Merge pull request #57 from fhoeben/add_chromium_arm64_circle

Attempt to build and test on arm64 and amd64 using upstream trunk with chromium

Author: diemol

.circleci/config.yml

@@ -19,14 +19,15 @@ body:
     validations:
       required: true
   - type: textarea
-    id: repro-command
+    id: reproduce-command
     attributes:
-      label: Command used to start Selenium Grid with Docker
+      label: Command used to start Selenium Grid with Docker (or Kubernetes)
       description: |
-        What command do you use to start Selenium Grid with Docker?
+        What command do you use to start Selenium Grid with Docker (or Kubernetes)?
       placeholder: |
         Please share the script or docker-compose file used. This will be automatically
         formatted into code, so no need for backticks.
+        If Kubernetes used, please share the YAML file, or chart values used to deploy the cluster.
         Be sure to include an SSCCE (Short, Self Contained, Correct 
         [compilable] example) http://sscce.org/
       render: shell
@@ -47,14 +48,22 @@ body:
     attributes:
       label: Operating System
       description: What host operating system are you using to run docker-selenium?
-      placeholder: Windows 10? macOS BigSur? Ubuntu?
+      placeholder: Windows 10? macOS BigSur? Ubuntu? Kubernetes (Minikube, EKS, GKE, AKS, OpenShift, Rancher, etc.) version?
     validations:
       required: true
   - type: input
     id: version
     attributes:
-      label: Docker Selenium version (tag)
+      label: Docker Selenium version (image tag)
       description: What version of Docker Selenium are you using?
-      placeholder: 4.12.1-20230920? Please use the full tag, avoid "latest"
+      placeholder: 4.16.1-20231212? Please use the full tag, avoid "latest"
     validations:
-      required: true
+      required: true
+  - type: input
+    id: chart-version
+    attributes:
+      label: Selenium Grid chart version (chart version)
+      description: What version of Selenium Grid chart are you using?
+      placeholder: 0.26.2?
+    validations:
+      required: false

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -6,6 +6,12 @@ updates:
     interval: daily
     time: '08:00'
   open-pull-requests-limit: 99
+- package-ecosystem: docker
+  directory: "/StandaloneChromium"
+  schedule:
+    interval: daily
+    time: '08:00'
+  open-pull-requests-limit: 99
 - package-ecosystem: docker
   directory: "/StandaloneFirefox"
   schedule:
@@ -36,6 +42,12 @@ updates:
     interval: daily
     time: '08:00'
   open-pull-requests-limit: 99
+- package-ecosystem: docker
+  directory: "/NodeChromium"
+  schedule:
+    interval: daily
+    time: '08:00'
+  open-pull-requests-limit: 99
 - package-ecosystem: docker
   directory: "/"
   schedule:

.github/dependabot.yml

@@ -2,28 +2,31 @@ name: Build & test
 
 on:
   push:
+    paths-ignore:
+      - '.circleci/**'
   pull_request:
+    paths-ignore:
+      - '.circleci/**'
 
 permissions:
   contents: read
 
 jobs:
   build-and-test:
-    # Skip job based on the commit message, only works in push to branches for now
-    if: contains(toJson(github.event.commits), '[skip ci]') == false
     name: Build & test Docker images with random user
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     strategy:
       matrix:
         use-random-user: [false, true]
     steps:
       - uses: actions/checkout@v4
       - name: Output Docker info
         run: docker info
-      - name: Set up Python 3.8
-        uses: actions/setup-python@v4.7.0
+      - name: Set up Python
+        uses: actions/setup-python@v5.0.0
         with:
-          python-version: 3.8
+          python-version: '3.11'
+          check-latest: true
       - name: Get branch name (only for push to branch)
         if: github.event_name == 'push'
         run: echo "BRANCH=$(echo ${PUSH_BRANCH##*/})" >> $GITHUB_ENV
@@ -41,7 +44,11 @@ jobs:
       - name: Build Docker images
         run: VERSION=${BRANCH} BUILD_DATE=${BUILD_DATE} make build
       - name: Test Docker images
-        run: USE_RANDOM_USER_ID=${USE_RANDOM_USER} VERSION=${BRANCH} BUILD_DATE=${BUILD_DATE} make test
+        uses: nick-invision/[email protected]
+        with:
+          timeout_minutes: 20
+          max_attempts: 3
+          command: |
+            USE_RANDOM_USER_ID=${USE_RANDOM_USER} VERSION=${BRANCH} BUILD_DATE=${BUILD_DATE} make test
         env:
           USE_RANDOM_USER: ${{ matrix.use-random-user }}
-

