NR-110006 chore: Update gostatsd base version to 35.1.19. Bump alpine…

… to 3.17.3 (#41)

* NR-110006 chore: Update gostatsd base version to 35.1.19. Bump alpine to 3.17.3

* test arm before amd

* ci: run integrations tests in ubuntu

* dockerx

.github/workflows/nightly.yml

@@ -0,0 +1,49 @@
+name: Nightly build
+on:
+  schedule:
+    - cron: "0 3 * * *"
+  push:
+    branches:
+      - master
+
+
+env:
+  BASE_IMAGE_TAG: 3.17.3
+  GOSTATSD_TAG: 35.1.19
+  SNYK_TOKEN: ${{ secrets.CAOS_SNYK_TOKEN }}
+  TEST_IMAGE: "newrelic/nri-statsd:nightly"
+
+jobs:
+  trivy_scanner:
+    name: Security scanner for docker image
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
+          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
+
+      - name: Build image
+        run: |
+          make build/docker-amd64 BASE_IMAGE_TAG=${{ env.BASE_IMAGE_TAG }} GOSTATSD_TAG=${{ env.GOSTATSD_TAG }}
+
+      - name: Run Snyk to check Docker image for vulnerabilities
+        uses: snyk/actions/docker@master
+        env:
+          SNYK_TOKEN: ${{ env.SNYK_TOKEN }}
+        with:
+          image: ${{ env.TEST_IMAGE }}
+          args: --file=Dockerfile --severity-threshold=high
+
+      - name: Run Trivy to check Docker image for vulnerabilities
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ env.TEST_IMAGE }}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: "CRITICAL,HIGH"

.github/workflows/publish.yaml

@@ -9,8 +9,8 @@ on:
       - '*'
 
 env:
-  BASE_IMAGE_TAG: 3.16.2
-  GOSTATSD_TAG: 35.1.2
+  BASE_IMAGE_TAG: 3.17.3
+  GOSTATSD_TAG: 35.1.19
 
 jobs:
   push_to_registry:

.github/workflows/security.yaml

@@ -10,8 +10,8 @@ on:
       - README.md
 
 env:
-  BASE_IMAGE_TAG: 3.16.2
-  GOSTATSD_TAG: 35.1.2
+  BASE_IMAGE_TAG: 3.17.3
+  GOSTATSD_TAG: 35.1.19
   SNYK_TOKEN: ${{ secrets.CAOS_SNYK_TOKEN }}
   TEST_IMAGE: "newrelic/nri-statsd:test"
 
@@ -38,6 +38,7 @@ jobs:
           SNYK_TOKEN: ${{ env.SNYK_TOKEN }}
         with:
           image: ${{ env.TEST_IMAGE }}
+          args: --file=Dockerfile --severity-threshold=high
 
       - name: Run Trivy to check Docker image for vulnerabilities
         uses: aquasecurity/trivy-action@master

.github/workflows/test.yaml

@@ -10,24 +10,23 @@ on:
       - README.md
 
 env:
-  BASE_IMAGE_TAG: 3.16.2
-  GOSTATSD_TAG: 35.1.2
+  BASE_IMAGE_TAG: 3.17.3
+  GOSTATSD_TAG: 35.1.19
 
 jobs:
   test:
     name: Integration tests
-    # Use macos runner to be able to run different docker images architectures.
-    runs-on: macos-11
+    runs-on: ubuntu-20.04
     strategy:
       matrix:
-        arch: [ amd64, arm64 ]
+        arch: [  arm64, amd64 ]
     steps:
       - uses: actions/checkout@v2
 
-      - name: Install docker
-        run: |
-          brew install docker colima
-          colima start --cpu 2 --memory 8
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
 
       - name: Login to DockerHub
         uses: docker/login-action@v2

Dockerfile

@@ -1,5 +1,5 @@
-ARG BASE_IMAGE_TAG=3.16
-ARG GOSTATSD_TAG=35.1.2
+ARG BASE_IMAGE_TAG=3.17
+ARG GOSTATSD_TAG=35.1.19
 
 FROM atlassianlabs/gostatsd:$GOSTATSD_TAG as gostatsd
 

Makefile

@@ -1,9 +1,9 @@
 PROJECT_WORKSPACE	?= $(CURDIR)
 DOCKER_IMAGE_NAME	?= newrelic/nri-statsd
 DOCKER_IMAGE_TAG	?= test   
-GOSTATSD_TAG		?= 35.1.2
-BASE_IMAGE_TAG		?= 3.16
-TEST_IMAGE_TAG		?= 1.19.1-alpine3.16
+GOSTATSD_TAG		?= 35.1.19
+BASE_IMAGE_TAG		?= 3.17
+TEST_IMAGE_TAG		?= 1.19.8-alpine3.17
 
 DOCKER_BUILD_CMD	?= docker build --pull \
 					--no-cache \