Skip to content

Latest commit

 

History

History
120 lines (79 loc) · 4.37 KB

CONTRIBUTING.md

File metadata and controls

120 lines (79 loc) · 4.37 KB

Contributing to the Conjur base image

Thanks for your interest in the Conjur base image. We welcome contributions!

For general contribution and community guidelines, please see the community repo.

Table of Contents

Prerequisites

Before getting started, you should install some developer tools.

  1. git to manage source code
  2. Docker to manage dependencies and runtime environments

Contributing

Contributing workflow

  1. Search our open issues in GitHub to see what features are planned.

  2. Select an existing issue or open a new issue to propose changes or fixes.

  3. Add the implementing label to the issue that you open or modify.

  4. Run existing tests locally and ensure they pass.

  5. Create a branch and add your changes. Include appropriate tests and ensure that they pass.

  6. Ensure the changelog contains all relevant recent changes with references to GitHub issues or PRs, if possible.

  7. Submit a pull request, linking the issue in the description (e.g. Connected to #123).

  8. Add the implemented label to the issue and request that a CyberArk engineer reviews and merges your code.

From here your pull request is reviewed. Once you have implemented all reviewer feedback, your code is merged into the project. Congratulations, you're a contributor!

Development

It's easy to get started with Conjur base image

  1. Install dependencies

  2. Clone this repository

To build Ubuntu base image:

$ ./ubuntu-ruby-fips/build.sh

Testing

Tests are defined in test.yaml using GoogleContainerTools/container-structure-test. To run tests, build image and execute

docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $(pwd):/workspace \
gcr.io/gcp-runtimes/container-structure-test:latest \
test --image "image:tag" --config "/workspace/test.yml" --test-report "/workspace/test-results/report.json"

Alternatively, you can run the ./{image-name}/test.sh script after building the image and view the results in the ./test-results/ folder.

Security testing

To run vulnerability scanning using trivy execute

docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \
-v ${pwd}:/workspace \
aquasec/trivy:latest \
--no-progress --ignorefile /workspace/.trivyignore --ignore-unfixed "image:tag"

Releasing

Our base images use our automated release process to propagate out everywhere they're used. To make a new release:

  1. Create a new branch for your changes.
  2. When the build passes with your changes in the branch, make the PR, get it approved, and merge it.
  3. Merging to main will automatically trigger a release build.
  4. The release build will automatically trigger downstream builds to update them. Look at the very end of the Jenkins log for links to those builds if you want to see what was triggered.
  5. That's it. There is no more, even though this feels too easy.

Pulling Upstream Image Changes

On occasion, our security scans will fail due to security issues detected in upstream images. When this happens, a new release needs to be created to pull upstream changes (and rebuild our images based on the new upstream base image(s)).

To trigger a new release with upstream changes:

  1. From the Jenkins Conjur Base Image page, create a build with parameters.

    Create Build with Parameters

  2. Select "Release" from the "Mode" dropdown and click the "Build" button:

    Trigger Release