Issue Description

We are currently facing multiple issues across different LitmusChaos repositories which are causing pipeline failures. This issue aims to consolidate all known problems and potential improvements into a single audit report to streamline resolution efforts.

Affected Repositories and Identified Issues

• chaos-operator
• chaos-exporter
• chaos-runner
• litmus-go
• test-tools
• chaos-charts
• litmus
• litmus-docs
• litmusctl
• litmus-helm
• litmus-e2e

Common Across All Repos:

• BetterCodeHub Tool Retirement:
  • The BetterCodeHub tool is retired, and we need to migrate to an alternative, such as Sigrid, for maintaining our code quality checks.

Specific Repository Issues

1. Chaos-Operator:

   • Snyk Integration:
     • The Snyk check is currently non-functional and redundant as we are using Trivy along with Dependabot.
   • E2E Pipeline:
     • The E2E pipeline is failing due to issues with the kind cluster. Once the kind cluster issue is resolved, additional problems may arise that will require further attention.

2. Chaos-Exporter:

   • Snyk Integration:
     • Similar to chaos-operator, the Snyk check is unnecessary.
   • Security Scan - Trivy:
     • Trivy scan failing due to incorrect Dockerfile path.
   • Build Pipeline:
     • Failing due to a vulnerability in the 'net' package.
     • Security scans are incorrectly passing despite existing vulnerabilities.

3. Chaos-Runner:

   • Build Pipeline:
     • Failing due to a vulnerability in the 'net' package.

4. Litmus-Go:

   • Build and E2E Pipelines:
     • Build pipeline failing due to Trivy issues.
     • E2E pipeline tests failed.
   • Snyk Integration:
     • Redundant Snyk checks as Trivy and Dependabot are already in use.
   • Security Scan - Trivy:
     • Failing due to incorrect Dockerfile path.

5. Chaos-Charts:

   • Workflow Optimization:
     • The dispatch workflow for releases seems redundant and can be removed.

6. Litmus:

   • E2E Pipeline:
     • The E2E check is not functioning properly.

7. Litmusctl:

   • License Compliance - FOSSA:
     • The FOSSA license check is failing due to an issue with a GPL license.

8. Litmus-Helm:

   • E2E Redundancy:
     • E2E tests for chaoscenter & core seem redundant and can be removed.

9. Litmus-e2e:

   • Repository Maintenance:
     • Work is required to re-enable this repository.

Proposed Actions

• Fix identified vulnerabilities and incorrect configurations.
• Decommission redundant checks and workflows.
• Transition from retired tools to suitable alternatives.

Request

• A collaborative effort from all development and operations teams is required to address these issues promptly.
• Individual repository maintainers are requested to provide updates on the status of their respective fixes.

Conclusion

This issue serves as a centralised point for tracking and resolving all pipeline-related issues across the LitmusChaos repositories to enhance our operational efficiency and maintain the integrity of our pipelines.