Skip to content

Commit

Permalink
Fix error
Browse files Browse the repository at this point in the history
  • Loading branch information
jiangpengcheng committed May 14, 2024
1 parent 29d7220 commit 74a7ef5
Show file tree
Hide file tree
Showing 6 changed files with 15 additions and 15 deletions.
18 changes: 6 additions & 12 deletions .github/workflows/trivy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,6 @@ jobs:
image-ref: 'pulsar-functions-java-runner:latest'
format: 'table'
exit-code: '0'
output: '${{ github.workspace }}/scan-java-runner_output.txt'

- name: Run Trivy vulnerability scanner for python
id: scan-python-runner
Expand All @@ -81,7 +80,6 @@ jobs:
image-ref: 'pulsar-functions-python-runner:latest'
format: 'table'
exit-code: '0'
output: '${{ github.workspace }}/scan-python-runner_output.txt'

- name: Run Trivy vulnerability scanner for go
id: scan-go-runner
Expand All @@ -90,7 +88,6 @@ jobs:
image-ref: 'pulsar-functions-go-runner:latest'
format: 'table'
exit-code: '0'
output: '${{ github.workspace }}/scan-go-runner_output.txt'

- name: Run Trivy vulnerability scanner for java with pulsarctl
id: scan-java-pulsarctl-runner
Expand All @@ -99,7 +96,6 @@ jobs:
image-ref: 'pulsar-functions-pulsarctl-java-runner:latest'
format: 'table'
exit-code: '0'
output: '${{ github.workspace }}/scan-java-pulsarctl-runner_output.txt'

- name: Run Trivy vulnerability scanner for python with pulsarctl
id: scan-python-pulsarctl-runner
Expand All @@ -108,7 +104,6 @@ jobs:
image-ref: 'pulsar-functions-pulsarctl-python-runner:latest'
format: 'table'
exit-code: '0'
output: '${{ github.workspace }}/scan-python-pulsarctl-runner_output.txt'

- name: Run Trivy vulnerability scanner for go with pulsarctl
id: scan-go-pulsarctl-runner
Expand All @@ -117,7 +112,6 @@ jobs:
image-ref: 'pulsar-functions-pulsarctl-go-runner:latest'
format: 'table'
exit-code: '0'
output: '${{ github.workspace }}/scan-go-pulsarctl-runner_output.txt'

# Comment on PR with the scan output since the action won't fail with CVEs
- name: Comment on PR
Expand All @@ -139,12 +133,12 @@ jobs:
// Combine outputs from different steps
const outputs = [
{ label: 'Java Runner', output: getOutput('scan-java-runner') },
{ label: 'Python Runner', output: getOutput('scan-python-runner') },
{ label: 'Go Runner', output: getOutput('scan-go-runner') },
{ label: 'Java Runner with Pulsarctl', output: getOutput('scan-java-pulsarctl-runner') },
{ label: 'Python Runner with Pulsarctl', output: getOutput('scan-python-pulsarctl-runner') },
{ label: 'Go Runner with Pulsarctl', output: getOutput('scan-go-pulsarctl-runner') },
{ label: 'Java Runner', output: '${{ steps.scan-java-runner.outputs.result }}'; },
{ label: 'Python Runner', output: '${{ steps.scan-python-runner.outputs.result }}' },
{ label: 'Go Runner', output: '${{ steps.scan-go-runner.outputs.result }}' },
{ label: 'Java Runner with Pulsarctl', output: '${{ steps.scan-java-pulsarctl-runner.outputs.result }}' },
{ label: 'Python Runner with Pulsarctl', output: '${{ steps.scan-python-pulsarctl-runner.outputs.result }}' },
{ label: 'Go Runner with Pulsarctl', output: '${{ steps.scan-go-pulsarctl-runner.outputs.result }}' },
].filter(item => item.output !== '');
// Format the combined message
Expand Down
3 changes: 3 additions & 0 deletions images/pulsar-functions-base-runner/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,9 @@ COPY --from=pulsar --chown=$UID:$GID /pulsar/conf /pulsar/conf
COPY --from=pulsar --chown=$UID:$GID /pulsar/bin /pulsar/bin
COPY --from=pulsar --chown=$UID:$GID /pulsar/lib /pulsar/lib

# remove the vertx jar since it's not need ans has a cve
RUN rm -rf /pulsar/lib/io.vertx-vertx-core-*.jar || true

# remove presto dependencies because they are not needed
RUN rm -rf /pulsar/lib/presto || true
RUN rm -rf /pulsar/conf/presto || true
Expand Down
2 changes: 1 addition & 1 deletion images/pulsar-functions-base-runner/pulsarctl.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ RUN mkdir -p /pulsar/bin/ \
&& chown -R $UID:$GID /pulsar \
&& chmod -R g=u /pulsar \
&& apk update && apk add --no-cache wget bash \
&& wget https://github.com/streamnative/pulsarctl/releases/latest/download/pulsarctl-amd64-linux.tar.gz -P /pulsar/bin/ \
&& wget wget https://github.com/streamnative/pulsarctl/releases/download/v3.2.2.6/pulsarctl-amd64-linux.tar.gz -P /pulsar/bin/ \
&& tar -xzf /pulsar/bin/pulsarctl-amd64-linux.tar.gz -C /pulsar/bin/ \
&& rm -rf /pulsar/bin/pulsarctl-amd64-linux.tar.gz \
&& chmod +x /pulsar/bin/pulsarctl-amd64-linux/pulsarctl \
Expand Down
3 changes: 3 additions & 0 deletions images/pulsar-functions-java-runner/pulsarctl.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ COPY --from=pulsar --chown=$UID:$GID /pulsar/lib /pulsar/lib
COPY --from=pulsar --chown=$UID:$GID /pulsar/instances/java-instance.jar /pulsar/instances/java-instance.jar
COPY --from=pulsar --chown=$UID:$GID /pulsar/instances/deps /pulsar/instances/deps

# remove the vertx jar since it's not need ans has a cve
RUN rm -rf /pulsar/lib/io.vertx-vertx-core-*.jar || true

# remove presto dependencies because they are not needed
RUN rm -rf /pulsar/lib/presto || true
RUN rm -rf /pulsar/conf/presto || true
Expand Down
2 changes: 1 addition & 1 deletion images/pulsar-functions-python-runner/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,6 @@ RUN rm -rf /pulsar/instances/python-instance/pulsar/ \

USER $USER
# a temp solution from https://github.com/apache/pulsar/pull/15846 to fix python protobuf version error
RUN pip3 install protobuf==3.20.1 --user
RUN pip3 install protobuf==3.20.2 --user
# to make the python runner could print json logs
RUN pip3 install python-json-logger --user
2 changes: 1 addition & 1 deletion images/pulsar-functions-python-runner/pulsarctl.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,6 @@ WORKDIR /pulsar

USER $USER
# a temp solution from https://github.com/apache/pulsar/pull/15846 to fix python protobuf version error
RUN pip3 install protobuf==3.20.1 --user
RUN pip3 install protobuf==3.20.2 --user
# to make the python runner could print json logs
RUN pip3 install python-json-logger --user

0 comments on commit 74a7ef5

Please sign in to comment.