fix(configs): dockerfile tarball build cluster benchmark

Author: thuongtruong109

.github/workflows/cd.yml

@@ -58,6 +58,7 @@ jobs:
       - name: 🏗️ Build & Push Cluster Benchmark Image
         run: |
           docker compose -f docker-compose.cluster.yml build --progress=plain
+          # docker build -f configs/cluster/Dockerfile.bench -t $(CLT_BENCH_IMAGE) .
 
           docker tag thuongtruong1009/${{ env.IMAGE_NAME }}:latest \
             ${{ env.REGISTRY }}/${{ github.repository }}-bench:latest

.github/workflows/ci.yml

@@ -95,7 +95,6 @@ jobs:
   replica-performance-tests:
     runs-on: ubuntu-latest
     needs: [replica-integration-tests]
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -236,6 +235,7 @@ jobs:
         with:
           name: redis-rollback-logs
           path: /tmp/redis_cluster_rollback.log
+          compression-level: 9
 
   cluster-integration-tests:
     runs-on: ubuntu-latest
@@ -273,7 +273,6 @@ jobs:
   cluster-performance-tests:
     runs-on: ubuntu-latest
     needs: [cluster-integration-tests]
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     env:
       REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
     steps:
@@ -296,6 +295,7 @@ jobs:
         with:
           name: redis-benchmark-results
           path: ./benchmark-results
+          compression-level: 9
 
       - name: Shutdown cluster services
         if: always()
@@ -322,23 +322,3 @@ jobs:
       - name: Notify on failure
         if: ${{ contains(needs.*.result, 'failure') }}
         run: echo "❌ One or more jobs failed! Check the logs for details."
-
-  # - name: Notify on success
-  #   if: ${{ needs.replica-integration-tests.result != 'failure' &&
-  #            needs.replica-performance-tests.result != 'failure' &&
-  #            needs.replica-security-scan.result != 'failure' &&
-  #            needs.cluster-health-check.result != 'failure' &&
-  #            needs.cluster-integration-tests.result != 'failure' &&
-  #            needs.cluster-performance-tests.result != 'failure' &&
-  #            needs.cluster-security-scan.result != 'failure' }}
-  #   run: echo "✅ All jobs passed! Redis cluster and replica are healthy."
-
-  # - name: Notify on failure
-  #   if: ${{ needs.replica-integration-tests.result == 'failure' ||
-  #            needs.replica-performance-tests.result == 'failure' ||
-  #            needs.replica-security-scan.result == 'failure' ||
-  #            needs.cluster-health-check.result == 'failure' ||
-  #            needs.cluster-integration-tests.result == 'failure' ||
-  #            needs.cluster-performance-tests.result == 'failure' ||
-  #            needs.cluster-security-scan.result == 'failure' }}
-  #   run: echo "❌ One or more jobs failed! Check the logs for details."

.github/workflows/toolchain.yml

@@ -62,7 +62,7 @@ jobs:
           sarif_file: hadolint-results.sarif
           wait-for-processing: true
 
-  docker-build-and-scan:
+  vulnerability-scan:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -71,14 +71,31 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
+      - name: Cache Trivy database
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/trivy
+          key: ${{ runner.os }}-trivy
+
       - name: Build Docker image
         run: |
-          docker build -t thuongtruong1009/reluster-bench -f configs/cluster/Dockerfile.bench .
+          docker build -f configs/cluster/Dockerfile -t reluster .
+          docker build -f configs/cluster/Dockerfile.bench -t reluster-bench .
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.20.0
+      - name: Run Trivy scan for reluster
+        uses: aquasecurity/trivy-action@0.28.0
         with:
-          image-ref: thuongtruong1009/reluster-bench
+          image-ref: reluster
+          format: table
+          exit-code: "1"
+          ignore-unfixed: true
+          vuln-type: "os,library"
+          severity: "CRITICAL,HIGH"
+
+      - name: Run Trivy scan for reluster-bench
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: reluster-bench
           format: table
           exit-code: "1"
           ignore-unfixed: true
@@ -117,6 +134,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+
+      # - name: Run TruffleHog
+      #   run: trufflehog filesystem --directory . --json --redact > trufflehog-results.json
+
       - name: Run TruffleHog
         uses: trufflesecurity/[email protected]
         with:
@@ -129,3 +150,4 @@ jobs:
         with:
           name: trufflehog-results
           path: trufflehog-results.json
+          compression-level: 9

Makefile

@@ -143,7 +143,6 @@ clean:
 ci:
 	act -W .github/workflows/ci.yml --rm --pull=false --secret DOCKER_USERNAME= --secret DOCKER_PASSWORD=
 
-
 demo-ping:
 # 	docker compose -f docker-compose.cluster.dev.yml up -d --build --force-recreate node-1 node-2 node-3 node-4 node-5 node-6
 # 	docker exec -it node-1 redis-cli -a $(REDIS_PASSWORD) --cluster create 127.0.0.1:6379 127.0.0.1:6380 127.0.0.1:6381 127.0.0.1:6382 127.0.0.1:6383 127.0.0.1:6384 --cluster-replicas 1 --cluster-yes

configs/cluster/Dockerfile.bench

@@ -2,18 +2,22 @@ FROM ubuntu:22.04@sha256:4e0171b9275e12d375863f2b3ae9ce00a4c53ddda176bd55868df97
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
+        ca-certificates \
         redis-tools bc build-essential autoconf automake \
-        libpcre3-dev libevent-dev pkg-config zlib1g-dev git libssl-dev wget unzip && \
+        libpcre3-dev libevent-dev pkg-config zlib1g-dev libssl-dev wget unzip && \
+    update-ca-certificates && \
     rm -rf /var/lib/apt/lists/*
 
 WORKDIR /tmp
-RUN git clone https://github.com/RedisLabs/memtier_benchmark.git /memtier_benchmark && \
-    cd /memtier_benchmark && \
+ENV MEMTIER_VERSION=2.1.0
+RUN wget -q https://github.com/RedisLabs/memtier_benchmark/archive/refs/tags/${MEMTIER_VERSION}.tar.gz -O memtier.tar.gz && \
+    tar -xzf memtier.tar.gz && \
+    cd memtier_benchmark-${MEMTIER_VERSION} && \
     autoreconf -ivf && \
     ./configure && \
     make && \
     make install && \
-    rm -rf /memtier_benchmark
+    cd / && rm -rf /tmp/*
 
 RUN groupadd -r bench && useradd -r -g bench bench
 WORKDIR /app

docker-compose.cluster.yml

@@ -83,12 +83,13 @@ services:
       context: .
       dockerfile: ./configs/cluster/Dockerfile.bench
     environment:
-      - CLUSTER_PASS=${REDIS_PASSWORD}
+      - REDIS_PASSWORD=${REDIS_PASSWORD}
       - REDIS_HOST=node-1
     networks:
       - redisnet
     volumes:
-      - ./benchmark-results:/benchmark-results
+      - ./benchmark-results:/results
+    restart: "no"
     depends_on:
       - node-1
       - node-2