.github/workflows/build-test.yml

@@ -10,7 +10,7 @@ jobs:
     # Only continue if the commit message has '[deploy]' in it
     if: contains(toJson(github.event.commits), '[deploy]') == true
     name: Deploy Docker images
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -51,25 +51,25 @@ jobs:
           DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
           DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
       - name: Deploy new images
-        uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2
+        uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2
         with:
           timeout_minutes: 20
           max_attempts: 3
           command: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make release
       - name: Tag images as latest
-        uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2
+        uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2
         with:
           timeout_minutes: 20
           max_attempts: 3
           command: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make tag_latest
       - name: Deploy latest tag
-        uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2
+        uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2
         with:
           timeout_minutes: 20
           max_attempts: 3
           command: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make release_latest
       - name: Tag browser images
-        uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2
+        uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2
         with:
           timeout_minutes: 20
           max_attempts: 3
@@ -78,9 +78,9 @@ jobs:
         run: |
           git config --local user.email "[email protected]"
           git config --local user.name "Selenium CI Bot"
-          git commit -m "Update tag in docs and files [skip ci]" -a
+          git commit -m "Update tag in docs and files" -a
       - name: Push changes
-        uses: ad-m/github-push-action@40bf560936a8022e68a3c00e7d2abefaf01305a6 # master
+        uses: ad-m/github-push-action@master
         with:
           github_token: ${{ secrets.SELENIUM_CI_TOKEN }}
           branch: trunk

.github/workflows/deploy.yml

@@ -6,6 +6,7 @@ on:
       - trunk
     paths:
       - 'charts/selenium-grid/Chart.yaml'
+  workflow_dispatch:
 
 jobs:
   release:
@@ -23,6 +24,6 @@ jobs:
           git config user.email "[email protected]"
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.5.0
+        uses: helm/chart-releaser-action@v1.6.0
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/helm-chart-release.yml

