Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ROX-20752: scanner-slim konflux onboarding #1429

Merged
merged 26 commits into from
Mar 12, 2024
Merged

ROX-20752: scanner-slim konflux onboarding #1429

merged 26 commits into from
Mar 12, 2024

Conversation

tommartensen
Copy link
Contributor

@tommartensen tommartensen commented Mar 4, 2024
edited
Loading

How are scanner-slim pipelines different from scanner?

-> scanner-slim only fetches repo2cpe and genesis manifests, scanner also fetches K8s & NVD definitions
-> TARGET_STAGE points to the respective stage in the Dockerfile

Multi-stage Docker build:

We have builder-common and scanner-common stages. The final scanner-slim builds on just these two.

For full scanner, in addition to builder-common and scanner-common stages, there is a stage that unzips the K8s & NVD definitions, before all are combined in the final scanner stage.

Validation

Looking at the images and confirming that slim does not have K8s & NVD definitions.

  • docker run -it --entrypoint /bin/sh quay.io/redhat-user-workloads/rh-acs-tenant/acs/scanner-slim:on-pr-1d4ab16dd540e4e82d44aededdbf6044f933e85f
  • docker run -it --entrypoint /bin/sh quay.io/redhat-user-workloads/rh-acs-tenant/acs/scanner:on-pr-1d4ab16dd540e4e82d44aededdbf6044f933e85f

Do the new pipelines match?

$ diff .tekton/scanner-slim-push.yaml .tekton/scanner-slim-pull-request.yaml 
6a7
>     build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
9c10,11
<     pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "master"
---
>     # TODO(ROX-21073): re-enable for all PR branches
>     pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && (source_branch.contains("rhtap") || source_branch.contains("konflux"))
15c17
<   name: scanner-slim-on-push
---
>   name: scanner-slim-on-pull-request
24d25
<     # TODO(ROX-20230): make release images not expire.
27c28
<     value: quay.io/redhat-user-workloads/rh-acs-tenant/acs/scanner-slim:{{revision}}
---
>     value: quay.io/redhat-user-workloads/rh-acs-tenant/acs/scanner-slim:on-pr-{{revision}}

Do the slim and full pipelines match?

diff .tekton/scanner-slim-push.yaml .tekton/scanner-push.yaml
13c13
<     appstudio.openshift.io/component: scanner-slim
---
>     appstudio.openshift.io/component: scanner
15c15
<   name: scanner-slim-on-push
---
>   name: scanner-on-push
27c28
<     value: quay.io/redhat-user-workloads/rh-acs-tenant/acs/scanner-slim:{{revision}}
---
>     value: quay.io/redhat-user-workloads/rh-acs-tenant/acs/scanner:{{revision}}
242a247,248
>                   nvd-definitions.zip \
>                   k8s-definitions.zip \
266c272
<         value: scanner-slim
---
>         value: scanner

red-hat-konflux bot and others added 2 commits March 4, 2024 11:07
@red-hat-konflux
Red Hat Konflux update scanner-slim (#1428)
9552f3b 
Co-authored-by: red-hat-konflux <rhtap@redhat.com>
@tommartensen
update pipelines
15718e4
@tommartensen tommartensen self-assigned this Mar 4, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Mar 4, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

red-hat-konflux bot and others added 15 commits March 4, 2024 11:50
@red-hat-konflux
chore(deps): update rhtap references (tm/scanner-slim-konflux-onboard…
f9bc0a4 
…ing) (#1430)

Co-authored-by: red-hat-konflux <123456+red-hat-konflux[bot]@users.noreply.github.com>
@tommartensen
only fetch support package files required for -slim
f339e67
@tommartensen
use separate dockerfile for -slim
d01c84f
@tommartensen
Merge branch 'tm/scanner-slim-konflux-onboarding' of github.com:stack…
87b07d0 
…rox/scanner into tm/scanner-slim-konflux-onboarding
@tommartensen
ignore changes to all Konflux dockerfiles
705a24b
@tommartensen
single stage
58b4abf
@tommartensen
fix
63f4439
@tommartensen
another fix
758e3aa
@tommartensen
Merge branch 'master' into tm/scanner-slim-konflux-onboarding
c00706e
@tommartensen
more dedup for labels
c90271b
@tommartensen
download all
b977d62
@tommartensen
re-org builder stages
75c7647
@tommartensen
rename intermediate stages for better understanding
1d4ab16
@red-hat-konflux
chore(deps): update rhtap references (tm/scanner-slim-konflux-onboard…
5707337 
…ing) (#1432)

Co-authored-by: red-hat-konflux <123456+red-hat-konflux[bot]@users.noreply.github.com>
@tommartensen
Merge branch 'master' into tm/scanner-slim-konflux-onboarding
e2d6df3
@tommartensen tommartensen marked this pull request as ready for review March 5, 2024 14:44
@tommartensen tommartensen requested a review from a team as a code owner March 5, 2024 14:44
@tommartensen tommartensen mentioned this pull request Mar 7, 2024
Merged
1 task
msugakov
msugakov reviewed Mar 11, 2024
View reviewed changes
Copy link
Contributor

@msugakov msugakov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM overall

image/scanner/rhel/konflux.Dockerfile Outdated Show resolved Hide resolved
image/scanner/rhel/konflux.Dockerfile Outdated Show resolved Hide resolved
image/scanner/rhel/konflux.Dockerfile Outdated Show resolved Hide resolved
image/scanner/rhel/konflux.Dockerfile Outdated Show resolved Hide resolved
image/scanner/rhel/konflux.Dockerfile Outdated Show resolved Hide resolved
.tekton/scanner-slim-push.yaml Outdated Show resolved Hide resolved
tommartensen and others added 4 commits March 12, 2024 09:09
@tommartensen @red-hat-konflux @msugakov
ROX-20750: Onboard scanner-db-slim to Konflux (#1436)
84ee52c 
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux <rhtap@redhat.com>
Co-authored-by: Misha Sugakov <537715+msugakov@users.noreply.github.com>
@tommartensen
use build-target-stage parameter
f28ae5e
@tommartensen @msugakov
Apply suggestions from code review
a3404e4 
Co-authored-by: Misha Sugakov <537715+msugakov@users.noreply.github.com>
@tommartensen
unify builder stages
87d959b
@tommartensen tommartensen requested a review from msugakov March 12, 2024 09:30
tommartensen and others added 2 commits March 12, 2024 12:14
@tommartensen
add description for new parameter
f15a471
@tommartensen @msugakov
Update image/db/rhel/konflux.Dockerfile
429ed09 
Co-authored-by: Misha Sugakov <537715+msugakov@users.noreply.github.com>
@tommartensen tommartensen requested a review from msugakov March 12, 2024 11:51
@tommartensen tommartensen merged commit f3bb6e3 into master Mar 12, 2024
22 of 23 checks passed
@tommartensen tommartensen deleted the tm/scanner-slim-konflux-onboarding branch March 12, 2024 12:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msugakov msugakov msugakov approved these changes

Assignees

@tommartensen tommartensen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tommartensen @msugakov