equinor · nilsgstrabo · Jun 26, 2024 · Jun 26, 2024 · Jun 26, 2024 · Jun 26, 2024
diff --git a/.github/workflows/radix-vulnerability-scanner-api-pr.yml b/.github/workflows/radix-vulnerability-scanner-api-pr.yml
@@ -9,7 +9,7 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Build docker image
       env:
         REF: ${{ github. sha }}
@@ -28,13 +28,13 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v4
         with:
-          version: v1.55.2
+          version: v1.58.2
 
   test:
     name: Unit Test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
@@ -43,30 +43,36 @@ jobs:
       - name: Run Tests
         run: go test -cover `go list ./...`
 
-  test-swagger:
-    name: Test Swagger
+  verify-code-generation:
+    name: Verify Code Generation
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+      - name: Verify Code Generation
+        run: |
+          make verify-generate        
+
+  report-swagger-changes:
+    name: Report Changes In Swagger Spec
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - run: git fetch --no-tags --no-recurse-submodules --depth=1  origin master:master
       - uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
-      - name: Install dependencies
-        run: go mod download
       - name: Install Swagger
-        run: go install github.com/go-swagger/go-swagger/cmd/swagger@v0.30.5
-      - name: Generate Swagger
-        run: swagger generate spec -o ./swagger.json -m -x=github.com/equinor/radix-vulnerability-scanner-api/radix_api/generated_client/models
-      - name: Validate no changes
-        run: diff swagger.json ./swaggerui/html/swagger.json
+        run: go install github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0
       - name: Check breaking changes
         if: always()
         id: breaking
         continue-on-error: true
-        run: swagger diff --break <(git show master:swaggerui/html/swagger.json) swagger.json > /tmp/swagger_breaking_changes.txt
+        run: swagger diff --break <(git show master:swaggerui/html/swagger.json) swaggerui/html/swagger.json > /tmp/swagger_breaking_changes.txt
       - name: Add comment
-        if: failure() && steps.breaking.outcome == 'failure'
+        if: steps.breaking.outcome == 'failure'
         uses: mshick/add-pr-comment@v2
         with:
           message-id: breaking-comment
@@ -80,11 +86,6 @@ jobs:
       - name: 'Fake TOKEN FOR RADIX CLI'
         run: echo "APP_SERVICE_ACCOUNT_TOKEN=hello-world" >> $GITHUB_ENV
       - uses: actions/checkout@v4
-      - run: git fetch --no-tags --no-recurse-submodules --depth=1  origin master:master
-
-      - run: make generate-radixconfig-envs
-      - name: Test radixconfig template changes
-        run: git diff --exit-code
 
       - name: 'Validate C2'
         uses: equinor/radix-github-actions@v1

diff --git a/Dockerfile b/Dockerfile
@@ -1,28 +1,16 @@
-FROM docker.io/golang:1.21-alpine3.18 as builder
-
-RUN apk update && \
-    apk add bash jq alpine-sdk sed gawk git ca-certificates curl mc && \
-    apk add --no-cache gcc musl-dev
-
-WORKDIR /go/src/github.com/equinor/radix-vulnerability-scanner-api/
-
-# get dependencies
+# Build stage
+FROM docker.io/golang:1.22-alpine3.20 as builder
+ENV CGO_ENABLED=0 \
+    GOOS=linux
+WORKDIR /src
 COPY go.mod go.sum ./
 RUN go mod download
-
-# copy api code
 COPY . .
+RUN go build -ldflags "-s -w" -o /build/radix-vulnerability-scanner-api
 
-# Build radix vulnerability scanner API go project
-RUN CGO_ENABLED=0 GOOS=linux go build -ldflags "-s -w" -a -installsuffix cgo -o /usr/local/bin/radix-vulnerability-scanner-api
-
-RUN addgroup -S -g 1000 radix-vuln-scanner
-RUN adduser -S -u 1000 -G radix-vuln-scanner radix-vuln-scanner
-
-FROM scratch
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=builder /usr/local/bin/radix-vulnerability-scanner-api /usr/local/bin/radix-vulnerability-scanner-api
-COPY --from=builder /etc/passwd /etc/passwd
+# Final stage, ref https://github.com/GoogleContainerTools/distroless/blob/main/base/README.md for distroless
+FROM gcr.io/distroless/static
+WORKDIR /app
+COPY --from=builder /build/radix-vulnerability-scanner-api .
 USER 1000
-EXPOSE 3003
-ENTRYPOINT ["/usr/local/bin/radix-vulnerability-scanner-api"]
+ENTRYPOINT ["/app/radix-vulnerability-scanner-api"]
diff --git a/Makefile b/Makefile
@@ -24,8 +24,8 @@ lint: bootstrap
 generate-radix-api-client: bootstrap
 	swagger generate client -t ./radix_api/generated_client -f https://api.radix.equinor.com/swaggerui/swagger.json -A RadixApi
 
-.PHONY: generate-radixconfig-envs
-generate-radixconfig-envs:
+.PHONY: radixconfigs
+radixconfigs:
 	# radix-id-vulnerability-scan-reader-<env>
 	AZURE_CLIENT_ID=5bf4ef3d-6c0b-4eee-89ed-966a897eef6e SQL_SERVER=sql-radix-vulnerability-scan-dev.database.windows.net envsubst < radixconfig.tpl.yaml > radixconfig.dev.yaml
 	AZURE_CLIENT_ID=5381b944-c904-4c5d-8672-7cedadaf50af SQL_SERVER=sql-radix-vulnerability-scan-c2.database.windows.net envsubst < radixconfig.tpl.yaml > radixconfig.c2.yaml
@@ -49,16 +49,23 @@ mocks: bootstrap
 	mockgen -source ./radix_api/generated_client/client/environment/environment_client.go -destination ./radix_api/mock_client/client/environment/environment_client.go -package environmentmock
 	mockgen -source ./utils/auth/auth_provider.go -destination ./utils/auth/mock/auth_provider.go -package mock
 
