mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2025-01-05 13:19:13 +01:00
parent
db666d1e40
commit
0d8623bf04
13
.github/.pre-commit-config.yaml
vendored
13
.github/.pre-commit-config.yaml
vendored
@ -1,13 +0,0 @@
|
||||
- repo: https://github.com/gitleaks/gitleaks
|
||||
rev: v8.16.3
|
||||
hooks:
|
||||
- id: gitleaks
|
||||
- repo: https://github.com/jumanjihouse/pre-commit-hooks
|
||||
rev: 3.0.0
|
||||
hooks:
|
||||
- id: shellcheck
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v4.4.0
|
||||
hooks:
|
||||
- id: end-of-file-fixer
|
||||
- id: trailing-whitespace
|
1
.github/CODEOWNERS
vendored
Normal file
1
.github/CODEOWNERS
vendored
Normal file
@ -0,0 +1 @@
|
||||
* @dotneft
|
31
.github/workflows/dependency-review.yml
vendored
Normal file
31
.github/workflows/dependency-review.yml
vendored
Normal file
@ -0,0 +1,31 @@
|
||||
# Dependency Review Action
|
||||
#
|
||||
# This Action will scan dependency manifest files that change as part of a Pull Request,
|
||||
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
|
||||
# Once installed, if the workflow run is marked as required,
|
||||
# PRs introducing known-vulnerable packages will be blocked from merging.
|
||||
#
|
||||
# Source repository: https://github.com/actions/dependency-review-action
|
||||
name: 'Dependency Review'
|
||||
on: [pull_request]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
dependency-review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
disable-sudo: true
|
||||
egress-policy: block
|
||||
allowed-endpoints: >
|
||||
api.github.com:443
|
||||
github.com:443
|
||||
|
||||
- name: 'Checkout Repository'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- name: 'Dependency Review'
|
||||
uses: actions/dependency-review-action@80f10bf419f34980065523f5efca7ebed17576aa # v4.1.0
|
70
.github/workflows/dockerhub_description.yml
vendored
Normal file
70
.github/workflows/dockerhub_description.yml
vendored
Normal file
@ -0,0 +1,70 @@
|
||||
name: DockerHub Description
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'trunk'
|
||||
paths:
|
||||
- 'Dockerfiles/*/README.md'
|
||||
- '.github/workflows/dockerhub_description.yml'
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
DOCKER_REPOSITORY: "zabbix"
|
||||
IMAGES_PREFIX: "zabbix-"
|
||||
DOCKERFILES_DIRECTORY: "./Dockerfiles"
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
main:
|
||||
name: Update description
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
DOCKER_REPOSITORY: "zabbix"
|
||||
permissions:
|
||||
contents: read
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
component:
|
||||
- build-base
|
||||
- build-mysql
|
||||
- build-pgsql
|
||||
- build-sqlite3
|
||||
- agent
|
||||
- agent2
|
||||
- java-gateway
|
||||
- proxy-mysql
|
||||
- proxy-sqlite3
|
||||
- server-mysql
|
||||
- server-pgsql
|
||||
- snmptraps
|
||||
- web-apache-mysql
|
||||
- web-apache-pgsql
|
||||
- web-nginx-mysql
|
||||
- web-nginx-pgsql
|
||||
- web-service
|
||||
steps:
|
||||
- name: Block egress traffic
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
disable-sudo: true
|
||||
egress-policy: block
|
||||
allowed-endpoints: >
|
||||
github.com:443
|
||||
hub.docker.com:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 1
|
||||
|
||||
- name: Update DockerHub repo description (zabbix-${{ matrix.component }})
|
||||
uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
repository: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.component }}
|
||||
readme-filepath: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.component }}/README.md
|
200
.github/workflows/images_build.yml
vendored
200
.github/workflows/images_build.yml
vendored
@ -66,7 +66,7 @@ jobs:
|
||||
github.com:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -87,7 +87,7 @@ jobs:
|
||||
env:
|
||||
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
||||
run: |
|
||||
os_list=$(jq -r '.["os-linux"] | keys | [ .[] | tostring ] | @json' "$MATRIX_FILE")
|
||||
os_list=$(jq -r '.["os-linux"] | keys | map(select(. != "rhel")) | [ .[] | tostring ] | @json' "$MATRIX_FILE")
|
||||
|
||||
echo "::group::Operating System List"
|
||||
echo "$os_list"
|
||||
@ -95,25 +95,12 @@ jobs:
|
||||
|
||||
echo "list=$os_list" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Prepare Platform list
|
||||
id: platform_list
|
||||
env:
|
||||
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
||||
run: |
|
||||
platform_list=$(jq -r '.["os-linux"] | tostring | @json' "$MATRIX_FILE")
|
||||
|
||||
echo "::group::Platform List"
|
||||
echo "$platform_list"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "list=$platform_list" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Prepare Database engine list
|
||||
id: database
|
||||
env:
|
||||
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
||||
run: |
|
||||
database_list=$(jq -r '[.components | values[] ] | sort | unique | del(.. | select ( . == "" ) ) | [ .[] | tostring ] | @json' "$MATRIX_FILE")
|
||||
database_list=$(jq -r '[.components | values[].base ] | sort | unique | del(.. | select ( . == "" ) ) | @json' "$MATRIX_FILE")
|
||||
|
||||
echo "::group::Database List"
|
||||
echo "$database_list"
|
||||
@ -126,7 +113,7 @@ jobs:
|
||||
env:
|
||||
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
||||
run: |
|
||||
component_list=$(jq -r '.components | keys | [ .[] | tostring ] | @json' "$MATRIX_FILE")
|
||||
component_list=$(jq -r '.components | keys | @json' "$MATRIX_FILE")
|
||||
|
||||
echo "::group::Zabbix Component List"
|
||||
echo "$component_list"
|
||||
@ -184,16 +171,13 @@ jobs:
|
||||
egress-policy: block
|
||||
allowed-endpoints: >
|
||||
api.github.com:443
|
||||
archive.ubuntu.com:443
|
||||
archive.ubuntu.com:80
|
||||
atl.mirrors.knownhost.com:443
|
||||
atl.mirrors.knownhost.com:80
|
||||
auth.docker.io:443
|
||||
cdn03.quay.io:443
|
||||
centos-distro.1gservers.com:80
|
||||
centos-stream-distro.1gservers.com:443
|
||||
centos-stream-distro.1gservers.com:80
|
||||
centos.mirror.shastacoe.net:80
|
||||
dfw.mirror.rackspace.com:443
|
||||
dfw.mirror.rackspace.com:80
|
||||
dl-cdn.alpinelinux.org:443
|
||||
@ -205,8 +189,6 @@ jobs:
|
||||
ftp-nyc.osuosl.org:80
|
||||
ftp-osl.osuosl.org:443
|
||||
ftp-osl.osuosl.org:80
|
||||
ftp.agdsn.de:443
|
||||
ftp.osuosl.org:80
|
||||
ftp.plusline.net:443
|
||||
ftp.plusline.net:80
|
||||
ftpmirror.your.org:80
|
||||
@ -221,17 +203,13 @@ jobs:
|
||||
mirror-mci.yuki.net.uk:80
|
||||
mirror.arizona.edu:443
|
||||
mirror.arizona.edu:80
|
||||
mirror.ash.fastserv.com:80
|
||||
mirror.dogado.de:443
|
||||
mirror.dogado.de:80
|
||||
mirror.ette.biz:80
|
||||
mirror.facebook.net:443
|
||||
mirror.facebook.net:80
|
||||
mirror.fcix.net:443
|
||||
mirror.hoobly.com:443
|
||||
mirror.hoobly.com:80
|
||||
mirror.math.princeton.edu:443
|
||||
mirror.metrocast.net:80
|
||||
mirror.netzwerge.de:443
|
||||
mirror.pilotfiber.com:443
|
||||
mirror.pilotfiber.com:80
|
||||
@ -241,14 +219,12 @@ jobs:
|
||||
mirror.scaleuptech.com:80
|
||||
mirror.servaxnet.com:443
|
||||
mirror.servaxnet.com:80
|
||||
mirror.sfo12.us.leaseweb.net:80
|
||||
mirror.siena.edu:80
|
||||
mirror.stream.centos.org:443
|
||||
mirror.stream.centos.org:80
|
||||
mirror.team-cymru.com:443
|
||||
mirror.team-cymru.com:80
|
||||
mirror1.hs-esslingen.de:443
|
||||
mirrorlist.centos.org:80
|
||||
mirrors.centos.org:443
|
||||
mirrors.fedoraproject.org:443
|
||||
mirrors.fedoraproject.org:80
|
||||
@ -259,38 +235,27 @@ jobs:
|
||||
mirrors.sonic.net:443
|
||||
mirrors.wcupa.edu:443
|
||||
mirrors.wcupa.edu:80
|
||||
mirrors.xtom.com:80
|
||||
mirrors.xtom.de:443
|
||||
mirrors.xtom.de:80
|
||||
na.edge.kernel.org:443
|
||||
nocix.mm.fcix.net:443
|
||||
oauth2.sigstore.dev:443
|
||||
objects.githubusercontent.com:443
|
||||
ports.ubuntu.com:443
|
||||
ports.ubuntu.com:80
|
||||
production.cloudflare.docker.com:443
|
||||
quay.io:443
|
||||
registry-1.docker.io:443
|
||||
rekor.sigstore.dev:443
|
||||
repo.ialab.dsu.edu:443
|
||||
repo1.sea.innoscale.net:80
|
||||
repos.eggycrew.com:443
|
||||
repos.eggycrew.com:80
|
||||
scientificlinux.physik.uni-muenchen.de:80
|
