Additional changes for the RHTAP pipeline #1343
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A few differences from the standard RHTAP build pipeline: * Use of 6GB buildah image to avoid OOMs during container build task * There is an extra step to fetch the vuln feed data. This is done outside of the build step to make hermetic builds easier. The vuln feed data script pulls the definitions from the Google storage location and writes them to the "source" folder of the "source" workspace which is shared by the build-container task. This task will build using `image/scanner/rhtap/Dockerfile`, which expects the vuln files to be in the buildah working directory. I decided to create a separate dockerfile for RHTAP to avoid any regressions with modifying the existing ones. The dockerfile was created using a combination of the upstream and downstream dockerfiles. Current RHTAP build trigger config: * PRs will only build in RHTAP when "rhtap" is in the branch name * Pushes to master will trigger an RHTAP build
…ldah) builds" This reverts commit 52495bd.
This reverts commit f627931.
This reverts commit aa1d705.
This will hopefully speed up the build a bit. Some other changes: * Switched to the builder image from brew instead of from quay.io/stackrox-io * Cleaned up some debug statements * The buildah container no longer needs to be 6Gi * Moved unzipping the vuln dumps into the gen-vuln-feed-data step * Removed the builder image altogether from the dockerfile
Co-authored-by: red-hat-trusted-app-pipeline <[email protected]>
|
Images are ready for the commit at 5fe26ec. To use the images, use the tag |
|
@kylape: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is just another PR to allow more development of the build pipeline while the original PR #1334 is largely frozen to allow for review by the scanner team. Once that PR merges, this one will be adjusted to be reviewable by the scanner team.