open-telemetry
/
semantic-conventions
mirror of https://github.com/open-telemetry/semantic-conventions.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: No longer run weaver as root, or give full filesystem access (#1359)

This commit is contained in:
Josh Suereth 2024-08-28 08:21:51 -04:00 committed by GitHub
parent 3c16c802e8
commit 46d9eacef9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 29 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
Makefile
View File

@ -113,33 +113,44 @@ yamllint:
# Generate markdown tables from YAML definitions # Generate markdown tables from YAML definitions
.PHONY: table-generation .PHONY: table-generation
table-generation: table-generation:
docker run --rm -v $(PWD)/model:/source -v $(PWD)/docs:/spec -v $(PWD)/templates:/weaver/templates \ docker run --rm \
-u $(id -u ${USER}):$(id -g ${USER}) \
--mount 'type=bind,source=$(PWD)/templates,target=/home/weaver/templates,readonly' \
--mount 'type=bind,source=$(PWD)/model,target=/home/weaver/source,readonly' \
--mount 'type=bind,source=$(PWD)/docs,target=/home/weaver/target' \
$(WEAVER_CONTAINER) registry update-markdown \ $(WEAVER_CONTAINER) registry update-markdown \
--registry=/source \ --registry=/home/weaver/source \
--attribute-registry-base-url=/docs/attributes-registry \ --attribute-registry-base-url=/docs/attributes-registry \
--templates=/weaver/templates \ --templates=/home/weaver/templates \
--target=markdown \ --target=markdown \
/spec /home/weaver/target
# Generate attribute registry markdown. # Generate attribute registry markdown.
.PHONY: attribute-registry-generation .PHONY: attribute-registry-generation
attribute-registry-generation: attribute-registry-generation:
docker run --rm -v $(PWD)/model:/source -v $(PWD)/docs:/spec -v $(PWD)/templates:/weaver/templates \ docker run --rm \
-u $(id -u ${USER}):$(id -g ${USER}) \
--mount 'type=bind,source=$(PWD)/templates,target=/home/weaver/templates,readonly' \
--mount 'type=bind,source=$(PWD)/model,target=/home/weaver/source,readonly' \
--mount 'type=bind,source=$(PWD)/docs,target=/home/weaver/target' \
$(WEAVER_CONTAINER) registry generate \ $(WEAVER_CONTAINER) registry generate \
--registry=/source \ --registry=/home/weaver/source \
--templates=/weaver/templates \ --templates=/home/weaver/templates \
markdown \ markdown \
/spec/attributes-registry/ /home/weaver/target/attributes-registry/
npm run fix:format npm run fix:format
# Check if current markdown tables differ from the ones that would be generated from YAML definitions (weaver). # Check if current markdown tables differ from the ones that would be generated from YAML definitions (weaver).
.PHONY: table-check .PHONY: table-check
table-check: table-check:
docker run --rm -v $(PWD)/model:/source -v $(PWD)/docs:/spec -v $(PWD)/templates:/weaver/templates \ docker run --rm \
--mount 'type=bind,source=$(PWD)/templates,target=/home/weaver/templates,readonly' \
--mount 'type=bind,source=$(PWD)/model,target=/home/weaver/source,readonly' \
--mount 'type=bind,source=$(PWD)/docs,target=/home/weaver/target,readonly' \
$(WEAVER_CONTAINER) registry update-markdown \ $(WEAVER_CONTAINER) registry update-markdown \
--registry=/source \ --registry=/home/weaver/target \
--attribute-registry-base-url=/docs/attributes-registry \ --attribute-registry-base-url=/docs/attributes-registry \
--templates=/weaver/templates \ --templates=/home/weaver/templates \
--target=markdown \ --target=markdown \
--dry-run \ --dry-run \
/spec /spec
@ -215,11 +226,14 @@ generate-gh-issue-templates:
LATEST_RELEASED_SEMCONV_VERSION := $(shell git ls-remote --tags https://github.com/open-telemetry/semantic-conventions.git | cut -f 2 | sort --reverse | head -n 1 | tr '/' ' ' | cut -d ' ' -f 3 | $(SED) 's/v//g') LATEST_RELEASED_SEMCONV_VERSION := $(shell git ls-remote --tags https://github.com/open-telemetry/semantic-conventions.git | cut -f 2 | sort --reverse | head -n 1 | tr '/' ' ' | cut -d ' ' -f 3 | $(SED) 's/v//g')
.PHONY: check-policies .PHONY: check-policies
check-policies: check-policies:
docker run --rm -v $(PWD)/model:/source -v $(PWD)/docs:/spec -v $(PWD)/policies:/policies \ docker run --rm \
-u $(id -u ${USER}):$(id -g ${USER}) \
--mount 'type=bind,source=$(PWD)/policies,target=/home/weaver/policies,readonly' \
--mount 'type=bind,source=$(PWD)/model,target=/home/weaver/source,readonly' \
${WEAVER_CONTAINER} registry check \ ${WEAVER_CONTAINER} registry check \
--registry=/source \ --registry=/home/weaver/source \
--baseline-registry=https://github.com/open-telemetry/semantic-conventions/archive/refs/tags/v$(LATEST_RELEASED_SEMCONV_VERSION).zip[model] \ --baseline-registry=https://github.com/open-telemetry/semantic-conventions/archive/refs/tags/v$(LATEST_RELEASED_SEMCONV_VERSION).zip[model] \
--policy=/policies --policy=/home/weaver/policies
# Test rego policies # Test rego policies
.PHONY: test-policies .PHONY: test-policies

2
dependencies.Dockerfile
View File

@ -3,7 +3,7 @@
# Dependabot can keep this file up to date with latest containers. # Dependabot can keep this file up to date with latest containers.
# Weaver is used to generate markdown docs, and enforce policies on the model. # Weaver is used to generate markdown docs, and enforce policies on the model.
FROM otel/weaver:0.8.0 AS weaver FROM otel/weaver:v0.9.1 AS weaver
# OPA is used to test policies enforced by weaver. # OPA is used to test policies enforced by weaver.
FROM openpolicyagent/opa:0.67.1 AS opa FROM openpolicyagent/opa:0.67.1 AS opa