||||
security.ubuntu.com:443
|
||||
security.ubuntu.com:80
|
||||
southfront.mm.fcix.net:80
|
||||
tuf-repo-cdn.sigstore.dev:443
|
||||
tx-mirror.tier.net:80
|
||||
uvermont.mm.fcix.net:443
|
||||
volico.mm.fcix.net:80
|
||||
www.gtlib.gatech.edu:80
|
||||
yum.oracle.com:443
|
||||
ziply.mm.fcix.net:443
|
||||
ziply.mm.fcix.net:80
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -304,18 +269,18 @@ jobs:
|
||||
run: cosign version
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
|
||||
with:
|
||||
image: tonistiigi/binfmt:latest
|
||||
platforms: all
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
with:
|
||||
driver-opts: image=moby/buildkit:master
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
@ -337,7 +302,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_BUILD_NAME }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
@ -354,7 +319,7 @@ jobs:
|
||||
|
||||
- name: Build and publish image
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v5
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
with:
|
||||
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }}
|
||||
file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ env.BASE_BUILD_NAME }}/${{ matrix.os }}/Dockerfile
|
||||
@ -403,7 +368,7 @@ jobs:
|
||||
echo "$DIGEST" > "$CACHE_FILE_NAME"
|
||||
|
||||
- name: Cache image digest
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }}
|
||||
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
@ -451,7 +416,7 @@ jobs:
|
||||
rekor.sigstore.dev:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -465,18 +430,18 @@ jobs:
|
||||
run: cosign version
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
|
||||
with:
|
||||
image: tonistiigi/binfmt:latest
|
||||
platforms: all
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
with:
|
||||
driver-opts: image=moby/buildkit:master
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
@ -498,7 +463,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.build }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
@ -514,7 +479,7 @@ jobs:
|
||||
latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }}
|
||||
|
||||
- name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.os }}
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.os }}
|
||||
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
@ -559,7 +524,7 @@ jobs:
|
||||
|
||||
- name: Build ${{ matrix.build }}/${{ matrix.os }} and push
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v5
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
with:
|
||||
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}
|
||||
file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile
|
||||
@ -608,7 +573,7 @@ jobs:
|
||||
echo "$DIGEST" > $CACHE_FILE_NAME
|
||||
|
||||
- name: Caching SHA256 tag of the image
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ matrix.build }}_${{ matrix.os }}
|
||||
key: ${{ matrix.build }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
@ -635,63 +600,45 @@ jobs:
|
||||
egress-policy: block
|
||||
allowed-endpoints: >
|
||||
api.github.com:443
|
||||
archive.ubuntu.com:443
|
||||
archive.ubuntu.com:80
|
||||
auth.docker.io:443
|
||||
dl-cdn.alpinelinux.org:443
|
||||
github.com:443
|
||||
index.docker.io:443
|
||||
production.cloudflare.docker.com:443
|
||||
registry-1.docker.io:443
|
||||
fulcio.sigstore.dev:443
|
||||
objects.githubusercontent.com:443
|
||||
tuf-repo-cdn.sigstore.dev:443
|
||||
rekor.sigstore.dev:443
|
||||
api.github.com:443
|
||||
atl.mirrors.knownhost.com:443
|
||||
atl.mirrors.knownhost.com:80
|
||||
auth.docker.io:443
|
||||
cdn03.quay.io:443
|
||||
centos-distro.1gservers.com:80
|
||||
centos-stream-distro.1gservers.com:443
|
||||
centos-stream-distro.1gservers.com:80
|
||||
centos.mirror.shastacoe.net:80
|
||||
d2lzkl7pfhq30w.cloudfront.net:443
|
||||
deb.debian.org:80
|
||||
dfw.mirror.rackspace.com:443
|
||||
dfw.mirror.rackspace.com:80
|
||||
dl-cdn.alpinelinux.org:443
|
||||
dl.google.com:443
|
||||
download.cf.centos.org:443
|
||||
download.cf.centos.org:80
|
||||
epel.mirror.constant.com:443
|
||||
epel.mirror.constant.com:80
|
||||
forksystems.mm.fcix.net:80
|
||||
ftp-nyc.osuosl.org:443
|
||||
ftp-nyc.osuosl.org:80
|
||||
ftp-osl.osuosl.org:443
|
||||
ftp-osl.osuosl.org:80
|
||||
ftp.agdsn.de:443
|
||||
ftp.osuosl.org:80
|
||||
ftp.plusline.net:443
|
||||
ftp.plusline.net:80
|
||||
ftpmirror.your.org:80
|
||||
fulcio.sigstore.dev:443
|
||||
github.com:443
|
||||
iad.mirror.rackspace.com:443
|
||||
iad.mirror.rackspace.com:80
|
||||
index.docker.io:443
|
||||
ix-denver.mm.fcix.net:443
|
||||
keyserver.ubuntu.com:11371
|
||||
lesnet.mm.fcix.net:443
|
||||
mirror-mci.yuki.net.uk:443
|
||||
mirror-mci.yuki.net.uk:80
|
||||
mirror.23m.com:80
|
||||
mirror.arizona.edu:443
|
||||
mirror.arizona.edu:80
|
||||
mirror.ash.fastserv.com:80
|
||||
mirror.dal.nexril.net:80
|
||||
mirror.de.leaseweb.net:80
|
||||
mirror.dogado.de:443
|
||||
mirror.dogado.de:80
|
||||
mirror.ette.biz:80
|
||||
mirror.facebook.net:443
|
||||
mirror.facebook.net:80
|
||||
mirror.fcix.net:443
|
||||
mirror.hoobly.com:443
|
||||
mirror.hoobly.com:80
|
||||
mirror.math.princeton.edu:443
|
||||
mirror.math.princeton.edu:80
|
||||
mirror.metrocast.net:80
|
||||
mirror.netcologne.de:443
|
||||
mirror.netzwerge.de:443
|
||||
mirror.pilotfiber.com:443
|
||||
@ -699,77 +646,74 @@ jobs:
|
||||
mirror.rackspace.com:443
|
||||
mirror.rackspace.com:80
|
||||
mirror.scaleuptech.com:443
|
||||
mirror.scaleuptech.com:80
|
||||
mirror.servaxnet.com:443
|
||||
mirror.servaxnet.com:80
|
||||
mirror.sfo12.us.leaseweb.net:80
|
||||
mirror.siena.edu:80
|
||||
mirror.steadfastnet.com:80
|
||||
mirror.stream.centos.org:443
|
||||
mirror.stream.centos.org:80
|
||||
mirror.team-cymru.com:443
|
||||
mirror.team-cymru.com:80
|
||||
mirror.umd.edu:443
|
||||
mirror1.hs-esslingen.de:443
|
||||
mirrorlist.centos.org:80
|
||||
mirrors.centos.org:443
|
||||
mirrors.fedoraproject.org:443
|
||||
mirrors.fedoraproject.org:80
|
||||
mirrors.iu13.net:443
|
||||
mirrors.iu13.net:80
|
||||
mirrors.mit.edu:443
|
||||
mirrors.ocf.berkeley.edu:443
|
||||
mirrors.ocf.berkeley.edu:80
|
||||
mirrors.sonic.net:443
|
||||
mirrors.sonic.net:80
|
||||
mirrors.syringanetworks.net:80
|
||||
mirrors.vcea.wsu.edu:80
|
||||
mirrors.wcupa.edu:443
|
||||
mirrors.wcupa.edu:80
|
||||
mirrors.xtom.com:80
|
||||
mirrors.xtom.de:443
|
||||
mirrors.xtom.de:80
|
||||
na.edge.kernel.org:443
|
||||
nginx.org:443
|
||||
nginx.org:80
|
||||
nnenix.mm.fcix.net:80
|
||||
nocix.mm.fcix.net:443
|
||||
oauth2.sigstore.dev:443
|
||||
objects.githubusercontent.com:443
|
||||
ohioix.mm.fcix.net:80
|
||||
ports.ubuntu.com:443
|
||||
ports.ubuntu.com:80
|
||||
production.cloudflare.docker.com:443
|
||||
pubmirror1.math.uh.edu:443
|
||||
pubmirror3.math.uh.edu:80
|
||||
quay.io:443
|
||||
registry-1.docker.io:443
|
||||
rekor.sigstore.dev:443
|
||||
repo.ialab.dsu.edu:443
|
||||
repo.ialab.dsu.edu:80
|
||||
repo1.sea.innoscale.net:80
|
||||
repos.eggycrew.com:443
|
||||
repos.eggycrew.com:80
|
||||
scientificlinux.physik.uni-muenchen.de:80
|
||||
security.ubuntu.com:443
|
||||
security.ubuntu.com:80
|
||||
southfront.mm.fcix.net:80
|
||||
tuf-repo-cdn.sigstore.dev:443
|
||||
tx-mirror.tier.net:80
|
||||
uvermont.mm.fcix.net:443
|
||||
uvermont.mm.fcix.net:80
|
||||
volico.mm.fcix.net:80
|
||||
www.gtlib.gatech.edu:80
|
||||
yum.oracle.com:443
|
||||
ziply.mm.fcix.net:443
|
||||
ziply.mm.fcix.net:80
|
||||
keyserver.ubuntu.com:80
|
||||
p80.pool.sks-keyservers.net:80
|
||||
pgp.mit.edu:11371
|
||||
ha.pool.sks-keyservers.net:11371
|
||||
fulcio.sigstore.dev:443
|
||||
objects.githubusercontent.com:443
|
||||
tuf-repo-cdn.sigstore.dev:443
|
||||
rekor.sigstore.dev:443
|
||||
oauth2.sigstore.dev:443
|
||||
api.github.com:443
|
||||
auth.docker.io:443
|
||||
github.com:443
|
||||
index.docker.io:443
|
||||
production.cloudflare.docker.com:443
|
||||
registry-1.docker.io:443
|
||||
yum.oracle.com:443
|
||||
fulcio.sigstore.dev:443
|
||||
objects.githubusercontent.com:443
|
||||
tuf-repo-cdn.sigstore.dev:443
|
||||
rekor.sigstore.dev:443
|
||||
api.github.com:443
|
||||