@@ -0,0 +1,80 @@
+name: Lint and Test Helm Charts
+
+on:
+  push:
+    paths-ignore:
+      - '.circleci/**'
+  pull_request:
+    paths-ignore:
+      - '.circleci/**'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build-and-test:
+    name: Test Helm charts
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        test-strategy: [chart_test, chart_test_parallel_autoscaling]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Output Docker info
+        run: docker info
+      - name: Set up Python
+        uses: actions/[email protected]
+        with:
+          python-version: '3.11'
+          check-latest: true
+      - name: Get branch name (only for push to branch)
+        if: github.event_name == 'push'
+        run: echo "BRANCH=$(echo ${PUSH_BRANCH##*/})" >> $GITHUB_ENV
+        env:
+          PUSH_BRANCH: ${{ github.ref }}
+      - name: Get target branch name (only for PRs)
+        if: github.event_name == 'pull_request'
+        run: echo "BRANCH=$(echo ${TARGET_BRANCH##*/})" >> $GITHUB_ENV
+        env:
+          TARGET_BRANCH: ${{ github.head_ref }}
+      - name: Output branch name
+        run: echo ${BRANCH}
+      - name: Sets build date
+        run: |
+          echo "BUILD_DATE=$(date '+%Y%m%d')" >> $GITHUB_ENV
+          echo "IMAGE_REGISTRY=artifactory/selenium" >> $GITHUB_ENV
+      - name: Setup Kubernetes environment
+        run: make chart_setup_env
+      - name: Build Docker images
+        run: NAME=${IMAGE_REGISTRY} VERSION=${BRANCH} BUILD_DATE=${BUILD_DATE} make build
+      - name: Build and lint charts
+        run: |
+          BUILD_DATE=${BUILD_DATE} make chart_build
+          echo "CHART_PACKAGE_PATH=$(cat /tmp/selenium_chart_version)" >> $GITHUB_ENV
+          echo "CHART_FILE_NAME=$(basename $(cat /tmp/selenium_chart_version))" >> $GITHUB_ENV
+      - name: Setup Kubernetes cluster
+        run: NAME=${IMAGE_REGISTRY} VERSION=${BRANCH} BUILD_DATE=${BUILD_DATE} make chart_cluster_setup
+      - name: Test Selenium Grid on Kubernetes
+        uses: nick-invision/[email protected]
+        with:
+          timeout_minutes: 30
+          max_attempts: 3
+          command: |
+            NAME=${IMAGE_REGISTRY} VERSION=${BRANCH} BUILD_DATE=${BUILD_DATE} make ${{ matrix.test-strategy }}
+      - name: Cleanup Kubernetes cluster
+        if: always()
+        run: make chart_cluster_cleanup
+      - name: Upload Helm chart package
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.test-strategy }}_${{ env.CHART_FILE_NAME }}
+          path: ${{ env.CHART_PACKAGE_PATH }}
+      - name: Upload Helm chart template rendered
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.test-strategy }}_chart_template_rendered.yaml
+          path: ./tests/tests/output_deployment.yaml
+          if-no-files-found: ignore

.github/workflows/helm-chart-test.yml

@@ -11,7 +11,7 @@ permissions:
 
 jobs:
   comment:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: Label Commenter

.github/workflows/label-commenter.yml

@@ -14,12 +14,12 @@ jobs:
   action:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@be8aa5be94131386884a6da4189effda9b14aa21 # v3
+      - uses: dessant/lock-threads@v5
         with:
           process-only: 'issues'
-          issue-lock-inactive-days: '30'
+          issue-inactive-days: '30'
           issue-lock-reason: ''
-          issue-lock-comment: >
+          issue-comment: >
             This issue has been automatically locked since there
             has not been any recent activity after it was closed.
             Please open a new issue for related bugs.

.github/workflows/lock.yml

@@ -0,0 +1,53 @@
+name: Scan Dockerfile vulnerabilities
+
+on:
+  push:
+    paths:
+      - '**/Dockerfile'
+  pull_request:
+    paths:
+      - '**/Dockerfile'
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  build-and-scan:
+    name: Scan Dockerfile vulnerabilities
+    permissions: write-all
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set severity for PRs
+        if: github.event_name == 'pull_request' || github.event_name == 'push'
+        run: |
+          echo "SEVERITY=HIGH,CRITICAL" >> $GITHUB_ENV
+          echo "EXIT_CODE=1" >> $GITHUB_ENV
+      - name: Set severity for others
+        if: github.event_name != 'pull_request' && github.event_name != 'push'
+        run: |
+          echo "SEVERITY=LOW,MEDIUM,HIGH,CRITICAL" >> $GITHUB_ENV
+          echo "EXIT_CODE=0" >> $GITHUB_ENV
+      - name: Scan source code
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          format: 'sarif'
+          output: 'source-results.sarif'
+          scanners: 'vuln,secret,misconfig'
+          skip-dirs: 'tests,Video'
+          exit-code: '${{ env.EXIT_CODE }}'
+          severity: '${{ env.SEVERITY }}'
+          limit-severities-for-sarif: true
+      - name: Upload source scan results to annotations
+        if: always()
+        uses: Ayrx/sarif_to_github_annotations@master
+        with:
+          sarif_file: 'source-results.sarif'
+      - name: Upload source scan results to GitHub Security tab
+        if: github.event_name != 'pull_request'
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'source-results.sarif'
+          category: source-results