diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml new file mode 100644 index 0000000..6b4c221 --- /dev/null +++ b/.github/workflows/docker-build.yml @@ -0,0 +1,46 @@ +name: Build and Push Docker Image for nginx-utils container +on: + push: + branches: + - mrajagopal-utils-pod + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + # Step 2: Debug: Verify api_stats.sh and repository content + - name: List repository files + run: ls -R .; pwd + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push Docker image + uses: docker/build-push-action@v2 + with: + context: . + file: nginx-utils/Dockerfile + push: true + tags: ghcr.io/nginx/nginx-utils:latest + + # Step 5: Install Trivy for Vulnerability Scanning + - name: Install Trivy + uses: aquasecurity/trivy-action@0.28.0 + with: + image-ref: ghcr.io/${{ github.repository_owner }}/nginx-utils:latest + format: json + output: vuln-report.json + + - name: Upload Vulnerability Report + uses: actions/upload-artifact@v4 + with: + name: vuln-report + path: vuln-report.json diff --git a/Makefile b/Makefile index c478dd0..a9ec57f 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,9 @@ +.PHONY: nginx-utils build install build: go build -o cmd/kubectl-nginx_supportpkg +nginx-utils: + docker buildx build --build-context project=nginx-utils --platform linux/amd64 -t nginx-utils -f nginx-utils/Dockerfile . + install: build sudo cp cmd/kubectl-nginx_supportpkg /usr/local/bin \ No newline at end of file diff --git a/nginx-utils/Dockerfile b/nginx-utils/Dockerfile new file mode 100644 index 0000000..49df160 --- /dev/null +++ b/nginx-utils/Dockerfile @@ -0,0 +1,17 @@ +FROM alpine:latest +COPY --chmod=744 nginx-utils/api_stats.sh /root/api_stats.sh + +RUN set -ex \ + && apk --update add --no-cache \ + bind-tools curl netcat-openbsd iproute2 \ + iperf tcpdump tshark bash jq \ + && rm -rf /var/cache/apk/* \ + && ln -s /usr/bin/iperf /usr/local/bin/iperf \ + && ls -altrh /usr/local/bin/iperf + +# Setting User and Home +USER root +WORKDIR /root +ENV HOSTNAME=nginx-utils + +CMD ["bash"] \ No newline at end of file diff --git a/nginx-utils/api_stats.sh b/nginx-utils/api_stats.sh new file mode 100644 index 0000000..7683310 --- /dev/null +++ b/nginx-utils/api_stats.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +# Parse command line options +set -e +set -o pipefail +while getopts "p:v:h" opt; do + case $opt in + p) API_PORT="$OPTARG" + ;; + h) echo "Usage: $0 [-p port]" + exit 0 + ;; + \?) echo "Invalid option -$OPTARG" >&2 + echo "Usage: $0 [-p port]" + exit 1 + ;; + esac +done + +if [ $OPTIND -eq 1 ]; then + echo "No options were passed, exiting ..." + echo "Usage: $(basename "$0") [-p port]" + exit 1 +fi + +if [ -z "${API_PORT}" ]; then + echo 'Missing -p arg' >&2 + exit 1 +fi + +api_versions=($(curl http://127.0.0.1:$API_PORT/api/ | sed -e 's/\[//g' -e 's/\]//g' -e 's/\,/ /g')) +API_VERSION=${api_versions[-1]} +echo "API_VERSION: $API_VERSION" + +echo "**** /api/$API_VERSION/nginx ****" ; +curl -s "127.0.0.1:$API_PORT/api/$API_VERSION/nginx" | jq .; +echo ""; + +for i in /api/$API_VERSION/processes /api/$API_VERSION/connections /api/$API_VERSION/slabs /api/$API_VERSION/http/requests /api/$API_VERSION/http/server_zones /api/$API_VERSION/http/location_zones /api/$API_VERSION/http/caches /api/$API_VERSION/http/upstreams /api/$API_VERSION/http/keyvals; do + echo "**** $i ****" ; + curl -s "127.0.0.1:$API_PORT/$i" | jq .; + echo ""; +done \ No newline at end of file