archive.ubuntu.com:80
|
||||
auth.docker.io:443
|
||||
deb.debian.org:80
|
||||
github.com:443
|
||||
index.docker.io:443
|
||||
keyserver.ubuntu.com:11371
|
||||
nginx.org:443
|
||||
nginx.org:80
|
||||
ports.ubuntu.com:80
|
||||
production.cloudflare.docker.com:443
|
||||
registry-1.docker.io:443
|
||||
security.ubuntu.com:80
|
||||
fulcio.sigstore.dev:443
|
||||
objects.githubusercontent.com:443
|
||||
tuf-repo-cdn.sigstore.dev:443
|
||||
rekor.sigstore.dev:443
|
||||
>>>>>>> 05d38ba67 (Merge pull request #1188 from zabbix/merge_6.0)
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -783,18 +727,18 @@ jobs:
|
||||
run: cosign version
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
|
||||
with:
|
||||
image: tonistiigi/binfmt:latest
|
||||
platforms: all
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
|
||||
with:
|
||||
driver-opts: image=moby/buildkit:master
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
@ -835,7 +779,7 @@ jobs:
|
||||
MATRIX_BUILD: ${{ matrix.build }}
|
||||
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
||||
run: |
|
||||
BUILD_BASE=$(jq -r ".components.\"$MATRIX_BUILD\"" "$MATRIX_FILE")
|
||||
BUILD_BASE=$(jq -r ".components.\"$MATRIX_BUILD\".base" "$MATRIX_FILE")
|
||||
|
||||
echo "::group::Base Build Image"
|
||||
echo "$BUILD_BASE"
|
||||
@ -845,7 +789,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX}}${{ matrix.build }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
@ -861,7 +805,7 @@ jobs:
|
||||
latest=${{ (needs.init_build.outputs.current_branch != 'trunk') && (matrix.os == 'alpine') && ( needs.init_build.outputs.is_default_branch == 'true' ) }}
|
||||
|
||||
- name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }}
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
if: ${{ matrix.build != 'snmptraps' }}
|
||||
with:
|
||||
path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.os }}
|
||||
@ -925,7 +869,7 @@ jobs:
|
||||
|
||||
- name: Build and push image
|
||||
id: docker_build
|
||||
uses: docker/build-push-action@v5
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
with:
|
||||
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}
|
||||
file: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/${{ matrix.os }}/Dockerfile
|
||||
|
571
.github/workflows/images_build_rhel.yml
vendored
571
.github/workflows/images_build_rhel.yml
vendored
@ -4,7 +4,22 @@ on:
|
||||
release:
|
||||
types:
|
||||
- published
|
||||
push:
|
||||
branches:
|
||||
- '[0-9]+.[0-9]+'
|
||||
- 'trunk'
|
||||
paths:
|
||||
- 'Dockerfiles/*/rhel/*'
|
||||
- 'build.json'
|
||||
- '!**/README.md'
|
||||
- '.github/workflows/images_build_rhel.yml'
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
publish_images:
|
||||
description: 'Publish images'
|
||||
required: true
|
||||
default: false
|
||||
type: boolean
|
||||
|
||||
defaults:
|
||||
run:
|
||||
@ -14,13 +29,14 @@ permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
AUTO_PUSH_IMAGES: ${{ contains(fromJSON('["workflow_dispatch"]'), github.event_name) && 'false' || vars.AUTO_PUSH_IMAGES }}
|
||||
AUTO_PUSH_IMAGES: ${{ contains(fromJSON('["workflow_dispatch", "push"]'), github.event_name) && 'false' || vars.AUTO_PUSH_IMAGES }}
|
||||
|
||||
LATEST_BRANCH: ${{ github.event.repository.default_branch }}
|
||||
TRUNK_GIT_BRANCH: "refs/heads/trunk"
|
||||
IMAGES_PREFIX: "zabbix-"
|
||||
BASE_BUILD_NAME: "build-base"
|
||||
|
||||
MATRIX_FILE: "build.json"
|
||||
DOCKERFILES_DIRECTORY: "Dockerfiles"
|
||||
|
||||
OIDC_ISSUER: "https://token.actions.githubusercontent.com"
|
||||
@ -31,6 +47,9 @@ env:
|
||||
PREFLIGHT_IMAGE: "quay.io/opdev/preflight:stable"
|
||||
PFLT_LOGLEVEL: "warn"
|
||||
PFLT_ARTIFACTS: "/tmp/artifacts"
|
||||
IMAGE_DIR: "/tmp/images"
|
||||
|
||||
RHEL_BUILD: "true"
|
||||
|
||||
jobs:
|
||||
init_build:
|
||||
@ -38,11 +57,15 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
actions: write
|
||||
outputs:
|
||||
platforms: ${{ steps.platform_list.outputs.list }}
|
||||
database: ${{ steps.database.outputs.list }}
|
||||
components: ${{ steps.components.outputs.list }}
|
||||
is_default_branch: ${{ steps.branch_info.outputs.is_default_branch }}
|
||||
current_branch: ${{ steps.branch_info.outputs.current_branch }}
|
||||
sha_short: ${{ steps.branch_info.outputs.sha_short }}
|
||||
secret_prefix: ${{ steps.branch_info.outputs.secret_prefix }}
|
||||
steps:
|
||||
- name: Block egress traffic
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
@ -50,12 +73,64 @@ jobs:
|
||||
disable-sudo: true
|
||||
egress-policy: block
|
||||
allowed-endpoints: >
|
||||
api.github.com:443
|
||||
github.com:443
|
||||
objects.githubusercontent.com:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 1
|
||||
sparse-checkout: ${{ env.MATRIX_FILE }}
|
||||
|
||||
- name: Check ${{ env.MATRIX_FILE }} file
|
||||
id: build_exists
|
||||
env:
|
||||
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
||||
run: |
|
||||
if [[ ! -f "$MATRIX_FILE" ]]; then
|
||||
echo "::error::File $MATRIX_FILE is missing"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
- name: Prepare Platform list
|
||||
id: platform_list
|
||||
env:
|
||||
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
||||
run: |
|
||||
platform_list=$(jq -r '.["os-linux"].rhel | @json' "$MATRIX_FILE")
|
||||
|
||||
echo "::group::Platform List"
|
||||
echo "$platform_list"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "list=$platform_list" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Prepare Database engine list
|
||||
id: database
|
||||
env:
|
||||
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
||||
run: |
|
||||
database_list=$(jq -r '[.components | map_values(select(.rhel == true)) | values[].base ] | sort | unique | del(.. | select ( . == "" ) ) | @json' "$MATRIX_FILE")
|
||||
|
||||
echo "::group::Database List"
|
||||
echo "$database_list"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "list=$database_list" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Prepare Zabbix component list
|
||||
id: components
|
||||
env:
|
||||
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
||||
run: |
|
||||
component_list=$(jq -r '.components | map_values(select(.rhel == true)) | keys | @json' "$MATRIX_FILE")
|
||||
|
||||
echo "::group::Zabbix Component List"
|
||||
echo "$component_list"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "list=$component_list" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Get branch info
|
||||
id: branch_info
|
||||
@ -77,30 +152,39 @@ jobs:
|
||||
result=true
|
||||
fi
|
||||
|
||||
echo "::group::Branch data"
|
||||
echo "::group::Branch metadata"
|
||||
echo "is_default_branch - $result"
|
||||
echo "current_branch - $github_ref"
|
||||
echo "secret_prefix=RHEL_${github_ref//.}"
|
||||
echo "sha_short - $sha_short"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "is_default_branch=$result" >> $GITHUB_OUTPUT
|
||||
echo "current_branch=$github_ref" >> $GITHUB_OUTPUT
|
||||
echo "secret_prefix=RHEL_${github_ref//.}" >> $GITHUB_OUTPUT
|
||||
echo "sha_short=$sha_short" >> $GITHUB_OUTPUT
|
||||
|
||||
|
||||
- name: Prepare Zabbix component list
|
||||
id: components
|
||||
- name: Cleanup cache
|
||||
shell: bash
|
||||
env:
|
||||
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
|
||||
CURRENT_BRANCH: ${{ steps.branch_info.outputs.current_branch }}
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
REPO: ${{ github.repository }}
|
||||
BRANCH: ${{ steps.branch_info.outputs.current_branch }}
|
||||
GH_RUN_ID: ${{ github.run_id }}
|
||||
run: |
|
||||
component_list=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components | keys | @json")
|
||||
gh extension install actions/gh-actions-cache
|
||||
|
||||
echo "::group::Zabbix Component List"
|
||||
echo "$component_list"
|
||||
echo "::endgroup::"
|
||||
cache_keys=$(gh actions-cache list -R "${REPO}" -B "${BRANCH}" -L 100 --sort created-at --order desc | cut -f 1)
|
||||
|
||||
echo "list=$component_list" >> $GITHUB_OUTPUT
|
||||
## Setting this to not fail the workflow while deleting cache keys
|
||||
set +e
|
||||
echo "Deleting caches..."
