-
Notifications
You must be signed in to change notification settings - Fork 314
/
Copy pathgrafana-image-renderer.yaml
74 lines (65 loc) · 1.98 KB
/
grafana-image-renderer.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package:
name: grafana-image-renderer
version: "3.12.3"
epoch: 0
description: A Grafana backend plugin that handles rendering of panels & dashboards to PNGs using headless browser (Chromium/Chrome)
copyright:
- license: Apache-2.0
target-architecture:
- x86_64
dependencies:
runtime:
- busybox
- chromium
- dumb-init
- nodejs
environment:
contents:
packages:
- build-base
- busybox
- ca-certificates-bundle
- nodejs
- scanelf
- ttf-dejavu
- yarn
pipeline:
- uses: git-checkout
with:
repository: https://github.com/grafana/grafana-image-renderer
tag: v${{package.version}}
expected-commit: bbd464c605927b7cc1c80f84436166ed7ad966b2
cherry-picks: |
pull/605/head/7aa89d1ab559c03a8295c39515b1ccca16051c2c: Update dompurify to 3.2.4 - fixes CVE-2025-26791
- uses: patch
with:
patches: GHSA-rhx6-c78j-4q9w.patch
- runs: |
# Bump CVE-2024-21538
yarn add cross-spawn@^7.0.5
yarn upgrade
yarn build
yarn install --production
# Node module installs multi-arch libraries, this deletes them
scanelf -R -n . | awk '/aarch64/ {print $NF}' | xargs rm -rf
mkdir -p ${{targets.destdir}}/usr/src/app/
cp -r ./proto ${{targets.destdir}}/usr/src/app/
cp -r ./build ${{targets.destdir}}/usr/src/app/
cp -r ./node_modules ${{targets.destdir}}/usr/src/app/
cp ./default.json ${{targets.destdir}}/usr/src/app/config.json
cp ./plugin.json ${{targets.destdir}}/usr/src/app/
update:
enabled: true
github:
identifier: grafana/grafana-image-renderer
strip-prefix: v
test:
pipeline:
- name: "start app"
working-directory: /usr/src/app
uses: test/daemon-check-output
with:
start: "dumb-init -- node build/app.js server --config=config.json"
timeout: 5
expected_output: |
{"level":"info","message":"HTTP Server started, listening at http://localhost:8081"}