Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[pull] main from DataDog:main #37

Open
wants to merge 179 commits into
base: main
Choose a base branch
from
Open

[pull] main from DataDog:main #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
179 commits
Select commit Hold shift + click to select a range
6483322
Build grpc ingestor image (#201)
jt-dd Jun 11, 2024
f4edfcd
Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
dependabot[bot] Jun 11, 2024
5958693
Fix unit test (#203)
jt-dd Jun 12, 2024
c2776b7
Merge branch 'main' into dependabot/go_modules/github.com/Azure/azure…
edznux-dd Jun 13, 2024
0720a3b
Merge pull request #202 from DataDog/dependabot/go_modules/github.com…
edznux-dd Jun 13, 2024
61570bc
Fixing graphdb to mongodb (#204)
jt-dd Jun 14, 2024
70d383d
Adding new ingest local command to process offline dump (#205)
jt-dd Jun 18, 2024
a8f409f
Interactive mod (safe mod) for collecting cluster (#206)
jt-dd Jun 19, 2024
9e12f51
small fixes (#207)
jt-dd Jun 19, 2024
dece49a
small fix for system-tests (#208)
jt-dd Jun 19, 2024
9e4e192
Fix interactive mod (#210)
jt-dd Jun 21, 2024
dc9b07e
fix path for go install (#211)
jt-dd Jun 21, 2024
3584f30
Fix sample-graph makefile (#215)
edznux-dd Jul 1, 2024
b8baea2
Better logs (#213)
edznux-dd Jul 1, 2024
d6331d8
Add custom filter for text_formatter (#212)
edznux-dd Jul 1, 2024
5572756
Improve doc and readme (#214)
edznux-dd Jul 1, 2024
99de195
init (#217)
jt-dd Jul 4, 2024
541f8c1
Adding/modifying content from Troopers / PTS (#218)
jt-dd Jul 9, 2024
7d9757a
typos (#219)
jt-dd Jul 9, 2024
36232a3
Bump google.golang.org/grpc from 1.64.0 to 1.64.1 (#220)
dependabot[bot] Jul 10, 2024
5fce5b6
Adding invana support (#224)
jt-dd Jul 16, 2024
265f490
Update Jupyter UI (#225)
jt-dd Jul 18, 2024
3e5e8f5
Rehydrate last dumps by cluster (#226)
jt-dd Jul 24, 2024
8e93373
fixing dev command (#227)
jt-dd Jul 24, 2024
c1d71c8
adding grpcurl to rehydrate on restart (#228)
jt-dd Jul 24, 2024
75bde1d
Fixing crappy devenv (#216)
edznux-dd Jul 24, 2024
4f9a9e2
Run Datadog static analyzer CI best practices lint rules (#221)
juliendoutre Jul 24, 2024
8fb0a66
Fix CICD pipelines (#229)
jt-dd Jul 25, 2024
82ae13b
enabling audit mod to list all endpoints to whitelest (#230)
jt-dd Jul 25, 2024
e31957f
fix entrypoint (#231)
jt-dd Jul 26, 2024
3db007e
Use positionnal argument for directory/file input/output path (#232)
jt-dd Jul 30, 2024
8ae59ac
Adding local config file (#233)
jt-dd Jul 30, 2024
468926c
Updating user doc (#234)
jt-dd Jul 31, 2024
b7c6305
Fix-darwin-arm-release (#237)
jt-dd Aug 2, 2024
2a07ce2
local-ingest-dump-pipeline (#238)
jt-dd Aug 2, 2024
99d9e3d
Adding developer guide (#236)
jt-dd Aug 2, 2024
358f2b4
New notebooks - Low Hanging fruits (#235)
jt-dd Aug 2, 2024
34358f7
Jt-dd/fixes-release-docs (#240)
jt-dd Aug 2, 2024
4f6bc39
fix datadog image (#243)
jt-dd Aug 7, 2024
3c102cd
Updating/cleaning docs (#242)
jt-dd Aug 7, 2024
7341940
Fix typo in mkdocs.yml (#241)
uthark Aug 7, 2024
fda64c8
Fix workflows RBAC (#249)
jt-dd Aug 28, 2024
f541956
Remove extra permission for GitHub action
juliendoutre Aug 30, 2024
59a5e7a
Merge pull request #250 from DataDog/julien.doutre/remove-write-permi…
juliendoutre Aug 30, 2024
ffb4dc9
Fix datadog agent release (#253)
jt-dd Sep 6, 2024
6d730b8
Rename kubehound-ingestor to kubehound (#252)
jt-dd Sep 6, 2024
8ef9212
Fix-ci-release-branch (#254)
jt-dd Sep 6, 2024
ea40afa
adding all symbols in KubeHound binary (#255)
jt-dd Sep 6, 2024
0e069b5
adding terraform.lock.hcl to git (#256)
jt-dd Sep 6, 2024
fdafcbe
Adding a metadata file to KubeHound dumps (#247)
edznux-dd Sep 10, 2024
3f4ca04
[NOJIRA] Use the ParsePath function to gather the cluster name and ru…
edznux-dd Sep 11, 2024
62d3726
adding config command (#244)
jt-dd Sep 11, 2024
51d0103
[NOJIRA] Using service with official image instead of deprecated gith…
edznux-dd Sep 11, 2024
5135194
Fix buildx pipeline for Darwin binary/image (#258)
jt-dd Sep 12, 2024
fb9c56a
Renaming kubehound-binary image (#259)
jt-dd Sep 12, 2024
fc18b2b
fix kubehound image name (#260)
jt-dd Sep 12, 2024
01f384a
updating docs to v1.5.0 with new features (#261)
jt-dd Sep 12, 2024
7d6e269
running datadog agent only on branch based PR (#263)
jt-dd Sep 13, 2024
9b3f259
fix grpc ingestor (backward compat) (#262)
jt-dd Sep 13, 2024
c532f89
Add CE_UMH_CORE_PATTERN edge (#209)
martinvoigt-dd Sep 13, 2024
f80397e
Fix docker compose deployment (#265)
jt-dd Sep 13, 2024
57a2384
add env variable for ingestor/grpc image (#264)
jt-dd Sep 13, 2024
7b23ffd
Fix for collector in k8s environment (#266)
jt-dd Sep 16, 2024
821bea3
Rename remote bucket flag to bucket-url (#267)
jt-dd Sep 16, 2024
a4269df
remove KH_K8S_CLUSTER_NAME_ENV_PTR var (#270)
jt-dd Sep 17, 2024
7d253f8
fix GH issues
jt-dd Sep 20, 2024
ac9a270
Merge pull request #274 from DataDog/jt-dd/fix-v1.5.2
Minosity-VR Sep 20, 2024
6aed248
Update docs v1.5.2 (#268)
jt-dd Oct 1, 2024
df687b4
K8s collector deployment files example (#269)
jt-dd Oct 1, 2024
f1bcebf
fixing waiting time metric (#276)
jt-dd Oct 9, 2024
b177c4c
Fix dev system-tests --down command (#277)
jt-dd Oct 9, 2024
f802174
Fix local dev env with datadog (#279)
jt-dd Oct 9, 2024
5f215eb
adding nocache flag for dev commands (#278)
jt-dd Oct 9, 2024
3de0f7f
fix dump remote bucket (#280)
jt-dd Oct 9, 2024
c76e63f
Logs refactor - migrating to zap (#281)
jt-dd Oct 18, 2024
75a61e8
Fixing demo dashboard (#282)
jt-dd Oct 23, 2024
c0fdf7c
adding workshop requirements (#283)
jt-dd Oct 23, 2024
80d8a55
update KHaaS doc link (#284)
ikraemer-dd Oct 23, 2024
2d1e729
Fix observability (#285)
jt-dd Nov 14, 2024
724c53f
only-one-copy-in-graph-per-cluster (#286)
jt-dd Nov 14, 2024
027d7d4
adding hacklu materials (#287)
jt-dd Nov 14, 2024
4e64984
fixing macos sequoia build (#288)
jt-dd Nov 14, 2024
aa9a958
fix golang version 1.23 (#289)
jt-dd Nov 14, 2024
e5ae1af
Fix linter issue (#291)
jt-dd Nov 15, 2024
14e5b84
Adding error reporting on failure on client cmd (#292)
jt-dd Nov 20, 2024
9fd64c3
doc(requirements): add memory requirements for docker machine.
Zenithar Nov 22, 2024
ed23204
Merge pull request #293 from DataDog/zenithar/doc_update_requirements
Zenithar Nov 22, 2024
95753d3
feat(graphdb): add deadline/retry/split behavioural patterns to batch…
Zenithar Nov 28, 2024
3cfe99b
feat(graphdb): replicate resiliency patterns on edge writer.
Zenithar Nov 28, 2024
1240ff0
feat(graphdb): register retry metric counter.
Zenithar Nov 28, 2024
3b859a4
chore(lint): reduce complexity.
Zenithar Nov 28, 2024
99e875f
chore(ci): fix linter findings.
Zenithar Nov 28, 2024
ee79469
refactor(graphdb): split microbatcher and retrier concerns.
Zenithar Nov 29, 2024
8d0aede
feat(app): wire configuration state to builders.
Zenithar Nov 29, 2024
93690d2
test(config): add missing values.
Zenithar Nov 29, 2024
aee8253
feat(graphdb): restore queue metrics.
