Skip to content

Commit

Permalink
Merge pull request #4318 from ty-dc/release-v1.0
Browse files Browse the repository at this point in the history 
Fix TOOMANYREQUESTS failure in Trivy Action
  • Loading branch information
@weizhoublue
weizhoublue authored Nov 27, 2024
2 parents 31035eb + e206119 commit 0044fe0
Show file tree
Hide file tree
Showing 6 changed files with 68 additions and 29 deletions.
14 changes: 12 additions & 2 deletions .github/workflows/auto-upgrade-ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,8 +247,13 @@ jobs:
for ITEM in $TAR_FILES ; do
IMAGE_NAME=${ITEM%*.tar}
echo ${IMAGE_NAME}
cat test/.download/${ITEM} | docker import - ${IMAGE_NAME}:${{ needs.call_build_old_ci_image.outputs.imageTag }}
docker load -i test/.download/${ITEM}
echo "list docker images" && docker images
ITEM_IMAGE_ID=$(docker images | grep ${IMAGE_NAME%*-race}| grep ${{ needs.call_build_old_ci_image.outputs.imageTag }} | awk '{print $3}')
docker tag ${ITEM_IMAGE_ID} ${IMAGE_NAME}:${{ needs.call_build_old_ci_image.outputs.imageTag }}
done
echo "list all docker images"
docker images
- name: Prepare
id: prepare
Expand Down Expand Up @@ -326,8 +331,13 @@ jobs:
for ITEM in $TAR_FILES ; do
IMAGE_NAME=${ITEM%*.tar}
echo ${IMAGE_NAME}
cat test/.download/${ITEM} | docker import - ${IMAGE_NAME}:${{ needs.call_build_new_ci_image.outputs.imageTag }}
docker load -i test/.download/${ITEM}
echo "list docker images" && docker images
ITEM_IMAGE_ID=$(docker images | grep ${IMAGE_NAME%*-race}| grep ${{ needs.call_build_new_ci_image.outputs.imageTag }} | awk '{print $3}')
docker tag ${ITEM_IMAGE_ID} ${IMAGE_NAME}:${{ needs.call_build_new_ci_image.outputs.imageTag }}
done
echo "list all docker images"
docker images
- name: Upgrade to version ${{ needs.get_ref.outputs.new_version }}
id: upgrade
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/build-image-ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ jobs:
# docker cache after the workflow "Image CI Cache Cleaner" was terminated.
push: ${{ env.push }}
platforms: linux/amd64
outputs: type=tar,dest=/tmp/${{ matrix.name }}-race.tar
outputs: type=docker,dest=/tmp/${{ matrix.name }}-race.tar
github-token: ${{ secrets.WELAN_PAT }}
tags: |
${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ env.tag }}-race
Expand Down Expand Up @@ -231,7 +231,7 @@ jobs:
push: ${{ env.push }}
platforms: linux/amd64
github-token: ${{ secrets.WELAN_PAT }}
outputs: type=tar,dest=/tmp/${{ matrix.name }}-race.tar
outputs: type=docker,dest=/tmp/${{ matrix.name }}-race.tar
tags: |
${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ env.tag }}-race
build-args: |
Expand Down
35 changes: 33 additions & 2 deletions .github/workflows/e2e-init.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,8 +128,13 @@ jobs:
for ITEM in $TAR_FILES ; do
IMAGE_NAME=${ITEM%*.tar}
echo ${IMAGE_NAME}
cat test/.download/${ITEM} | docker import - ${IMAGE_NAME}:${{ inputs.image_tag }}
docker load -i test/.download/${ITEM}
echo "list docker images" && docker images
ITEM_IMAGE_ID=$(docker images | grep ${IMAGE_NAME%*-race}| grep ${{ inputs.image_tag }} | awk '{print $3}')
docker tag ${ITEM_IMAGE_ID} ${IMAGE_NAME}:${{ inputs.image_tag }}
done
echo "list all docker images"
docker images
# test against commit version
# https://github.com/kubernetes-sigs/kind/issues/2863
Expand Down Expand Up @@ -163,7 +168,33 @@ jobs:
-e INSTALL_KDOCTOR=true \
-e INSTALL_OVS=${INSTALL_OVS_VALUE} \
-e INSTALL_RDMA=true \
-e INSTALL_SRIOV=true
-e INSTALL_SRIOV=true || RESULT=1
if ((RESULT==0)) ; then
echo "RUN_SETUP_KIND_CLUSTER_PASS=true" >> $GITHUB_ENV
else
echo "RUN_SETUP_KIND_CLUSTER_PASS=false" >> $GITHUB_ENV
fi
if [ -f "test/e2edebugLog.txt" ] ; then
echo "UPLOAD_SETUP_KIND_CLUSTER_LOG=true" >> $GITHUB_ENV
else
echo "UPLOAD_SETUP_KIND_CLUSTER_LOG=false" >> $GITHUB_ENV
fi
- name: Upload Setup Kind Cluster log
if: ${{ env.RUN_SETUP_KIND_CLUSTER_PASS == 'false' && env.UPLOAD_SETUP_KIND_CLUSTER_LOG == 'true' }}
uses: actions/[email protected]
with:
name: ${{ inputs.os }}-${{ inputs.ip_family }}-${{ matrix.e2e_test_mode }}-${{ inputs.k8s_version }}-setupkind.txt
path: test/e2edebugLog.txt
retention-days: 7

