Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Tekton task to configure sealights for Python. #86

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add Tekton task to configure sealights for Python. #86

wants to merge 1 commit into from

Conversation

ascerra
Copy link
Collaborator

@ascerra ascerra commented Jan 6, 2025
edited
Loading

Description

This pull request adds a new Tekton task that makes it easier to configure Python code with Sealights for quality analytics. It retrieves the source code from a trusted artifact, installs Python Sealights agent, configures the app for sealights using vars from your pipeline run, scans all .py files that are not in the --exclude step above and reports scan to sealights, and stores results to be used later on in testing.

A README file is included with clear instructions and an example pipeline to help you get started quickly

Testing

This was tested using this PR where I created a pipeline for the todo-list python example app and ran robot tests in an integration test scenario
ascerra/todo-list-app#15

  • I covered both syntax for when it is a PR and not a PR in the most recent two konflux builds.

@ascerra
Copy link
Collaborator Author

ascerra commented Jan 6, 2025
edited
Loading

@flacatus I'm reusing some of your documentation for this.

This line here
It retrieves source code from a trusted artifact, instruments it with Sealights, and creates a new trusted artifact with the instrumented code.

I'm confused about the last "part creates a new trusted artifact with the instrumented code."
If this is happening in the go instrumentation task that you created then why in these docs do you specify
For Go projects, you need a second build task after the prefetch-dependencies task to generate a trusted artifact containing the instrumented code.

what is the difference between the create-trusted-artifact task in the go-instrumentation task and building a trusted artifact with the build-sealights-container task?

I'm just wondering if maybe I don't need the create-trusted-artifact task here for the python use case

UPDATE:
I remove the create-trusted-artifact task in the python-instrumentation task and everything worked as expected so it would seem that that step in the task is not needed. (working run is here)

@ascerra ascerra force-pushed the python-sealights-task branch 5 times, most recently from 837e1d8 to 7c46ffe Compare January 6, 2025 23:45
@flacatus
Copy link
Collaborator

flacatus commented Jan 7, 2025

what is the difference between the create-trusted-artifact task in the go-instrumentation task and building a trusted artifact with the build-sealights-container task?

@ascerra Golang projects need to inject the sealights package in the source code. go-instrumentation task just instrument the code, and generate the trusted-artifact that will be passed to the build-sealights-container task to build the second container.

I'm just wondering if maybe I don't need the create-trusted-artifact task here for the python use case

No, Definetly for Pyhton and NodeJs you dont need a second build; that mean you dont need the trusted artifacts

@flacatus flacatus self-requested a review January 7, 2025 10:21
@ascerra ascerra force-pushed the python-sealights-task branch 17 times, most recently from b349d88 to 2c318a4 Compare January 8, 2025 20:31
psturc
psturc reviewed Jan 10, 2025
View reviewed changes
Copy link
Member

@psturc psturc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a couple of minor comments/suggestions

docs/qe-available-tasks/sealights/python-instrumentation/python-instrumentation.md Outdated Show resolved Hide resolved
docs/qe-available-tasks/sealights/python-instrumentation/python-instrumentation.md Outdated Show resolved Hide resolved
docs/qe-available-tasks/sealights/python-instrumentation/python-instrumentation.md Outdated Show resolved Hide resolved
docs/qe-available-tasks/sealights/python-instrumentation/python-instrumentation.md Outdated Show resolved Hide resolved
docs/qe-available-tasks/sealights/python-instrumentation/python-instrumentation.md Outdated Show resolved Hide resolved
tasks/sealights/sealights-python/0.1/sealights-python.yaml Outdated Show resolved Hide resolved
tasks/sealights/sealights-python/0.1/sealights-python.yaml Outdated Show resolved Hide resolved
tasks/sealights/sealights-python/0.1/sealights-python.yaml Outdated Show resolved Hide resolved
@ascerra ascerra changed the title WIP: Add Tekton task to configure sealights for Python. Add Tekton task to configure sealights for Python. Jan 10, 2025
@ascerra ascerra force-pushed the python-sealights-task branch 2 times, most recently from 4a9b995 to a212be1 Compare January 10, 2025 15:27
@ascerra ascerra force-pushed the python-sealights-task branch from a212be1 to b4854b6 Compare January 10, 2025 20:50
@ascerra ascerra force-pushed the python-sealights-task branch from b4854b6 to 7c51ca5 Compare January 14, 2025 00:57
psturc
psturc reviewed Jan 14, 2025
View reviewed changes
Copy link
Member

@psturc psturc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some final questions and comments 🙈

tasks/sealights/sealights-python/0.1/README.md Outdated Show resolved Hide resolved
docs/qe-available-tasks/sealights/python-instrumentation/python-instrumentation.md Outdated Show resolved Hide resolved
tasks/sealights/sealights-python/0.1/sealights-python.yaml Outdated Show resolved Hide resolved
tasks/sealights/sealights-python/0.1/sealights-python.yaml Show resolved Hide resolved
@ascerra ascerra force-pushed the python-sealights-task branch from 7c51ca5 to 0478242 Compare January 14, 2025 19:11
@flacatus
Copy link
Collaborator

flacatus commented Jan 16, 2025
edited
Loading

@ascerra can you include the jira link in the commit?

git commit -a -m "feat(KFLUXDP-XYZ): >>commit-message<< "

@ascerra ascerra force-pushed the python-sealights-task branch 10 times, most recently from 041bb7e to 90222d3 Compare January 20, 2025 18:50
@ascerra ascerra force-pushed the python-sealights-task branch from 90222d3 to 5d1e94d Compare January 20, 2025 19:44
psturc
psturc reviewed Jan 22, 2025
View reviewed changes
docs/qe-available-tasks/sealights/python-instrumentation/python-instrumentation.md Outdated
Comment on lines 97 to 98
- name: sealights-secret
value: "sealights-credentials"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this one should be removed now

@ascerra ascerra force-pushed the python-sealights-task branch 3 times, most recently from f05a05b to 1bc9d3d Compare January 22, 2025 19:15
@ascerra
feat(KFLUXDP-94): Add Tekton task to configure sealights for Python.
0b83e56 
Signed-off-by: Adam Scerra <ascerra@redhat.com>
@ascerra ascerra force-pushed the python-sealights-task branch from 1bc9d3d to 0b83e56 Compare January 22, 2025 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@psturc psturc psturc approved these changes

@flacatus flacatus flacatus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ascerra @flacatus @psturc