|
||||
for cache_key in $cache_keys
|
||||
do
|
||||
if [[ "$cache_key" == *"${GH_RUN_ID}" ]]; then
|
||||
gh actions-cache delete $cache_key -R "${REPO}" -B "${BRANCH}" --confirm
|
||||
fi
|
||||
done
|
||||
|
||||
build_base:
|
||||
timeout-minutes: 30
|
||||
@ -110,13 +194,13 @@ jobs:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
build: [build-base]
|
||||
arch: [X64, ARM64]
|
||||
arch: ${{ fromJson(needs.init_build.outputs.platforms) }}
|
||||
runs-on: [self-hosted, linux, "${{ matrix.arch }}"]
|
||||
permissions:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 1
|
||||
|
||||
@ -137,15 +221,15 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
|
||||
tags: |
|
||||
type=sha,suffix=-${{ steps.lc.outputs.arch }}
|
||||
|
||||
- name: Build Zabbix Build Base
|
||||
- name: Build image
|
||||
id: build_image
|
||||
uses: redhat-actions/buildah-build@v2
|
||||
uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12
|
||||
with:
|
||||
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
|
||||
layers: false
|
||||
@ -154,28 +238,83 @@ jobs:
|
||||
${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile
|
||||
extra-args: |
|
||||
--pull
|
||||
--iidfile=${{ github.workspace }}/iidfile
|
||||
|
||||
- name: Image digest
|
||||
- name: Prepare image metadata
|
||||
id: image_metadata
|
||||
env:
|
||||
IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
|
||||
IMAGE_TAG: ${{ steps.build_image.outputs.image-with-tag }}
|
||||
CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
|
||||
GITHUB_WORKSPACE: ${{ github.workspace }}
|
||||
run: |
|
||||
DIGEST=$(podman inspect ${IMAGE_TAG} --format "{{ index .RepoDigests 0}}" | cut -d '@' -f2)
|
||||
echo "::group::Image digest"
|
||||
echo "$DIGEST"
|
||||
TAG_ID=$(cat $GITHUB_WORKSPACE/iidfile)
|
||||
|
||||
echo "::group::Image tag"
|
||||
echo "image_tag=$IMAGE_TAG"
|
||||
echo "::endgroup::"
|
||||
echo "::group::Image Tag ID"
|
||||
echo "tag_id=$TAG_ID"
|
||||
echo "::endgroup::"
|
||||
echo "::group::Cache file name"
|
||||
echo "$CACHE_FILE_NAME"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "$DIGEST" > "$CACHE_FILE_NAME"
|
||||
echo "$TAG_ID" > "${CACHE_FILE_NAME}_tag_id"
|
||||
echo "$IMAGE_TAG" > "${CACHE_FILE_NAME}_tag"
|
||||
|
||||
- name: Cache image digest
|
||||
uses: actions/cache@v4
|
||||
echo "image_tag_id=${TAG_ID}" >> $GITHUB_OUTPUT
|
||||
echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Cache image metadata
|
||||
uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
|
||||
path: |
|
||||
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id
|
||||
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag
|
||||
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
|
||||
- name: Push image to local storage
|
||||
id: push_image
|
||||
env:
|
||||
IMAGE_TAG: ${{ steps.image_metadata.outputs.image_tag }}
|
||||
IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }}
|
||||
IMAGE_DIR: ${{ env.IMAGE_DIR }}
|
||||
GITHUB_WORKSPACE: ${{ github.workspace }}
|
||||
run: |
|
||||
echo "::group::Result"
|
||||
echo "Image ${IMAGE_TAG} location: \"${IMAGE_DIR}/${IMAGE_TAG_ID}\""
|
||||
podman push "${IMAGE_TAG}" dir:"${IMAGE_DIR}/${IMAGE_TAG_ID}"
|
||||
echo "::endgroup::"
|
||||
|
||||
- name: Post build image
|
||||
if: ${{ success() || failure() }}
|
||||
env:
|
||||
GITHUB_WORKSPACE: ${{ github.workspace }}
|
||||
run: |
|
||||
echo "::group::Result"
|
||||
|
||||
rm -rf "$GITHUB_WORKSPACE/iidfile"
|
||||
|
||||
echo "Removing working containers"
|
||||
buildah rm -a 2>/dev/null || true
|
||||
echo "Removing container data in storage not controlled by podman"
|
||||
podman system prune --external 2>/dev/null
|
||||
echo "Removing all unused container data with volumes"
|
||||
podman system prune -a --volumes -f 2>/dev/null
|
||||
echo "Reseting podman storage to default state"
|
||||
podman system reset -f 2>/dev/null || true
|
||||
|
||||
echo "::endgroup::"
|
||||
|
||||
- name: Check on failures
|
||||
if: ${{ (cancelled() || failure()) && ( steps.push_image.outcome == 'failure' || steps.push_image.outcome == 'cancelled') }}
|
||||
env:
|
||||
IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }}
|
||||
run: |
|
||||
echo "::group::Removing orphaned image"
|
||||
rm -rf "${IMAGE_DIR}/${IMAGE_TAG_ID}"
|
||||
echo "::endgroup::"
|
||||
|
||||
build_base_database:
|
||||
timeout-minutes: 180
|
||||
needs: [ "build_base", "init_build"]
|
||||
@ -183,15 +322,14 @@ jobs:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
build: [build-mysql, build-sqlite3]
|
||||
arch: [X64, ARM64]
|
||||
build: ${{ fromJson(needs.init_build.outputs.database) }}
|
||||
arch: ${{ fromJson(needs.init_build.outputs.platforms) }}
|
||||
runs-on: [self-hosted, linux, "${{ matrix.arch }}"]
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 1
|
||||
|
||||
@ -202,41 +340,54 @@ jobs:
|
||||
run: |
|
||||
echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
- name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
|
||||
uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
|
||||
tags: |
|
||||
type=sha,suffix=-${{ steps.lc.outputs.arch }}
|
||||
|
||||
- name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
|
||||
path: |
|
||||
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id
|
||||
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag
|
||||
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
|
||||
- name: Retrieve ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag
|
||||
- name: Pull ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} image
|
||||
id: base_build
|
||||
env:
|
||||
MATRIX_ARCH: ${{ matrix.arch }}
|
||||
BASE_IMAGE: ${{ env.BASE_BUILD_NAME }}
|
||||
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
|
||||
run: |
|
||||
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}")
|
||||
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
|
||||
BASE_TAG_ID=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag_id")
|
||||
BASE_IMAGE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag")
|
||||
|
||||
echo "::group::Base build image information"
|
||||
echo "base_tag=${BASE_TAG}"
|
||||
echo "base_build_image=${BUILD_BASE_IMAGE}"
|
||||
echo "::group::Pull image"
|
||||
echo "podman pull dir:\"${IMAGE_DIR}/${BASE_TAG_ID}\""
|
||||
podman pull dir:"${IMAGE_DIR}/${BASE_TAG_ID}"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT
|
||||
echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT
|
||||
echo "::group::Tag image"
|
||||
echo "podman tag \"${BASE_TAG_ID}\" \"${BASE_IMAGE_TAG}\""
|
||||
podman tag "${BASE_TAG_ID}" "${BASE_IMAGE_TAG}"
|
||||
echo "::endgroup::"
|
||||
|
||||
- name: Build Zabbix Build Base
|
||||
echo "::group::SHA256 tag"
|
||||
DIGEST=$(podman inspect "${BASE_TAG_ID}" --format '{{ .Digest }}')
|
||||
BASE_BUILD_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${DIGEST}"
|
||||
|
||||
echo "base_build_image=${BASE_BUILD_IMAGE}"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "base_build_image=${BASE_BUILD_IMAGE}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.IMAGES_PREFIX }}${{ matrix.build }}
|
||||
tags: |
|
||||
type=sha,suffix=-${{ steps.lc.outputs.arch }}
|
||||
|
||||
- name: Build image
|
||||
id: build_image
|
||||
uses: redhat-actions/buildah-build@v2
|
||||
uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12
|
||||
with:
|
||||
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
|
||||
layers: false
|
||||
@ -244,28 +395,84 @@ jobs:
|
||||
containerfiles: |
|
||||
${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile
|
||||
build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }}
|
||||
extra-args: |
|
||||
--iidfile=${{ github.workspace }}/iidfile
|
||||
|
||||
- name: Image digest
|
||||
- name: Prepare image metadata
|
||||
id: image_metadata
|
||||
env:
|
||||
IMAGE_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
|
||||
IMAGE_TAG: ${{ steps.build_image.outputs.image-with-tag }}
|
||||
CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }}
|
||||
GITHUB_WORKSPACE: ${{ github.workspace }}
|
||||
run: |
|
||||
DIGEST=$(podman inspect ${IMAGE_TAG} --format "{{ index .RepoDigests 0}}" | cut -d '@' -f2)
|
||||
echo "::group::Image digest"
|
||||
echo "$DIGEST"
|
||||
TAG_ID=$(cat $GITHUB_WORKSPACE/iidfile)
|
||||
|
||||
echo "::group::Image tag"
|
||||
echo "image_tag=$IMAGE_TAG"
|
||||
echo "::endgroup::"
|
||||
echo "::group::Image Tag ID"
|
||||
echo "tag_id=$TAG_ID"
|
||||
echo "::endgroup::"
|
||||
echo "::group::Cache file name"
|
||||
echo "$CACHE_FILE_NAME"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "$DIGEST" > "$CACHE_FILE_NAME"
|
||||
echo "$TAG_ID" > "${CACHE_FILE_NAME}_tag_id"
|
||||
echo "$IMAGE_TAG" > "${CACHE_FILE_NAME}_tag"
|
||||
|
||||
echo "image_tag_id=${TAG_ID}" >> $GITHUB_OUTPUT
|
||||
echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Cache image digest
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache/save@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ matrix.build }}_${{ matrix.arch }}
|
||||
path: |
|
||||
${{ matrix.build }}_${{ matrix.arch }}_tag_id
|
||||
${{ matrix.build }}_${{ matrix.arch }}_tag
|
||||
key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
|
||||
- name: Push image to local storage
|
||||
id: push_image
|
||||
env:
|
||||
IMAGE_TAG: ${{ steps.image_metadata.outputs.image_tag }}
|
||||
IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }}
|
||||
IMAGE_DIR: ${{ env.IMAGE_DIR }}
|
||||
GITHUB_WORKSPACE: ${{ github.workspace }}