- name: Show Setup Kind Cluster Result
run: |
if ${{ env.RUN_SETUP_KIND_CLUSTER_PASS == 'true' }} ;then
exit 0
else
exit 1
fi
- name: Run e2e Test
id: run_e2e
Expand Down
38 changes: 18 additions & 20 deletions .github/workflows/trivy-scan-image.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,24 +35,22 @@ jobs:
name: image-tar-spiderpool-controller
path: test/.download

- name: Load And Scan Images
run: |
TAR_FILES=` ls test/.download `
echo $TAR_FILES
for ITEM in $TAR_FILES ; do
IMAGE_NAME=${ITEM%*.tar}
echo ${IMAGE_NAME}
cat test/.download/${ITEM} | docker import - ${IMAGE_NAME}:${{ inputs.image_tag }}
echo "---------trivy checkout image ${IMAGE_NAME}:${{ inputs.image_tag }} --------------------"
make lint_image_trivy -e IMAGE_NAME=${IMAGE_NAME}:${{ inputs.image_tag }} \
|| { echo "RUN_IMAGE_TRIVY_FAIL=true" >> $GITHUB_ENV ; echo "error, image ${IMAGE_NAME}:${{ inputs.image_tag }} is bad" ; }
done
- name: List downloaded files
run: ls -al test/.download

- name: Show Trivy Scan Report
run: |
if [ "${{ env.RUN_IMAGE_TRIVY_FAIL }}" == "true" ] ; then
echo "error, image is not secure, see detail on Step 'Load And Scan Images' "
exit 1
else
exit 0
fi
# https://github.com/aquasecurity/trivy-action/issues/389
- name: load and scan spiderpool-agent image
uses: aquasecurity/[email protected]
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,ghcr.io/aquasecurity/trivy-db
with:
input: test/.download/spiderpool-agent-race.tar
severity: 'CRITICAL,HIGH'

- name: load and scan spiderpool-controller image
uses: aquasecurity/[email protected]
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,ghcr.io/aquasecurity/trivy-db
with:
input: test/.download/spiderpool-controller-race.tar
severity: 'CRITICAL,HIGH'
1 change: 0 additions & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -501,4 +501,3 @@ lint_chart_trivy:
.PHONY: build-chart
build-chart:
@ cd charts ; make

5 changes: 3 additions & 2 deletions test/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,8 @@ setup_kurise:
docker pull $${IMAGE} ; \
kind load docker-image $${IMAGE} --name $(E2E_CLUSTER_NAME); \
done; \
helm install kruise openkruise/kruise --kubeconfig $(E2E_KUBECONFIG) --wait --debug --set manager.image.repository=$(E2E_OPENKRUISE_IMAGE)
helm upgrade --install kruise openkruise/kruise --wait --timeout 20m --debug --set manager.image.repository=$(E2E_OPENKRUISE_IMAGE) \
--kubeconfig $(E2E_KUBECONFIG) || { KIND_CLUSTER_NAME=$(E2E_CLUSTER_NAME) ./scripts/debugEnv.sh $(E2E_KUBECONFIG) "detail" "$(E2E_LOG_FILE)" ; exit 1 ; } ; \

.PHONY: setup_spiderpool
setup_spiderpool:
Expand Down Expand Up @@ -386,7 +387,7 @@ setup_spiderpool:
-n $(RELEASE_NAMESPACE) \
$${HELM_OPTION} \
$(E2E_HELM_ADDITIONAL_OPTIONS) \
--kubeconfig $(E2E_KUBECONFIG) || { KIND_CLUSTER_NAME=$(E2E_CLUSTER_NAME) ./scripts/debugEnv.sh $(E2E_KUBECONFIG) "detail" ; exit 1 ; } ; \
--kubeconfig $(E2E_KUBECONFIG) || { KIND_CLUSTER_NAME=$(E2E_CLUSTER_NAME) ./scripts/debugEnv.sh $(E2E_KUBECONFIG) "detail" "$(E2E_LOG_FILE)" ; exit 1 ; } ; \
if [ "$(INSTALL_SRIOV)" == "true" ] ; then \
echo "label node for sriov operator " ; \
kubectl --kubeconfig $(E2E_KUBECONFIG) get node | sed '1d' | awk '{print $$1}' | xargs -n 1 -i kubectl --kubeconfig $(E2E_KUBECONFIG) label node {} node-role.kubernetes.io/worker="" ; \
Expand Down

0 comments on commit 0044fe0

Please sign in to comment.