Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Trivy image scanner #1912

Merged
merged 1 commit into from
Jan 29, 2024
Merged

Fix Trivy image scanner #1912

merged 1 commit into from
Jan 29, 2024

Conversation

torredil
Copy link
Member

@torredil torredil commented Jan 26, 2024
edited
Loading

What is this PR about? / Why do we need it?

This PR addresses a recurring issue with the Trivy image scanner action:

2024-01-21T00:26:20.3634014Z 2024-01-21T00:26:20.362Z	�[31mFATAL�[0m	image scan error: scan error: unable to initialize a scanner: unable to initialize a docker scanner: 4 errors occurred:
2024-01-21T00:26:20.3637568Z 	* unable to inspect the image (public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s:v0.1.3): Error response from daemon: No such image: public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s:v0.1.3
2024-01-21T00:26:20.3639509Z 	* containerd socket not found: /run/containerd/containerd.sock
2024-01-21T00:26:20.3640750Z 	* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
2024-01-21T00:26:20.3643245Z 	* GET https://public.ecr.aws/v2/ebs-csi-driver/volume-modifier-for-k8s/manifests/sha256:8e7a38bbcd7799567dd53cd912ef81d31f06354aeef15c7b9dc6a624e88ce254: TOOMANYREQUESTS: Rate exceeded
2024-01-21T00:26:20.3645075Z 
2024-01-21T00:26:20.3645084Z 
2024-01-21T00:26:20.5549268Z ##[group]Run github/codeql-action/upload-sarif@v2
2024-01-21T00:26:20.5549656Z with:
2024-01-21T00:26:20.5549873Z   sarif_file: results.sarif
2024-01-21T00:26:20.5550298Z   checkout_path: /home/runner/work/aws-ebs-csi-driver/aws-ebs-csi-driver
2024-01-21T00:26:20.5550934Z   token: ***
2024-01-21T00:26:20.5551366Z   matrix: {
  "image": "public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s:v0.1.3"
}
2024-01-21T00:26:20.5551875Z   wait-for-processing: true

More specifically, this PR fixes errors during image pulls due to unauthenticated rate limits and adds an explicit step to pull the container images before initiating the Trivy scan.

See the logs

What testing is done?

Manual

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jan 26, 2024
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jan 26, 2024
@torredil torredil force-pushed the fix-image-scanner-7821 branch from ede6c09 to 5034579 Compare January 26, 2024 19:34
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jan 26, 2024
@github-actions GitHub Actions
Copy link

Code Coverage Diff

This PR does not change the code coverage

AndrewSirenko
AndrewSirenko approved these changes Jan 26, 2024
View reviewed changes
Copy link
Contributor

@AndrewSirenko AndrewSirenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch on non-authenticated rate limits being different, and thanks for version bump.

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 26, 2024
@torredil
Fix Trivy image scanner
27819ad 
Signed-off-by: Eddie Torres <[email protected]>
@torredil torredil force-pushed the fix-image-scanner-7821 branch from 5034579 to 27819ad Compare January 26, 2024 21:20
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 26, 2024
@torredil
Copy link
Member Author

/retest

ConnorJC3
ConnorJC3 reviewed Jan 27, 2024
View reviewed changes
Copy link
Contributor

@ConnorJC3 ConnorJC3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 27, 2024
@torredil
Copy link
Member Author

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: torredil

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 29, 2024
@k8s-ci-robot k8s-ci-robot merged commit b14893f into kubernetes-sigs:master Jan 29, 2024
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ConnorJC3 ConnorJC3 ConnorJC3 left review comments

@AndrewSirenko AndrewSirenko AndrewSirenko approved these changes

Assignees

@ConnorJC3 ConnorJC3

@AndrewSirenko AndrewSirenko

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@torredil @k8s-ci-robot @ConnorJC3 @AndrewSirenko