Zenithar Nov 29, 2024
a19ce98
chore(ci): fix nlreturn issues.
Zenithar Nov 29, 2024
338526e
feat(graphdb): change default settings.
Zenithar Nov 29, 2024
9af486e
test(config): fix tests.
Zenithar Nov 29, 2024
5cabd42
Fix log (#296)
edznux-dd Nov 29, 2024
c60598a
chore(doc): update reference configuration.
Zenithar Dec 2, 2024
d8de160
Merge pull request #295 from DataDog/zenithar/graphdb_batch_writer_re…
Zenithar Dec 2, 2024
0d76841
Fix umh core pattern attacks (#298)
jt-dd Dec 3, 2024
7dd7f32
Fix role-bind attack (#299)
jt-dd Dec 3, 2024
5965f9b
removed the use of labels (#300)
jt-dd Dec 3, 2024
30084a5
Fix flags for rootcmd (#301)
jt-dd Dec 9, 2024
560e11b
Zenithar/doc various cleanup (#294)
Zenithar Dec 9, 2024
5672467
feat(graphdb): split deletion transactions. (#303)
Zenithar Dec 9, 2024
49f5703
fix(ci): fix and update license enumeration.
Zenithar Dec 9, 2024
5182850
chore(legal): regenerate without vendored dependencies.
Zenithar Dec 9, 2024
af44573
Merge pull request #304 from DataDog/chore_ci_fix_license_enumeration
Zenithar Dec 10, 2024
0090c83
feat(graph): register composite indices.
Zenithar Dec 11, 2024
9110e5c
feat(graph): production-grade tweaking.
Zenithar Dec 11, 2024
80ab64a
feat(graph): use index for graph deletion.
Zenithar Dec 11, 2024
92ee53e
feat(graph): optimise path traversal.
Zenithar Dec 11, 2024
fae1eb0
chore(test): fix system tests.
Zenithar Dec 11, 2024
f653c89
feat(docker): JVM in docker options.
Zenithar Dec 11, 2024
0671711
feat(graph): revert dedup from DSL.
Zenithar Dec 11, 2024
8a3e920
fix(ci): restroe test values.
Zenithar Dec 11, 2024
efa60ec
chore(graph): increase max-limit, and disable force-index.
Zenithar Dec 11, 2024
06bf54c
Merge pull request #306 from DataDog/feat_graph_investigate_query_tim…
Zenithar Dec 11, 2024
ed5c0ff
chore(doc): add graph model page.
Zenithar Dec 20, 2024
300c346
chore(doc): fix broken links.
Zenithar Dec 20, 2024
798ef8e
typo: s/deamonsets/daemonsets/g
Minosity-VR Dec 31, 2024
83f8f5f
Merge pull request #308 from DataDog/simon.marechal/kh-fix-daemonset-…
Minosity-VR Jan 2, 2025
1fb3529
Merge pull request #307 from DataDog/zenithar/doc_add_graph_model_page
Zenithar Jan 3, 2025
d61fd22
chore(ci): update buildx step actions.
Zenithar Jan 3, 2025
8f9cc9e
chore(ci): update dd-sa step actions.
Zenithar Jan 3, 2025
0646970
chore(ci): update docker step actions.
Zenithar Jan 3, 2025
18cc0d6
chore(ci): update docs step actions.
Zenithar Jan 3, 2025
2daf6b1
chore(ci): update linter step actions.
Zenithar Jan 3, 2025
a7bc7c9
chore(ci): update system-test step actions.
Zenithar Jan 3, 2025
2cdde72
chore(ci): update unit-test step actions.
Zenithar Jan 3, 2025
6d0cde5
Merge pull request #309 from DataDog/zenithar/ci_update_actions
Zenithar Jan 3, 2025
0d544bf
chore(ci): update dependencies.
Zenithar Jan 3, 2025
96340aa
chore(ci): fore in-toto version.
Zenithar Jan 3, 2025
1b11840
chore(ci): freeze vulnerable dependencies.
Zenithar Jan 3, 2025
fabc707
chore(legal): regenerate 3rd party license bundle.
Zenithar Jan 3, 2025
ff06e67
chore(ci): allow access to dl.k8s.io
Zenithar Jan 3, 2025
ec67246
chore(ci): downgrade helm/kind action to 1.4.0
Zenithar Jan 3, 2025
d63a1da
chore(ci): restore helm/kind version, add cdn.dl.k8s.io to allowed tr…
Zenithar Jan 3, 2025
9f3c838
chore(test): fix missing kubeadm group.
Zenithar Jan 3, 2025
7e539a6
Merge pull request #310 from DataDog/zenithar/ci_update_dependencies