+.PHONY: generate
+generate: radixconfigs mocks swagger
+
+.PHONY: verify-generate
+verify-generate: generate
+	git diff --exit-code
+
 HAS_SWAGGER       := $(shell command -v swagger;)
 HAS_GOLANGCI_LINT := $(shell command -v golangci-lint;)
 HAS_MOCKGEN       := $(shell command -v mockgen;)
 
 bootstrap:
 ifndef HAS_SWAGGER
-	go install github.com/go-swagger/go-swagger/cmd/swagger@v0.30.5
+	go install github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0
 endif
 ifndef HAS_GOLANGCI_LINT
-	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2
+	go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.58.2
 endif
 ifndef HAS_MOCKGEN
 	go install github.com/golang/mock/mockgen@v1.6.0

diff --git a/go.mod b/go.mod
@@ -1,107 +1,102 @@
 module github.com/equinor/radix-vulnerability-scanner-api
 
-go 1.21
-
-toolchain go1.21.0
+go 1.22
 
 require (
-	github.com/coreos/go-oidc/v3 v3.9.0
+	github.com/coreos/go-oidc/v3 v3.10.0
 	github.com/equinor/radix-common v1.9.2
-	github.com/gin-contrib/cors v1.5.0
-	github.com/gin-gonic/gin v1.9.1
-	github.com/go-openapi/errors v0.21.0
-	github.com/go-openapi/runtime v0.26.2
-	github.com/go-openapi/strfmt v0.22.0
-	github.com/go-openapi/swag v0.22.7
-	github.com/go-openapi/validate v0.22.6
-	github.com/go-swagger/go-swagger v0.30.5
+	github.com/gin-contrib/cors v1.7.2
+	github.com/gin-gonic/gin v1.10.0
+	github.com/go-openapi/errors v0.22.0
+	github.com/go-openapi/runtime v0.28.0
+	github.com/go-openapi/strfmt v0.23.0
+	github.com/go-openapi/swag v0.23.0
+	github.com/go-openapi/validate v0.24.0
+	github.com/go-swagger/go-swagger v0.31.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/golang/mock v1.6.0
 	github.com/rs/xid v1.5.0
-	github.com/rs/zerolog v1.32.0
+	github.com/rs/zerolog v1.33.0
 	github.com/spf13/pflag v1.0.5
-	github.com/stretchr/testify v1.8.4
-	gorm.io/driver/sqlserver v1.5.1
-	gorm.io/gorm v1.25.7
+	github.com/stretchr/testify v1.9.0
+	gorm.io/driver/sqlserver v1.5.3
+	gorm.io/gorm v1.25.10
 	gorm.io/hints v1.1.2
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
-	github.com/chenzhuoyu/iasm v0.9.0 // indirect
-	github.com/elnormous/contenttype v1.0.4 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
-	github.com/go-playground/validator/v10 v10.16.0 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/uuid v1.5.0 // indirect
-	github.com/kylelemons/godebug v1.1.0 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	go.opentelemetry.io/otel/metric v1.17.0 // indirect
-	golang.org/x/oauth2 v0.13.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/apimachinery v0.29.0 // indirect
-	k8s.io/klog/v2 v2.110.1 // indirect
-	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
-)
-
-require (
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/bytedance/sonic v1.10.1 // indirect
-	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/bytedance/sonic v1.11.6 // indirect
+	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/elnormous/contenttype v1.0.4 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/analysis v0.22.0 // indirect
-	github.com/go-openapi/jsonpointer v0.20.2 // indirect
-	github.com/go-openapi/jsonreference v0.20.4 // indirect
-	github.com/go-openapi/loads v0.21.5 // indirect
-	github.com/go-openapi/spec v0.20.13 // indirect
+	github.com/go-openapi/analysis v0.23.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/loads v0.22.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.20.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
 	github.com/golang-sql/sqlexp v0.1.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
-	github.com/leodido/go-urn v1.2.4 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
-	github.com/microsoft/go-mssqldb v1.1.0
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/microsoft/go-mssqldb v1.6.0
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.11 // indirect
-	go.mongodb.org/mongo-driver v1.13.1 // indirect
-	go.opentelemetry.io/otel v1.17.0 // indirect
-	go.opentelemetry.io/otel/trace v1.17.0 // indirect
-	golang.org/x/arch v0.5.0 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/sync v0.1.0
-	golang.org/x/sys v0.15.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	github.com/ugorji/go/codec v1.2.12 // indirect
+	go.mongodb.org/mongo-driver v1.14.0 // indirect
+	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	golang.org/x/arch v0.8.0 // indirect
+	golang.org/x/crypto v0.24.0 // indirect
+	golang.org/x/net v0.26.0 // indirect
+	golang.org/x/oauth2 v0.21.0 // indirect
+	golang.org/x/sync v0.7.0
+	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apimachinery v0.29.0 // indirect
+	k8s.io/klog/v2 v2.110.1 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )