redis · egor-zalenski · Nov 12, 2024 · Nov 6, 2024 · Nov 7, 2024 · Nov 7, 2024
@@ -0,0 +1,17 @@
+name: Get current date
+
+outputs:
+  date:
+    description: Current date
+    value: ${{ steps.date.outputs.date }}
+
+runs:
+  using: 'composite'
+  steps:
+  - name: Get current date
+    id: date
+    shell: bash
+    run: |
+      DATE=$(date +'%Y-%m-%d')
+      echo "date=$DATE" >> $GITHUB_OUTPUT
+
@@ -0,0 +1,38 @@
+FROM node:20.14-alpine
+
+# runtime args and environment variables
+ARG DIST=Redis-Insight.tar.gz
+ARG NODE_ENV=production
+ARG RI_SEGMENT_WRITE_KEY
+ENV RI_SEGMENT_WRITE_KEY=${RI_SEGMENT_WRITE_KEY}
+ENV NODE_ENV=${NODE_ENV}
+ENV RI_SERVE_STATICS=true
+ENV RI_BUILD_TYPE='DOCKER_ON_PREMISE'
+ENV RI_APP_FOLDER_ABSOLUTE_PATH='/data'
+
+# this resolves CVE-2023-5363
+# TODO: remove this line once we update to base image that doesn't have this vulnerability
+RUN apk update && apk upgrade --no-cache libcrypto3 libssl3
+
+# set workdir
+WORKDIR /usr/src/app
+
+# copy artifacts built in previous stage to this one
+ADD $DIST /usr/src/app/redisinsight
+RUN ls -la /usr/src/app/redisinsight
+
+# folder to store local database, plugins, logs and all other files
+RUN mkdir -p /data && chown -R node:node /data
+
+# copy the docker entry point script and make it executable
+COPY --chown=node:node ./docker-entry.sh ./
+RUN chmod +x docker-entry.sh
+
+# since RI is hard-code to port 5000, expose it from the container
+EXPOSE 5000
+
+# don't run the node process as root
+USER node
+
+# serve the application 🚀
+ENTRYPOINT ["./docker-entry.sh", "node", "redisinsight/api/dist/src/main"]
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+# install deps
+yarn
+yarn --cwd redisinsight/api
+
+# build
+
+yarn build:statics
+yarn build:ui
+yarn --cwd ./redisinsight/api build:prod
@@ -0,0 +1,94 @@
+#!/bin/bash
+set -e
+
+PLATFORM=${PLATFORM:-'linux'}
+ARCH=${ARCH:-'x64'}
+LIBC=${LIBC:-''}
+#FILENAME="Redis-Insight-$PLATFORM.$VERSION.$ARCH.zip"
+FILENAME="Redis-Insight-web-$PLATFORM"
+if [ ! -z $LIBC ]
+then
+  FILENAME="$FILENAME-$LIBC.$ARCH.tar.gz"
+  export npm_config_target_libc="$LIBC"
+else
+  FILENAME="$FILENAME.$ARCH.tar.gz"
+fi
+
+echo "Building node modules..."
+echo "Platform: $PLATFORM"
+echo "Arch: $ARCH"
+echo "Libc: $LIBC"
+echo "npm target libc: $npm_config_target_libc"
+echo "Filname: $FILENAME"
+
+rm -rf redisinsight/api/node_modules
+
+npm_config_arch="$ARCH" \
+npm_config_target_arch="$ARCH" \
+npm_config_platform="$PLATFORM" \
+npm_config_target_platform="$PLATFORM" \
+yarn --cwd ./redisinsight/api install --production
+
+cp redisinsight/api/.yarnclean.prod redisinsight/api/.yarnclean
+yarn --cwd ./redisinsight/api autoclean --force
+
+rm -rf redisinsight/build.zip
+
+cp LICENSE ./redisinsight
+
+cd redisinsight && tar -czf build.tar.gz \
+--exclude="api/node_modules/**/build/node_gyp_bins/python3" \
+api/node_modules \
+api/dist \
+ui/dist \
+LICENSE \
+&& cd ..
+
+mkdir -p release/web
+cp redisinsight/build.tar.gz release/web/"$FILENAME"
+
+# Minify build via esbuild
+echo "Start minifing workflow"
+npm_config_arch="$ARCH" \
+npm_config_target_arch="$ARCH" \
+npm_config_platform="$PLATFORM" \
+npm_config_target_platform="$PLATFORM" \
+yarn --cwd ./redisinsight/api install
+yarn --cwd ./redisinsight/api minify:prod
+
+
+PACKAGE_JSON_PATH="./redisinsight/api/package.json"
+APP_PACKAGE_JSON_PATH="./redisinsight/package.json"
+
+# Extract dependencies from the app package.json
+BINARY_PACKAGES=$(jq -r '.dependencies | keys[]' "$APP_PACKAGE_JSON_PATH" | jq -R -s -c 'split("\n")[:-1]')
+
+echo "Binary packages to exclude during minify: $BINARY_PACKAGES"
+
+# Modify the package.json
+jq --argjson keep "$BINARY_PACKAGES" \
+  'del(.devDependencies) | .dependencies |= with_entries(select(.key as $k | $keep | index($k)))' \
+  "$PACKAGE_JSON_PATH" > temp.json && mv temp.json "$PACKAGE_JSON_PATH"
+
+npm_config_arch="$ARCH" \
+npm_config_target_arch="$ARCH" \
+npm_config_platform="$PLATFORM" \
+npm_config_target_platform="$PLATFORM" \
+yarn --cwd ./redisinsight/api install --production
+yarn --cwd ./redisinsight/api autoclean --force
+
+# Compress minified build
+cd redisinsight && tar -czf build-mini.tar.gz \
+--exclude="api/node_modules/**/build/node_gyp_bins/python3" \
+api/node_modules \
+api/dist-minified \
+ui/dist \
+LICENSE \
+&& cd ..
+
+mkdir -p release/web-mini
+cp redisinsight/build-mini.tar.gz release/web-mini/"$FILENAME"
+
+# Restore the original package.json and yarn.lock
+git restore redisinsight/api/yarn.lock redisinsight/api/package.json
+
@@ -0,0 +1,4 @@
+#!/bin/bash
+set -e
+
+find ./release -type f -name '*.tar.gz' -execdir sh -c 'sha256sum "$1" > "$1.sha256"' _ {} \;
@@ -0,0 +1,83 @@
+const fs = require('fs');
+const { exec } = require("child_process");
+
+const FILENAME = process.env.FILENAME;
+const DEPS = process.env.DEPS || '';
+const file = `${FILENAME}`;
+const outputFile = `slack.${FILENAME}`;
+
+function generateSlackMessage (summary) {
+  const message = {
+    text: `DEPS AUDIT: *${DEPS}* result (Branch: *${process.env.GITHUB_REF_NAME}*)` +
+      `\nScanned ${summary.totalDependencies} dependencies` +
+      `\n<https://github.com/RedisInsight/RedisInsight/actions/runs/${process.env.GITHUB_RUN_ID}|View on Github Actions>`,
+    attachments: [],
+  };
+
+  if (summary.totalVulnerabilities) {
+    if (summary.vulnerabilities.critical) {
+      message.attachments.push({
+        title: 'Critical',
+        color: '#641E16',
+        text: `${summary.vulnerabilities.critical}`,
+      });
+    }
+    if (summary.vulnerabilities.high) {
+      message.attachments.push({
+        title: 'High',
+        color: '#C0392B',
+        text: `${summary.vulnerabilities.high}`,
+      });
+    }
+    if (summary.vulnerabilities.moderate) {
+      message.attachments.push({
+        title: 'Moderate',
+        color: '#F5B041',
+        text: `${summary.vulnerabilities.moderate}`,
+      });
+    }
+    if (summary.vulnerabilities.low) {
+      message.attachments.push({
+        title: 'Low',
+        color: '#F9E79F',
+        text: `${summary.vulnerabilities.low}`,
+      });
+    }
+    if (summary.vulnerabilities.info) {
+      message.attachments.push({
+        title: 'Info',
+        text: `${summary.vulnerabilities.info}`,
+      });
+    }
+  } else {
+    message.attachments.push(
+      {
+        title: 'No vulnerabilities found',
+        color: 'good'
+      }
+    );
+  }
+
+  return message;
+}
+
+async function main() {
+  const lastAuditLine = await new Promise((resolve, reject) => {
+    exec(`tail -n 1 ${file}`, (error, stdout, stderr) => {
+      if (error) {
+        return reject(error);
+      }
+      resolve(stdout);
+    })
+  })
+
+  const { data: summary } = JSON.parse(`${lastAuditLine}`);
+  const vulnerabilities = summary?.vulnerabilities || {};
+  summary.totalVulnerabilities = Object.values(vulnerabilities).reduce((totalVulnerabilities, val) => totalVulnerabilities + val)
+  fs.writeFileSync(outputFile, JSON.stringify({
+    channel: process.env.SLACK_AUDIT_REPORT_CHANNEL,
+    ...generateSlackMessage(summary),
+  }));
+}
+
+main();