|
||||
run: |
|
||||
echo "::group::Result"
|
||||
echo "podman push \"${IMAGE_TAG}\" dir:\"${IMAGE_DIR}/${IMAGE_TAG_ID}\""
|
||||
podman push "${IMAGE_TAG}" dir:"${IMAGE_DIR}/${IMAGE_TAG_ID}"
|
||||
echo "::endgroup::"
|
||||
|
||||
- name: Post build image
|
||||
if: ${{ success() || failure() }}
|
||||
env:
|
||||
GITHUB_WORKSPACE: ${{ github.workspace }}
|
||||
run: |
|
||||
echo "::group::Result"
|
||||
|
||||
rm -rf "$GITHUB_WORKSPACE/iidfile"
|
||||
|
||||
echo "Removing working containers"
|
||||
buildah rm -a 2>/dev/null || true
|
||||
echo "Removing container data in storage not controlled by podman"
|
||||
podman system prune --external 2>/dev/null
|
||||
echo "Removing all unused container data with volumes"
|
||||
podman system prune -a --volumes -f 2>/dev/null
|
||||
echo "Reseting podman storage to default state"
|
||||
podman system reset -f 2>/dev/null || true
|
||||
|
||||
echo "::endgroup::"
|
||||
|
||||
- name: Check on failures
|
||||
if: ${{ (cancelled() || failure()) && ( steps.push_image.outcome == 'failure' || steps.push_image.outcome == 'cancelled') }}
|
||||
env:
|
||||
IMAGE_TAG_ID: ${{ steps.image_metadata.outputs.image_tag_id }}
|
||||
run: |
|
||||
echo "::group::Removing orphaned image"
|
||||
rm -rf "${IMAGE_DIR}/${IMAGE_TAG_ID}"
|
||||
echo "::endgroup::"
|
||||
|
||||
build_images:
|
||||
timeout-minutes: 90
|
||||
needs: [ "build_base_database", "init_build"]
|
||||
@ -274,79 +481,81 @@ jobs:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
build: ${{ fromJson(needs.init_build.outputs.components) }}
|
||||
arch: [X64, ARM64]
|
||||
arch: ${{ fromJson(needs.init_build.outputs.platforms) }}
|
||||
runs-on: [self-hosted, linux, "${{ matrix.arch }}"]
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
fetch-depth: 1
|
||||
|
||||
- name: Fix string case
|
||||
id: lc
|
||||
- name: Variables formating
|
||||
id: var_format
|
||||
env:
|
||||
ARCH: ${{ matrix.arch }}
|
||||
MATRIX_BUILD: ${{ matrix.build }}
|
||||
run: |
|
||||
echo "arch=${ARCH,,}" >> $GITHUB_OUTPUT
|
||||
MATRIX_BUILD=${MATRIX_BUILD^^}
|
||||
MATRIX_BUILD=${MATRIX_BUILD//-/_}
|
||||
|
||||
echo "::group::Result"
|
||||
echo "matrix_build=${MATRIX_BUILD}"
|
||||
echo "::endgroup::"
|
||||
echo "matrix_build=${MATRIX_BUILD}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Detect Build Base Image
|
||||
id: build_base_image
|
||||
if: ${{ matrix.build != 'snmptraps' }}
|
||||
env:
|
||||
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
|
||||
MATRIX_BUILD: ${{ matrix.build }}
|
||||
CURRENT_BRANCH: ${{ needs.init_build.outputs.current_branch }}
|
||||
MATRIX_FILE: ${{ env.MATRIX_FILE }}
|
||||
run: |
|
||||
BUILD_BASE=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".build_base")
|
||||
BUILD_BASE=$(jq -r ".components.\"$MATRIX_BUILD\".base" "$MATRIX_FILE")
|
||||
|
||||
echo "::group::Build base image"
|
||||
echo "build_base=$BUILD_BASE"
|
||||
echo "::group::Base Build Image"
|
||||
echo "$BUILD_BASE"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "build_base=$BUILD_BASE" >> $GITHUB_OUTPUT
|
||||
echo "build_base=${BUILD_BASE}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Generate image name
|
||||
id: image_name
|
||||
env:
|
||||
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
|
||||
MATRIX_BUILD: ${{ matrix.build }}
|
||||
CURRENT_BRANCH: ${{ needs.init_build.outputs.current_branch }}
|
||||
run: |
|
||||
IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".login")
|
||||
|
||||
echo "::add-mask::$IMAGE_NAME"
|
||||
echo "image_name=$IMAGE_NAME" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Generate credentials
|
||||
id: login_credentials
|
||||
env:
|
||||
REDHAT_CERTIFY_CREDENTIALS: ${{ secrets.REDHAT_CERTIFY_CREDENTIALS }}
|
||||
MATRIX_BUILD: ${{ matrix.build }}
|
||||
CURRENT_BRANCH: ${{ needs.init_build.outputs.current_branch }}
|
||||
run: |
|
||||
IMAGE_NAME=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".login")
|
||||
REGISTRY_PASSWORD=$(jq --raw-output --argjson data "$REDHAT_CERTIFY_CREDENTIALS" -n "\$data.\"$CURRENT_BRANCH\".components.\"$MATRIX_BUILD\".secret")
|
||||
|
||||
echo "::add-mask::$IMAGE_NAME"
|
||||
echo "::add-mask::redhat-isv-containers+$IMAGE_NAME-robot"
|
||||
echo "::add-mask::$REGISTRY_PASSWORD"
|
||||
|
||||
echo "username=$IMAGE_NAME" >> $GITHUB_OUTPUT
|
||||
echo "password=$REGISTRY_PASSWORD" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Log in to Quay.io
|
||||
uses: redhat-actions/podman-login@v1.6
|
||||
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
|
||||
env:
|
||||
LOGIN: ${{ steps.login_credentials.outputs.username }}
|
||||
PASSWORD: ${{ steps.login_credentials.outputs.password }}
|
||||
- name: Download metadata of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }}
|
||||
if: ${{ matrix.build != 'snmptraps' }}
|
||||
uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
username: redhat-isv-containers+${{ env.LOGIN }}-robot
|
||||
password: ${{ env.PASSWORD }}
|
||||
registry: ${{ env.REGISTRY }}
|
||||
auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }}
|
||||
path: |
|
||||
${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}_tag_id
|
||||
${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}_tag
|
||||
key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
|
||||
- name: Pull ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} image
|
||||
id: base_build
|
||||
if: ${{ matrix.build != 'snmptraps' }}
|
||||
env:
|
||||
MATRIX_ARCH: ${{ matrix.arch }}
|
||||
BASE_IMAGE: ${{ steps.build_base_image.outputs.build_base }}
|
||||
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
|
||||
run: |
|
||||
BASE_TAG_ID=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag_id")
|
||||
BASE_IMAGE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}_tag")
|
||||
|
||||
echo "::group::Pull image"
|
||||
echo "podman pull dir:\"${IMAGE_DIR}/${BASE_TAG_ID}\""
|
||||
podman pull dir:"${IMAGE_DIR}/${BASE_TAG_ID}"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "::group::Tag image"
|
||||
echo "podman tag \"${BASE_TAG_ID}\" \"${BASE_IMAGE_TAG}\""
|
||||
podman tag "${BASE_TAG_ID}" "${BASE_IMAGE_TAG}"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "::group::SHA256 tag"
|
||||
DIGEST=$(podman inspect "${BASE_TAG_ID}" --format '{{ .Digest }}')
|
||||
BASE_BUILD_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${DIGEST}"
|
||||
echo "digest=${BASE_BUILD_IMAGE}"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "base_build_image=${BASE_BUILD_IMAGE}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Remove smartmontools
|
||||
if: ${{ matrix.build == 'agent2' }}
|
||||
@ -357,9 +566,9 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ steps.image_name.outputs.image_name }}
|
||||
images: ${{ env.REGISTRY }}/${{ env.REGISTRY_NAMESPACE }}/${{ secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] || matrix.build }}
|
||||
tags: |
|
||||
type=semver,pattern={{version}}
|
||||
type=sha
|
||||
@ -367,33 +576,9 @@ jobs:
|
||||
latest=${{ github.event_name == 'release' }}
|
||||
suffix=${{ matrix.arch == 'ARM64' && '-arm64' || '' }},onlatest=true
|
||||
|
||||
- name: Download SHA256 tag of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }}
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}
|
||||
key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
|
||||
- name: Retrieve ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} SHA256 tag
|
||||
id: base_build
|
||||
env:
|
||||
MATRIX_ARCH: ${{ matrix.arch }}
|
||||
BASE_IMAGE: ${{ steps.build_base_image.outputs.build_base }}
|
||||
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
|
||||
run: |
|
||||
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}")
|
||||
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
|
||||
|
||||
echo "::group::Base build image information"
|
||||
echo "base_tag=${BASE_TAG}"
|
||||
echo "base_build_image=${BUILD_BASE_IMAGE}"
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "base_tag=${BASE_TAG}" >> $GITHUB_OUTPUT
|
||||
echo "base_build_image=${BUILD_BASE_IMAGE}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Build ${{ matrix.build }}
|
||||
- name: Build image
|
||||
id: build_image
|
||||
uses: redhat-actions/buildah-build@v2
|
||||
uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2.12
|
||||
with:
|
||||
context: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel
|
||||
layers: false
|
||||
@ -405,18 +590,27 @@ jobs:
|
||||
${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.build }}/rhel/Dockerfile
|
||||
build-args: BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }}
|
||||
|
||||
- name: Push to RedHat certification procedure
|
||||
- name: Log in to ${{ env.REGISTRY }}
|
||||
uses: redhat-actions/podman-login@9184318aae1ee5034fbfbacc0388acf12669171f # v1.6
|
||||
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
|
||||
with:
|
||||
username: ${{ format('redhat-isv-containers+{0}-robot', secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)]) }}
|
||||
password: ${{ secrets[format('{0}_{1}_SECRET', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }}
|
||||
registry: ${{ env.REGISTRY }}
|
||||
auth_file_path: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }}
|
||||
|
||||
- name: Push to RedHat certification procedure (1st)
|
||||
id: push_to_registry
|
||||
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
|
||||
uses: redhat-actions/push-to-registry@v2
|
||||
uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2.7.1
|
||||
