Upgrade thrift & removed unused dependencies (#141)

* removed unused dependencies * added security scans * update snyk image * update thrift * thrift lib version 0.17.0 * fix go dep thrift version * update thrift version in docker builder image * updated generated thrift files
newrelic · Mar 28, 2023 · 176501e · 176501e
1 parent baf9eca
commit 176501e
Show file tree

Hide file tree

Showing 17 changed files with 811 additions and 286 deletions.
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -0,0 +1,34 @@
+---
+name: Security Testing
+
+env:
+  SNYK_TOKEN: ${{ secrets.CAOS_SNYK_TOKEN }}
+  DOCKER_HUB_ID: ${{ secrets.OHAI_DOCKER_HUB_ID }}
+  DOCKER_HUB_PASSWORD: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
+
+on:
+  push:
+    branches:
+      - '**'
+    tags-ignore:
+      - '**'
+    paths-ignore:
+      - README.md
+
+jobs:
+  scan-deps:
+    name: Run security checks Snyk
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ env.DOCKER_HUB_ID }}
+          password: ${{ env.DOCKER_HUB_PASSWORD }}
+      - name: Scan java code for vulnerabilities with Snyk
+        run: make ci/snyk-test-java
+
+      - name: Scan go code for vulnerabilities with Snyk
+        run: make ci/snyk-test-go
+
diff --git a/build/ci.mk b/build/ci.mk
@@ -63,3 +63,22 @@ ci/docker/publish: code-gen-utils
 	@printf 'Publishing docker image\n'
 	@($(DOCKER_BIN) push ohaiops/nrjmx-code-generator:$(THRIFT_VERSION))
 	@($(DOCKER_BIN) push ohaiops/nrjmx-code-generator:latest)
+
+.PHONY: ci/snyk-test-java
+ci/snyk-test-java:
+	@docker run --rm -t \
+			--name "nrjmx-snyk-test-java" \
+			-v $(CURDIR):/src/nrjmx \
+			-w /src/nrjmx \
+			-e SNYK_TOKEN \
+			snyk/snyk:maven-3-jdk-11 snyk test --severity-threshold=high
+
+.PHONY: ci/snyk-test-go
+ci/snyk-test-go:
+	@docker run --rm -t \
+			--name "nrjmx-snyk-test-go" \
+			-v $(CURDIR):/src/nrjmx \
+			-w /src/nrjmx/gojmx \
+			-e SNYK_TOKEN \
+			-e GOFLAGS="-buildvcs=false" \
+			snyk/snyk:golang snyk test --severity-threshold=high
diff --git a/commons/Dockerfile b/commons/Dockerfile
@@ -1,6 +1,6 @@
 FROM ubuntu:20.04 as builder
 
-ARG THRIFT_VERSION='0.16.0'
+ARG THRIFT_VERSION='0.17.0'
 
 ENV TZ=Etc/UCT
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

diff --git a/gojmx/go.mod b/gojmx/go.mod
@@ -3,7 +3,7 @@ module github.com/newrelic/nrjmx/gojmx
 go 1.20
 
 require (
-	github.com/apache/thrift v0.16.0
+	github.com/apache/thrift v0.17.0
 	github.com/docker/go-connections v0.4.0
 	github.com/shirou/gopsutil/v3 v3.21.11
 	github.com/stretchr/testify v1.7.0

diff --git a/gojmx/go.sum b/gojmx/go.sum
@@ -77,6 +77,12 @@ github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:C
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/apache/thrift v0.16.0 h1:qEy6UW60iVOlUy+b9ZR0d5WzUWYGOo4HfopoyBaNmoY=
 github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU=
+github.com/apache/thrift v0.17.0 h1:cMd2aj52n+8VoAtvSvLn4kDC3aZ6IAkBuqWQ2IDu7wo=
+github.com/apache/thrift v0.17.0/go.mod h1:OLxhMRJxomX+1I/KUw03qoV3mMz16BwaKI+d4fPBx7Q=
+github.com/apache/thrift v0.17.1-0.20220919172347-60655d2de79e h1:gBqbHAi5abw97U8t2e12YLt5oAv3Ne6c0GTjKeqPpBA=
+github.com/apache/thrift v0.17.1-0.20220919172347-60655d2de79e/go.mod h1:OLxhMRJxomX+1I/KUw03qoV3mMz16BwaKI+d4fPBx7Q=
+github.com/apache/thrift v0.18.1 h1:lNhK/1nqjbwbiOPDBPFJVKxgDEGSepKuTh6OLiXW8kg=
+github.com/apache/thrift v0.18.1/go.mod h1:rdQn/dCcDKEWjjylUeueum4vQEjG2v8v2PqriUnbr+I=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=

diff --git a/gojmx/internal/nrprotocol/GoUnusedProtection__.go b/gojmx/internal/nrprotocol/GoUnusedProtection__.go
diff --git a/gojmx/internal/nrprotocol/j_m_x_service-remote/j_m_x_service-remote.go b/gojmx/internal/nrprotocol/j_m_x_service-remote/j_m_x_service-remote.go
diff --git a/gojmx/internal/nrprotocol/nrjmx-consts.go b/gojmx/internal/nrprotocol/nrjmx-consts.go