD={{ appdata.snyk_threshold }}
{% endif %}
- > - >
python /usr/src/app/make-releases.py \ python /usr/src/app/make-releases.py \
--update \ --update \
@ -138,6 +141,7 @@ pipelines:
- export CONFLUENCE_VERSION="8.9.4" # remove it after 9.0.0 is out - export CONFLUENCE_VERSION="8.9.4" # remove it after 9.0.0 is out
- docker build --build-arg CONFLUENCE_VERSION=${CONFLUENCE_VERSION} -t test-image-ubi . -f Dockerfile.ubi - docker build --build-arg CONFLUENCE_VERSION=${CONFLUENCE_VERSION} -t test-image-ubi . -f Dockerfile.ubi
- export IS_RELEASE=false - export IS_RELEASE=false
- export SEV_THRESHOLD=critical
- /usr/src/app/post_build.sh test-image-ubi $IS_RELEASE - /usr/src/app/post_build.sh test-image-ubi $IS_RELEASE
custom: custom:
@ -161,6 +165,9 @@ pipelines:
- for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi - for i in {1..3}; do echo ${DOCKER_BOT_PASSWORD} | docker login ${DOCKER_REGISTRY} --username ${DOCKER_BOT_USERNAME} --password-stdin && break || sleep 5; done; if [ $? -ne 0 ]; then echo "Failed to login to container registry after 3 attempts" && exit 1; fi
- docker buildx create --name container --driver docker-container --use - docker buildx create --name container --driver docker-container --use
- docker buildx ls - docker buildx ls
{% if appdata.snyk_threshold is defined %}
- export SEV_THRESHOLD={{ appdata.snyk_threshold }}
{% endif %}
- > - >
python /usr/src/app/make-releases.py \ python /usr/src/app/make-releases.py \
--create \ --create \

1
pipelines-generator.py
View File

@ -54,6 +54,7 @@ images = {
'tag_suffixes': ['ubi9','ubi9-jdk17'], 'tag_suffixes': ['ubi9','ubi9-jdk17'],
'dockerfile': 'Dockerfile.ubi', 'dockerfile': 'Dockerfile.ubi',
'docker_repos': REPOS, 'docker_repos': REPOS,
'snyk_threshold': 'critical'
} }
}, },
} }