Release/v0.6.15 (#73)

* Add benchmark tests for GraphQL mode

* Add bench test for the api mode

* Update dependencies. Add additional details data.

* Fix bug due to trailing slash

* Update bench test

* Add trivy

* Update err messages. Update tests

.github/workflows/binaries.yml

@@ -51,7 +51,7 @@ jobs:
     needs:
       - draft-release
     env:
-      X_GO_DISTRIBUTION: "https://go.dev/dl/go1.20.11.linux-amd64.tar.gz"
+      X_GO_DISTRIBUTION: "https://go.dev/dl/go1.20.12.linux-amd64.tar.gz"
     strategy:
       matrix:
         include:
@@ -160,7 +160,7 @@ jobs:
     needs:
       - draft-release
     env:
-      X_GO_VERSION: "1.20.11-r0"
+      X_GO_VERSION: "1.20.12"
     strategy:
       matrix:
         include:
@@ -178,7 +178,7 @@ jobs:
       -
         uses: addnab/docker-run-action@v3
         with:
-          image: alpine:3.18
+          image: golang:${{ env.X_GO_VERSION }}-alpine3.18
           options: >
             --volume ${{ github.workspace }}:/build
             --workdir /build
@@ -192,8 +192,7 @@ jobs:
               gcc                                           \
               git                                           \
               gzip                                          \
-              make                                          \
-              go=${{ env.X_GO_VERSION }}
+              make                                          
 
             go version
 
@@ -267,11 +266,11 @@ jobs:
         include:
           - arch: armv6
             distro: bullseye
-            go_distribution: https://go.dev/dl/go1.20.11.linux-armv6l.tar.gz
+            go_distribution: https://go.dev/dl/go1.20.12.linux-armv6l.tar.gz
             artifact: armv6-libc
           - arch: aarch64
             distro: bullseye
-            go_distribution: https://go.dev/dl/go1.20.11.linux-arm64.tar.gz
+            go_distribution: https://go.dev/dl/go1.20.12.linux-arm64.tar.gz
             artifact: arm64-libc
           - arch: armv6
             distro: alpine_latest

.github/workflows/notify.yml

@@ -0,0 +1,50 @@
+# This is a basic workflow to help you get started with Actions
+
+name: 'Notify (DOCS)'
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - demo/docker-compose/README.md
+      - demo/kubernetes/README.md
+      - README.md
+
+  workflow_dispatch:
+
+jobs:
+  notify:
+    name: 'Notify docs about api-firewall demo docs changes'
+    runs-on: ubuntu-latest
+
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - name: GitHub API Call to notify product-docs-en
+        env:
+          FIREWALL_DOCS_TOKEN: ${{ secrets.FIREWALL_DOCS_TOKEN }}
+          PARENT_REPO: wallarm/product-docs-en
+          PARENT_BRANCH: master
+          WORKFLOW_ID: 11686992
+        run: |-
+          curl                                                         \
+              -fL --retry 3                                            \
+              -X POST                                                  \
+              -H "Accept: application/vnd.github.v3+json"              \
+              -H "Authorization: token ${{ env.FIREWALL_DOCS_TOKEN }}" \
+            https://api.github.com/repos/${{ env.PARENT_REPO }}/actions/workflows/${{ env.WORKFLOW_ID }}/dispatches \
+              -d '{"ref":"${{ env.PARENT_BRANCH }}"}'
+  dockerHubDescription:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Docker Hub Description
+        uses: peter-evans/dockerhub-description@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          repository: wallarm/api-firewall
+          short-description: ${{ github.event.repository.description }}

.github/workflows/trivy.yml

@@ -0,0 +1,44 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: trivy
+
+on:
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Build
+    runs-on: "ubuntu-20.04"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -t wallarm/api-firewall:${{ github.sha }} .
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
+        with:
+          image-ref: 'wallarm/api-firewall:${{ github.sha }}'
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'

Makefile

@@ -1,4 +1,4 @@
-VERSION := 0.6.12
+VERSION := 0.6.15
 
 .DEFAULT_GOAL := build
 
@@ -15,6 +15,10 @@ tidy:
 test:
 	go test ./... -count=1 -race -cover
 
+bench:
+	GOMAXPROCS=1 go test -v -bench=. -benchtime=1000x -count 5 -benchmem -run BenchmarkWSGraphQL ./cmd/api-firewall/tests
+	GOMAXPROCS=4 go test -v -bench=. -benchtime=1000x -count 5 -benchmem -run BenchmarkWSGraphQL ./cmd/api-firewall/tests
+
 genmocks:
 	mockgen -source ./internal/platform/proxy/chainpool.go -destination ./internal/platform/proxy/httppool_mock.go -package proxy
 	mockgen -source ./internal/platform/database/database.go -destination ./internal/platform/database/database_mock.go -package database