Skip to content

Reduce the risk of misidentification of incoming traffic by verifying destination hostname when resolving incoming internet traffic; Use /proc/<pid>/root/etc/hostname for IP to hostname resolution as an alternative to /proc/<pid>/environ #531

Reduce the risk of misidentification of incoming traffic by verifying destination hostname when resolving incoming internet traffic; Use /proc/<pid>/root/etc/hostname for IP to hostname resolution as an alternative to /proc/<pid>/environ

Reduce the risk of misidentification of incoming traffic by verifying destination hostname when resolving incoming internet traffic; Use /proc/<pid>/root/etc/hostname for IP to hostname resolution as an alternative to /proc/<pid>/environ #531

Workflow file for this run

name: Build
concurrency:
group: "${{ github.repository }}${{ github.ref }}buildfork"
cancel-in-progress: true
on:
pull_request:
types:
- opened
- synchronize
push:
branches:
- main
- develop
permissions:
contents: read
packages: write
env:
REGISTRY: "dummy"
jobs:
build:
name: Build
if: github.repository != 'otterize/network-mapper' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != 'otterize/network-mapper')
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
outputs:
registry: ${{ steps.registry.outputs.registry }} # workaround since env is not available outside of steps, i.e. in calling external workflows like we later do in e2e-test
strategy:
matrix:
service:
- mapper
- sniffer
- kafka-watcher
steps:
- id: registry
run: echo "registry=${{ env.REGISTRY }}" >> "$GITHUB_OUTPUT"
- name: Checkout
uses: actions/checkout@v2
with:
submodules: recursive
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@master
with:
driver-opts: network=host
- name: Test & Build production image
uses: docker/build-push-action@v2
with:
context: src/
file: build/${{ matrix.service }}.Dockerfile
tags: ${{ env.REGISTRY }}/${{ github.actor }}/${{ matrix.service }}:${{ github.sha }}
network: host
platforms: linux/amd64
outputs: type=docker,dest=${{ matrix.service }}.tar
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
"VERSION=0.0.${{ github.run_id }}"
- uses: actions/upload-artifact@v3
with:
path: ${{ matrix.service }}.tar
name: ${{ env.REGISTRY }}_${{ github.actor }}_${{ matrix.service }}_${{ github.sha }}.tar
e2e-test:
uses: ./.github/workflows/e2e-test.yaml
name: Trigger e2e tests
# Must pass the secrets as the called workflow does not have access to the same context
with:
registry: ${{ needs.build.outputs.registry }}
mapper-tag: ${{ github.sha }}
sniffer-tag: ${{ github.sha }}
mapper-image: ${{ github.actor }}/mapper
sniffer-image: ${{ github.actor }}/sniffer
needs:
- build