with:
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
|
||||
- name: Preflight
|
||||
- name: Preflight certification
|
||||
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
|
||||
env:
|
||||
PFLT_DOCKERCONFIG: /tmp/.docker_${{ matrix.build }}_${{ matrix.arch }}_${{ needs.init_build.outputs.sha_short }}
|
||||
PFLT_CERTIFICATION_PROJECT_ID: ${{ steps.login_credentials.outputs.username }}
|
||||
PFLT_CERTIFICATION_PROJECT_ID: ${{ secrets[format('{0}_{1}_PROJECT', needs.init_build.outputs.secret_prefix, steps.var_format.outputs.matrix_build)] }}
|
||||
PFLT_PYXIS_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }}
|
||||
PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }}
|
||||
PFLT_LOGLEVEL: ${{ env.PFLT_LOGLEVEL }}
|
||||
@ -424,7 +618,7 @@ jobs:
|
||||
PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }}
|
||||
run: |
|
||||
mkdir -p $PFLT_ARTIFACTS
|
||||
echo "::group::Pull preflight image"
|
||||
echo "::group::Pull preflight \"$PREFLIGHT_IMAGE\" image"
|
||||
podman pull "$PREFLIGHT_IMAGE"
|
||||
echo "::endgroup::"
|
||||
|
||||
@ -445,70 +639,91 @@ jobs:
|
||||
podman rmi -i -f "$PREFLIGHT_IMAGE"
|
||||
echo "::endgroup::"
|
||||
|
||||
- name: Push to RedHat certification procedure
|
||||
- name: Push to RedHat certification procedure (all tags)
|
||||
id: push_to_registry_all_tags
|
||||
if: ${{ env.AUTO_PUSH_IMAGES == 'true' }}
|
||||
uses: redhat-actions/push-to-registry@v2
|
||||
uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2.7.1
|
||||
with:
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
|
||||
- name: Cleanup artifacts
|
||||
if: ${{ always() }}
|
||||
- name: Post Preflight certification
|
||||
if: ${{ env.AUTO_PUSH_IMAGES == 'true' && (success() || failure()) }}
|
||||
env:
|
||||
PREFLIGHT_IMAGE: ${{ env.PREFLIGHT_IMAGE }}
|
||||
PFLT_ARTIFACTS: ${{ env.PFLT_ARTIFACTS }}
|
||||
TAGS: ${{ steps.meta.outputs.tags }}
|
||||
run: |
|
||||
echo "::group::Post build actions"
|
||||
echo "$TAGS" | while IFS= read -r image_name ; do podman rmi -i -f "$image_name"; done
|
||||
echo "::group::Result"
|
||||
rm -rf "$PFLT_ARTIFACTS"
|
||||
podman rmi -i -f "$PREFLIGHT_IMAGE"
|
||||
echo "::endgroup::"
|
||||
|
||||
clean_artifacts:
|
||||
- name: Post build image
|
||||
if: ${{ success() || failure() }}
|
||||
run: |
|
||||
echo "::group::Result"
|
||||
|
||||
echo "Removing working containers"
|
||||
buildah rm -a 2>/dev/null || true
|
||||
echo "Removing container data in storage not controlled by podman"
|
||||
podman system prune --external 2>/dev/null
|
||||
echo "Removing all unused container data with volumes"
|
||||
podman system prune -a --volumes -f 2>/dev/null
|
||||
echo "Reseting podman storage to default state"
|
||||
podman system reset -f 2>/dev/null || true
|
||||
|
||||
echo "::endgroup::"
|
||||
|
||||
clear_artifacts:
|
||||
timeout-minutes: 90
|
||||
needs: [ "build_images", "init_build"]
|
||||
name: Build ${{ matrix.build }} image (${{ matrix.arch }})
|
||||
name: Clear ${{ matrix.build }} image cache (${{ matrix.arch }})
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
build: [build-mysql, build-sqlite3]
|
||||
arch: [X64, ARM64]
|
||||
build: ${{ fromJson(needs.init_build.outputs.database) }}
|
||||
arch: ${{ fromJson(needs.init_build.outputs.platforms) }}
|
||||
runs-on: [self-hosted, linux, "${{ matrix.arch }}"]
|
||||
if: ${{ always() && needs.build_base_database.result == 'success' }}
|
||||
if: ${{ needs.build_base_database.result == 'success' }}
|
||||
permissions: {}
|
||||
steps:
|
||||
- name: Download SHA256 tag of ${{ matrix.build }}:${{ matrix.arch }}
|
||||
uses: actions/cache@v4
|
||||
- name: Download metadata of ${{ matrix.build }}:${{ matrix.arch }}
|
||||
uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ matrix.build }}_${{ matrix.arch }}
|
||||
path: |
|
||||
${{ matrix.build }}_${{ matrix.arch }}_tag_id
|
||||
${{ matrix.build }}_${{ matrix.arch }}_tag
|
||||
key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
|
||||
- name: Remove ${{ matrix.build }}:${{ matrix.arch }} SHA256 tag
|
||||
- name: Remove ${{ matrix.build }}:${{ matrix.arch }} cache
|
||||
env:
|
||||
MATRIX_ARCH: ${{ matrix.arch }}
|
||||
BASE_IMAGE: ${{ matrix.build }}
|
||||
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
|
||||
CACHE_FILE_NAME: ${{ matrix.build }}_${{ matrix.arch }}
|
||||
IMAGE_DIR: ${{ env.IMAGE_DIR }}
|
||||
run: |
|
||||
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}")
|
||||
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
|
||||
echo "::group::Result"
|
||||
|
||||
podman rmi -i -f "$BUILD_BASE_IMAGE"
|
||||
BASE_TAG=$(cat "${CACHE_FILE_NAME}_tag_id")
|
||||
echo "Removing ${IMAGE_DIR}/${BASE_TAG}"
|
||||
rm -rf "${IMAGE_DIR}/${BASE_TAG}"
|
||||
|
||||
- name: Download SHA256 tag of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
|
||||
uses: actions/cache@v4
|
||||
echo "::endgroup::"
|
||||
|
||||
- name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }}
|
||||
uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
|
||||
path: |
|
||||
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id
|
||||
${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag
|
||||
key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }}
|
||||
|
||||
|
||||
- name: Remove ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} SHA256 tag
|
||||
- name: Remove ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} cache
|
||||
env:
|
||||
MATRIX_ARCH: ${{ matrix.arch }}
|
||||
BASE_IMAGE: ${{ env.BASE_BUILD_NAME }}
|
||||
IMAGES_PREFIX: ${{ env.IMAGES_PREFIX }}
|
||||
CACHE_FILE_NAME: ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}
|
||||
IMAGE_DIR: ${{ env.IMAGE_DIR }}
|
||||
run: |
|
||||
BASE_TAG=$(cat "${BASE_IMAGE}_${MATRIX_ARCH}")
|
||||
BUILD_BASE_IMAGE="${IMAGES_PREFIX}${BASE_IMAGE}@${BASE_TAG}"
|
||||
echo "::group::Result"
|
||||
|
||||
podman rmi -i -f "$BUILD_BASE_IMAGE"
|
||||
BASE_TAG=$(cat "${CACHE_FILE_NAME}_tag_id")
|
||||
echo "Removing ${IMAGE_DIR}/${BASE_TAG}"
|
||||
rm -rf "${IMAGE_DIR}/${BASE_TAG}"
|
||||
|
||||
echo "::endgroup::"
|
||||
|
28
.github/workflows/images_build_windows.yml
vendored
28
.github/workflows/images_build_windows.yml
vendored
@ -67,7 +67,7 @@ jobs:
|
||||
github.com:443
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -155,7 +155,7 @@ jobs:
|
||||
component: ${{ fromJson(needs.init_build.outputs.components) }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -169,7 +169,7 @@ jobs:
|
||||
run: cosign version
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
@ -190,7 +190,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_IMAGE_NAME }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
@ -324,7 +324,7 @@ jobs:
|
||||
$Env:DIGEST | Set-Content -Path $Env:CACHE_FILE_NAME
|
||||
|
||||
- name: Cache image digest
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
|
||||
key: ${{ env.BASE_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
@ -344,7 +344,7 @@ jobs:
|
||||
component: ${{ fromJson(needs.init_build.outputs.components) }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -358,7 +358,7 @@ jobs:
|
||||
run: cosign version
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
@ -379,7 +379,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ env.BASE_BUILD_IMAGE_NAME }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
@ -395,7 +395,7 @@ jobs:
|
||||
latest=false
|
||||
|
||||
- name: Download SHA256 tag of ${{ env.BASE_IMAGE_NAME }}:${{ matrix.os }}
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
|
||||
key: ${{ env.BASE_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
@ -551,7 +551,7 @@ jobs:
|
||||
$Env:DIGEST | Set-Content -Path $Env:CACHE_FILE_NAME
|
||||
|
||||
- name: Cache image digest
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
|
||||
key: ${{ env.BASE_BUILD_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
@ -571,7 +571,7 @@ jobs:
|
||||
component: ${{ fromJson(needs.init_build.outputs.components) }}
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }}
|
||||
fetch-depth: 1
|
||||
@ -585,7 +585,7 @@ jobs:
|
||||
run: cosign version
|
||||
|
||||
- name: Login to DockerHub
|
||||
uses: docker/login-action@v3
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
@ -606,7 +606,7 @@ jobs:
|
||||
|
||||
- name: Generate tags
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
|
||||
with:
|
||||
images: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.component }}
|
||||
context: ${{ env.TRUNK_ONLY_EVENT == 'true' && 'git' || '' }}
|
||||
@ -622,7 +622,7 @@ jobs:
|
||||
latest=false
|
||||
|
||||
- name: Download SHA256 tag of ${{ env.BASE_BUILD_IMAGE_NAME }}:${{ matrix.os }}
|
||||
uses: actions/cache@v4
|
||||
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
|
||||
with:
|
||||
path: ${{ env.BASE_BUILD_IMAGE_NAME }}_${{ matrix.os }}_${{ matrix.component }}
|
||||
key: ${{ env.BASE_BUILD_IMAGE_NAME }}-${{ matrix.os }}-${{ github.run_id }}
|
||||
|
13
.github/workflows/scorecard.yml
vendored
13
.github/workflows/scorecard.yml
vendored
@ -32,13 +32,18 @@ jobs:
|
||||
# actions: read
|
||||
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit
|
||||
|
||||
- name: "Checkout code"
|
||||
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: "Run analysis"
|
||||
uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
|
||||
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
|
||||
with:
|
||||
results_file: results.sarif
|
||||
results_format: sarif
|
||||
@ -60,7 +65,7 @@ jobs:
|
||||
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
|
||||
# format to the repository Actions tab.
|
||||
- name: "Upload artifact"
|
||||
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
with:
|
||||
name: SARIF file
|
||||
path: results.sarif
|
||||
@ -68,6 +73,6 @@ jobs:
|
||||
|
||||
# Upload the results to GitHub's code scanning dashboard.
|
||||
- name: "Upload to code-scanning"
|
||||
uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
|
||||
uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
79
.github/workflows/sonarcloud.yml
vendored
Normal file
79
.github/workflows/sonarcloud.yml
vendored
Normal file
@ -0,0 +1,79 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# This workflow helps you trigger a SonarCloud analysis of your code and populates
|
||||
# GitHub Code Scanning alerts with the vulnerabilities found.
|
||||
# Free for open source project.
|
||||
|
||||
# 1. Login to SonarCloud.io using your GitHub account
|
||||
|
||||
# 2. Import your project on SonarCloud
|
||||
# * Add your GitHub organization first, then add your repository as a new project.
|
||||
# * Please note that many languages are eligible for automatic analysis,
|
||||
# which means that the analysis will start automatically without the need to set up GitHub Actions.
|
||||
# * This behavior can be changed in Administration > Analysis Method.
|
||||
#
|
||||
# 3. Follow the SonarCloud in-product tutorial
|
||||
# * a. Copy/paste the Project Key and the Organization Key into the args parameter below
|
||||
# (You'll find this information in SonarCloud. Click on "Information" at the bottom left)
|
||||
#
|
||||
# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN
|
||||
# (On SonarCloud, click on your avatar on top-right > My account > Security
|
||||
# or go directly to https://sonarcloud.io/account/security/)
|
||||
|
||||
# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/)
|
||||
# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9)
|
||||
|
||||
name: SonarCloud analysis
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ "6.4" ]
|
||||
pull_request:
|
||||
branches: [ "6.4" ]
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
pull-requests: read # allows SonarCloud to decorate PRs with analysis results
|
||||
|
||||
jobs:
|
||||
Analysis:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Block egress traffic
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
with:
|
||||
# Disabling shallow clone is recommended for improving relevancy of reporting
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Analyze with SonarCloud
|
||||
|
||||
# You can pin the exact commit or the version.
|
||||
# uses: SonarSource/sonarcloud-github-action@49e6cd3b187936a73b8280d59ffd9da69df63ec9
|
||||
uses: SonarSource/sonarcloud-github-action@49e6cd3b187936a73b8280d59ffd9da69df63ec9 # v2.1.1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
|
||||
with:
|
||||
# Additional arguments for the sonarcloud scanner
|
||||
args:
|
||||
# Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
|
||||
# mandatory
|
||||
-Dsonar.projectKey=zabbix_zabbix-docker
|
||||
-Dsonar.organization=zabbix
|
||||
# Comma-separated paths to directories containing main source files.
|
||||
#-Dsonar.sources= # optional, default is project base directory
|
||||
# When you need the analysis to take place in a directory other than the one from which it was launched
|
||||
#-Dsonar.projectBaseDir= # optional, default is .
|
||||
# Comma-separated paths to directories containing test source files.
|
||||
#-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
|
||||
# Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
|
||||
#-Dsonar.verbose= # optional, default is false
|
41
.pre-commit-config.yaml
Normal file
41
.pre-commit-config.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
repos:
|
||||
- repo: https://github.com/gitleaks/gitleaks
|
||||
rev: v8.16.3
|
||||
hooks:
|
||||
- id: gitleaks
|
||||
- repo: https://github.com/jumanjihouse/pre-commit-hooks
|
||||
rev: 3.0.0
|
||||
hooks:
|
||||
- id: shellcheck
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v4.5.0
|
||||
hooks:
|
||||
- id: end-of-file-fixer
|
||||
exclude: |
|
||||
(?x)(
|
||||
^env_vars/\.MYSQL |
|
||||
^env_vars/\.POSTGRES
|
||||
)
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v4.5.0
|
||||
hooks:
|
||||
- id: trailing-whitespace
|
||||
exclude: |
|
||||
(?x)(
|
||||
.*\.patch$
|
||||
)
|
||||
- id: check-yaml
|
||||
args: [--allow-multiple-documents]
|
||||
- id: check-symlinks
|
||||
# - id: pretty-format-json
|
||||
- id: check-added-large-files
|
||||
#- repo: https://github.com/adrienverge/yamllint.git
|
||||
# rev: v1.21.0 # or higher tag
|
||||
# hooks:
|
||||
# - id: yamllint
|
||||
# args: [--format, parsable, --strict]
|
||||
#- repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt
|
||||
# rev: 0.2.3
|
||||
# hooks:
|
||||
# - id: yamlfmt
|
||||
# args: [--mapping, '2', --sequence, '1', --offset, '0', --colons, --width, '400']
|
@ -58,7 +58,7 @@ RUN set -eux && \
|
||||
shadow-utils \
|
||||
pcre \
|
||||
libcurl" && \
|
||||
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
|
||||
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
|
||||
microdnf -y install \
|
||||
|
@ -60,7 +60,7 @@ RUN set -eux && \
|
||||
smartmontools \
|
||||
sudo \
|
||||
libcurl" && \
|
||||
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
|
||||
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
|
||||
microdnf -y install \
|
||||
|
@ -82,7 +82,7 @@ RUN set -eux && \
|
||||
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
|
||||
rm -rf database/mysql/create.sql && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -76,7 +76,7 @@ RUN set -eux && \
|
||||
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
|
||||
rm -rf database/mysql/create.sql && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -63,7 +63,7 @@ RUN set -eux && \
|
||||
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
|
||||
rm -rf database/mysql/create.sql && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -86,7 +86,7 @@ RUN set -eux && \
|
||||
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
|
||||
rm -rf database/mysql/create.sql && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -82,7 +82,7 @@ RUN set -eux && \
|
||||
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
|
||||
rm -rf database/mysql/create.sql && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -82,7 +82,7 @@ RUN set -eux && \
|
||||
gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
|
||||
rm -rf database/postgresql/create.sql && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -76,7 +76,7 @@ RUN set -eux && \
|
||||
gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
|
||||
rm -rf database/postgresql/create.sql && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -63,7 +63,7 @@ RUN set -eux && \
|
||||
gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
|
||||
rm -rf database/postgresql/create.sql && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -82,7 +82,7 @@ RUN set -eux && \
|
||||
gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
|
||||
rm -rf database/postgresql/create.sql && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -72,7 +72,7 @@ RUN set -eux && \
|
||||
make -j"$(nproc)" -s dbschema && \
|
||||
make -j"$(nproc)" -s && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -66,7 +66,7 @@ RUN set -eux && \
|
||||
make -j"$(nproc)" -s dbschema && \
|
||||
make -j"$(nproc)" -s && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -53,7 +53,7 @@ RUN set -eux && \
|
||||
make -j"$(nproc)" -s dbschema && \
|
||||
make -j"$(nproc)" -s && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -76,7 +76,7 @@ RUN set -eux && \
|
||||
make -j"$(nproc)" -s dbschema && \
|
||||
make -j"$(nproc)" -s && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -72,7 +72,7 @@ RUN set -eux && \
|
||||
make -j"$(nproc)" -s dbschema && \
|
||||
make -j"$(nproc)" -s && \
|
||||
mkdir /tmp/fonts/ && \
|
||||
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
|
||||
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
|
||||
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
|
||||
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \
|
||||
|
@ -73,7 +73,7 @@ RUN set -eux && \
|
||||
pcre \
|
||||
gzip \
|
||||
unixODBC" && \
|
||||
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
|
||||
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
|
||||
microdnf -y module enable mysql && \
|
||||
|
@ -70,7 +70,7 @@ RUN set -eux && \
|
||||
pcre \
|
||||
sqlite-libs \
|
||||
unixODBC" && \
|
||||
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
|
||||
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
|
||||
microdnf -y install \
|
||||
|