Zenithar Jan 3, 2025
187aafc
feat(graph): document mitre attck in schema.
Zenithar Jan 7, 2025
86793d3
feat(graph): use generic references
Zenithar Jan 7, 2025
ce11f9c
Merge pull request #311 from DataDog/zenithar/chore_add_attck_ref_to_…
Zenithar Jan 7, 2025
25f4b64
feat(graph): embed MITRE Attck technique and tactic into edges
Zenithar Jan 7, 2025
abb6b97
chore(doc): synchronise code and doc.
Zenithar Jan 8, 2025
3241ce1
chore(doc): add missing column suffixes.
Zenithar Jan 8, 2025
6eaec20
chore(doc): format edge index.
Zenithar Jan 8, 2025
ed77d83
chore(doc): update warning message for none coverage.
Zenithar Jan 8, 2025
24f655c
chore(doc): fix missing attck association.
Zenithar Jan 8, 2025
4474f1f
Merge pull request #312 from Zenithar/zenithar/feat_graph_embed_mitre…
Zenithar Jan 9, 2025
084d01a
[Fix] Add resilience and logs when failing during edges insertion ste…
jt-dd Jan 14, 2025
dd25721
[Fix] Add rolebinding namespace on namespace less ServiceAccount (#314)
jt-dd Jan 14, 2025
56408b5
Kubehound with no Docker lib dependency (#315)
jt-dd Jan 16, 2025
ae215f7
chore(doc): document backend overrides capabilities.
Zenithar Jan 24, 2025
a0dc22f
Merge pull request #317 from DataDog/doc/docker_image_overrides
Zenithar Jan 24, 2025
3fe51d2
fixing concurrency processing of runID (#318)
jt-dd Jan 24, 2025
d9710f9
using sync.Map instead of mutex + Map for concurrency lock (#319)
jt-dd Jan 24, 2025
30bb3b2
fix breaking changes in upload-artifacts v4 (#320)
jt-dd Jan 24, 2025
0078a74
Fix invalid character in build-binary CI job (#321)
jt-dd Jan 24, 2025
b75419f
fix missing artifacts in build-binaries CI job (#322)
jt-dd Jan 28, 2025
4a4e377
fix checkout v4 release missing artifact (#323)
jt-dd Jan 28, 2025
3cc9aa0
chore(doc): document traversal related dsl returning paths.
Zenithar Jan 30, 2025
16e785d
Merge pull request #325 from DataDog/zenithar/doc_path_for_traversal_dsl
Zenithar Jan 30, 2025
f425dd0
(doc) More precise installation instructions
Minosity-VR Feb 5, 2025
5238624
Handle detached release tag builds
Minosity-VR Feb 5, 2025
4ab1167
Note on building from a tag
Minosity-VR Feb 5, 2025
fcc3ecc
Merge pull request #327 from DataDog/simon.marechal/install-doc
Minosity-VR Feb 5, 2025
3f273ad
chore(go): Update to Go 1.24
Zenithar Feb 27, 2025
5e00a14
chore(go): update dependencies.
Zenithar Feb 27, 2025
a931d0f
chore(legal): regenerate 3rd party license bundle.
Zenithar Feb 27, 2025
5b00d78
chore(ci): fix linter config.
Zenithar Feb 27, 2025
af2e663
chore(ci): fix linter findings.
Zenithar Feb 27, 2025
fe5db47
chore(dep): freeze in-toto package.
Zenithar Feb 27, 2025
55f2b6e
Merge pull request #330 from DataDog/kubehound/go_124
Zenithar Mar 5, 2025
249585f
fix(docs): fix typo in getting-started.md
RiRa12621 Mar 11, 2025
07c7655
Merge pull request #332 from RiRa12621/patch-1
Minosity-VR Mar 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
95 changes: 39 additions & 56 deletions .github/workflows/buildx.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,16 +18,13 @@ jobs:
outputs:
matrix: ${{ steps.platforms.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Create matrix
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Create matrix
id: platforms
run: |
echo matrix=$(docker buildx bake binary-cross --print | jq -cr '.target."binary-cross".platforms') >> $GITHUB_OUTPUT
-
name: Show matrix
- name: Show matrix
run: |
echo ${{ steps.platforms.outputs.matrix }}

Expand All @@ -39,14 +36,11 @@ jobs:
target:
- lint
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Run
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
- name: Run
run: |
make ${{ matrix.target }}

Expand All @@ -59,35 +53,29 @@ jobs:
matrix:
platform: ${{ fromJson(needs.prepare.outputs.matrix) }}
steps:
-
name: Prepare
- name: Prepare
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-
name: Checkout
uses: actions/checkout@v3
-
name: Set up QEMU
uses: docker/setup-qemu-action@v2
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Build
uses: docker/bake-action@v2
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
- name: Build
uses: docker/bake-action@3fc70e1131fee40a422dd8dd0ff22014ae20a1f3 # v5.11.0
with:
targets: release
set: |
*.platform=${{ matrix.platform }}
*.cache-from=type=gha,scope=binary-${{ env.PLATFORM_PAIR }}
*.cache-to=type=gha,scope=binary-${{ env.PLATFORM_PAIR }},mode=max
-
name: Upload artifacts
uses: actions/upload-artifact@v3
- name: Upload artifacts
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: compose
path: ./bin/release/*
name: kubehound-${{ env.PLATFORM_PAIR }}
path: ./bin/release
if-no-files-found: error

release:
Expand All @@ -98,37 +86,32 @@ jobs:
needs:
- binary
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: Download artifacts
uses: actions/download-artifact@v3
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: compose
path: bin/release
-
name: Create checksums
working-directory: bin/release
pattern: kubehound-*
path: ./bin/release
merge-multiple: true
- name: Create checksums
working-directory: ./bin/release
run: |
find . -type f -print0 | sort -z | xargs -r0 shasum -a 256 -b | sed 's# \*\./# *#' > $RUNNER_TEMP/checksums.txt
shasum -a 256 -U -c $RUNNER_TEMP/checksums.txt
mv $RUNNER_TEMP/checksums.txt .
cat checksums.txt | while read sum file; do echo "$sum $file" > ${file#\*}.sha256; done
-
name: List artifacts
- name: List artifacts
run: |
tree -nh bin/release
-
name: Check artifacts
tree -nh ./bin/release
- name: Check artifacts
run: |
find bin/release -type f -exec file -e ascii -- {} +
-
name: GitHub Release
find ./bin/release -type f -exec file -e ascii -- {} +
- name: GitHub Release
if: startsWith(github.ref, 'refs/tags/v')
uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37 # v1.10.0
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
with:
artifacts: bin/release/*
artifacts: ./bin/release/*
generateReleaseNotes: true
draft: true
token: ${{ secrets.GITHUB_TOKEN }}
token: ${{ secrets.GITHUB_TOKEN }}
22 changes: 22 additions & 0 deletions .github/workflows/datadog-static-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: Datadog Static Analysis

on:
push:

permissions: {}

jobs:
static-analysis:
name: Datadog Static Analyzer
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Check code meets quality and security standards
id: datadog-static-analysis
uses: DataDog/datadog-static-analyzer-github-action@06d501a75f56e4075c67a7dbc61a74b6539a05c8 # v1.2.1
with:
dd_api_key: ${{ secrets.DD_API_KEY }}
dd_app_key: ${{ secrets.DD_APP_KEY }}
dd_site: datadoghq.com
cpu_count: 2
47 changes: 25 additions & 22 deletions .github/workflows/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,25 +17,25 @@ jobs:
docker-build-push:
runs-on: ubuntu-latest
strategy:
# https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs
matrix:
include:
- dockerfile: deployments/kubehound/kubegraph/Dockerfile
image: graph
workdir: deployments/kubehound/kubegraph/
- dockerfile: deployments/kubehound/notebook/Dockerfile
image: ui
workdir: deployments/kubehound/notebook/
- dockerfile: deployments/kubehound/ingestor/Dockerfile
image: ingestor
workdir: .
# https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs
matrix:
include:
- dockerfile: deployments/kubehound/graph/Dockerfile
image: graph
workdir: deployments/kubehound/graph/
- dockerfile: deployments/kubehound/ui/Dockerfile
image: ui
workdir: deployments/kubehound/ui/
- dockerfile: deployments/kubehound/binary/Dockerfile
image: binary
workdir: .
permissions:
contents: read
packages: write

steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
# egress-policy: audit
egress-policy: block
Expand Down Expand Up @@ -67,25 +67,28 @@ jobs:
productionresultssa8.blob.core.windows.net:443
results-receiver.actions.githubusercontent.com:443
vstsmms.actions.githubusercontent.com:443
raw.githubusercontent.com:443
nodejs.org:443
iojs.org:443

- name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0

- name: Build and push Docker image
if: ${{ github.event_name == 'push' }}
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
context: ${{ matrix.workdir }}
platforms: linux/amd64,linux/arm64
Expand All @@ -94,12 +97,12 @@ jobs:
build-args: |
VERSION=${{ github.ref_name }}
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ matrix.image }}:${{ github.ref_name }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ matrix.image }}:latest
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ matrix.image }}:${{ github.ref_name }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ matrix.image }}:latest

- name: Build and push Docker image
if: ${{ github.event_name == 'workflow_dispatch' }}
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
context: ${{ matrix.workdir }}
platforms: linux/amd64,linux/arm64
Expand All @@ -108,5 +111,5 @@ jobs:
build-args: |
VERSION=${{ github.sha }}
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ matrix.image }}:snapshot-${{ github.sha }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ matrix.image }}:latest
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ matrix.image }}:snapshot-${{ github.sha }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ matrix.image }}:latest
8 changes: 4 additions & 4 deletions .github/workflows/docs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: block
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
pypi.org:443

- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: 3.x
- run: pip install mkdocs-material mkdocs-awesome-pages-plugin markdown-captions
- run: mkdocs gh-deploy --force
- run: mkdocs gh-deploy --force
19 changes: 10 additions & 9 deletions .github/workflows/linter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ permissions:
jobs:
linter:
runs-on: ubuntu-latest
steps:
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: block
allowed-endpoints: >
Expand All @@ -28,17 +28,18 @@ jobs:
storage.googleapis.com:443
uploads.github.com:443
sum.golang.org:443

raw.githubusercontent.com:443

- name: Setup Golang
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: "1.22"
go-version: "1.24"

- name: Checkout Git Repo
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: golangci-lint
uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: v1.56.2
args: ./...
version: v1.64.5
args: ./...
57 changes: 0 additions & 57 deletions .github/workflows/release.yml
View file
Open in desktop

This file was deleted.

Loading