@ -74,7 +74,7 @@ RUN set -eux && \
|
||||
pcre \
|
||||
gzip \
|
||||
unixODBC" && \
|
||||
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
|
||||
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
|
||||
microdnf -y module enable mysql && \
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -66,7 +66,7 @@ RUN set -eux && \
|
||||
php-mbstring \
|
||||
php-mysqlnd \
|
||||
php-xml" && \
|
||||
curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
||||
rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
|
||||
rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
|
||||
microdnf -y module enable mysql && \
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -41,10 +41,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
|
||||
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
|
||||
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_KEY'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
|
||||
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
|
||||
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['SP_CERT'] = '';
|
||||
}
|
||||
|
||||
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
|
||||
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
|
||||
}
|
||||
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
|
||||
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
|
||||
}
|
||||
else {
|
||||
$SSO['IDP_CERT'] = '';
|
||||
}
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
@ -1,9 +1,10 @@
|
||||
![logo](https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png)
|
||||
|
||||
[![Build images (DockerHub)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml/badge.svg?branch=5.0&event=release)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml)
|
||||
[![Build images (DockerHub)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml/badge.svg?branch=5.0&event=push)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml)
|
||||
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/zabbix/zabbix-docker/badge)](https://securityscorecards.dev/viewer/?uri=github.com/zabbix/zabbix-docker)
|
||||
<a href="https://bestpractices.coreinfrastructure.org/projects/8395" style="display: inline;"><img src="https://bestpractices.coreinfrastructure.org/projects/8395/badge" style="display: inline;"></a>
|
||||
[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=zabbix_zabbix-docker&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=zabbix_zabbix-docker)
|
||||
|
||||
[![Build images (DockerHub, Windows)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml/badge.svg?branch=5.0&event=release)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml)
|
||||
[![Build images (DockerHub)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml/badge.svg?branch=5.0&event=push)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build.yml)
|
||||
[![Build images (DockerHub, Windows)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml/badge.svg?branch=5.0&event=push)](https://github.com/zabbix/zabbix-docker/actions/workflows/images_build_windows.yml)
|
||||
|
||||
# What is Zabbix?
|
||||
|
32
SECURITY.md
Normal file
32
SECURITY.md
Normal file
@ -0,0 +1,32 @@
|
||||
# Disclosure policy
|
||||
|
||||
In Zabbix we use the term "**responsible disclosure**", which means we have a policy on how we are disclosing all security issues that come to our attention, but only after the issues has been resolved and all customers with support contracts are given time to upgrade or patch their installations.
|
||||
|
||||
We kindly ask that when you are reporting a security issue, you follow the same guidelines and share the details only with the Zabbix Security team.
|
||||
|
||||
# Before reporting the issue:
|
||||
|
||||
Make sure that the issue you are submitting is not related to server configuration, 3rd party scripts and utilities. In order to avoid any possible issues with server configuration we advise Zabbix users to read [Best practices for secure Zabbix setup](https://www.zabbix.com/documentation/current/manual/installation/requirements/best_practices).
|
||||
|
||||
# How to report a security issue?
|
||||
|
||||
[Create a new issue](https://support.zabbix.com/secure/CreateIssue.jspa) in the Zabbix Security Reports (ZBXSEC) section of the public bug tracker describing the problem (and a proposed solution if possible) in detail. This way we can ensure that only Zabbix security team and the reporter have access to the case.
|
||||
|
||||
The following information will be helpful for Zabbix Security team:
|
||||
|
||||
- Date and time when you identified the security defect.
|
||||
- Affected Zabbix version range.
|
||||
- Type of security issue you are reporting, e.g.: XSS, CSRF, SQLi, RCE.
|
||||
- Affected components, e.g.: Image, Frontend, Server, Agent, API.
|
||||
- Any details you can provide, e.g. screenshots, screen recordings, http(s) transaction logs, POC exploits (please do not share any evidence via unauthenticated file sharing services and avoid sharing sensitive information, as if Zabbix Security team decides that this issue does not fit Security defect description it might be moved to ZBX project and the issue will be visible to all users).
|
||||
- Step by step instructions to reproduce the issue as the problem might not be easily identifiable.
|
||||
|
||||
# How Zabbix deals with reported security issues:
|
||||
|
||||
1. Zabbix Security team reviews the issue and evaluates its potential impact.
|
||||
2. If the security issue is found not to be related to security then the issue will be moved to ZBX project.
|
||||
3. Zabbix security team works on the issue to provide a solution and keeps all details on the problem until the next version of Zabbix is out.
|
||||
4. New images are created and made available for download on [https://www.zabbix.com/container_images](https://www.zabbix.com/container_images), [https://hub.docker.com/u/zabbix](http://hub.docker.com/r/zabbix/) and [Red Hat Certified Container Catalog](https://catalog.redhat.com/software/containers/search?vendor_name=Zabbix%20Sia&p=1)
|
||||
5. Zabbix requests [CVE identifiers](https://cve.mitre.org/) for the security issue.
|
||||
6. Clients with valid support agreements are emailed giving a period of time when it is possible to upgrade before the issue becomes known to the public.
|
||||
7. A public announcement for the community is made.
|
51
build.json
51
build.json
@ -6,38 +6,41 @@
|
||||
"linux/arm64",
|
||||
"linux/s390x"
|
||||
],
|
||||
"ol": [
|
||||
"linux/amd64",
|
||||
"linux/arm64"
|
||||
],
|
||||
"ubuntu": [
|
||||
"linux/amd64",
|
||||
"linux/arm/v7",
|
||||
"linux/arm64",
|
||||
"linux/s390x"
|
||||
],
|
||||
"centos": [
|
||||
"linux/amd64",
|
||||
"linux/arm64",
|
||||
"linux/ppc64le"
|
||||
],
|
||||
"ol": [
|
||||
"linux/amd64",
|
||||
"linux/arm64"
|
||||
],
|
||||
"rhel": [
|
||||
"X64"
|
||||
],
|
||||
"ubuntu": [
|
||||
"linux/amd64",
|
||||
"linux/arm/v7",
|
||||
"linux/arm64",
|
||||
"linux/s390x"
|
||||
]
|
||||
},
|
||||
"os-windows": {
|
||||
"windows-2022": "ltsc2022",
|
||||
"windows-2019": "ltsc2019"
|
||||
"windows-2019": "ltsc2019",
|
||||
"windows-2022": "ltsc2022"
|
||||
},
|
||||
"components": {
|
||||
"agent": "build-mysql",
|
||||
"agent2": "build-mysql",
|
||||
"java-gateway": "build-mysql",
|
||||
"proxy-mysql": "build-mysql",
|
||||
"proxy-sqlite3": "build-sqlite3",
|
||||
"server-mysql": "build-mysql",
|
||||
"server-pgsql": "build-pgsql",
|
||||
"snmptraps": "",
|
||||
"web-apache-mysql": "build-mysql",
|
||||
"web-apache-pgsql": "build-pgsql",
|
||||
"web-nginx-mysql": "build-mysql",
|
||||
"web-nginx-pgsql": "build-mysql"
|
||||
"agent": { "base": "build-mysql", "rhel": true },
|
||||
"agent2": { "base": "build-mysql", "rhel": true },
|
||||
"java-gateway": { "base": "build-mysql", "rhel": true },
|
||||
"proxy-mysql": { "base": "build-mysql", "rhel": true },
|
||||
"proxy-sqlite3": { "base": "build-sqlite3", "rhel": true },
|
||||
"server-mysql": { "base": "build-mysql", "rhel": true },
|
||||
"server-pgsql": { "base": "build-pgsql", "rhel": false },
|
||||
"snmptraps": { "base": "", "rhel": true },
|
||||
"web-apache-mysql": { "base": "build-mysql", "rhel": false },
|
||||
"web-apache-pgsql": { "base": "build-pgsql", "rhel": false },
|
||||
"web-nginx-mysql": { "base": "build-mysql", "rhel": true },
|
||||
"web-nginx-pgsql": { "base": "build-mysql", "rhel": false }
|
||||
}
|
||||
}
|
@ -586,12 +586,6 @@ spec:
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 3
|
||||
failureThreshold: 40
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: 10051
|
||||
timeoutSeconds: 3
|
||||
failureThreshold: 3
|
||||
periodSeconds: 10
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
privileged: false
|
||||
|
Loading…
Reference in New Issue
Block a user