Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding Scanner Tool to Identify Problematic Docker Images #345

Merged
merged 5 commits into from
Jun 9, 2020
Merged

Adding Scanner Tool to Identify Problematic Docker Images #345

merged 5 commits into from
Jun 9, 2020

Conversation

james-crowley
Copy link

This is a Python based tool that allows user to scan all the images AdoptOpenJDK produces and identify any problematic Docker images.

This tool was made to help assist in issue #328.

Some highlights of this tool are allowing people to identify any missing images in DockerHub, identify bad manifests and identify if any images are not getting updated.

@james-crowley james-crowley changed the title Adding Scanner Tool to Problematic Docker Images Adding Scanner Tool to Identify Problematic Docker Images Jun 2, 2020
@karianna karianna added this to the June 2020 milestone Jun 2, 2020
@karianna karianna requested a review from dinogun June 2, 2020 15:50
@james-crowley
Copy link
Author

@karianna Thanks for adding @dinogun as a reviewer. It's a decently size Python file, if you or someone else wants to review as well, I think that would be best.

@dinogun
Copy link
Collaborator

dinogun commented Jun 3, 2020

@james-crowley First off, thank you for doing this. Adding a test suite for checking the validity of all the images is a very useful addition to the repo !

dinogun
dinogun requested changes Jun 3, 2020
View reviewed changes
Copy link
Collaborator

@dinogun dinogun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general, the PR looks good. A few minor comments interspersed below. Also I'd suggest that you rename 'scanner' as 'tests' folder as we are adding a bunch of tests to the Docker images.

Also can we add tests for the official images as well

scanner/Dockerfile Outdated Show resolved Hide resolved
scanner/README.md Outdated Show resolved Hide resolved
scanner/README.md Outdated Show resolved Hide resolved
scanner/scanner.py Outdated Show resolved Hide resolved
scanner/scanner.py Outdated Show resolved Hide resolved
@james-crowley
Copy link
Author

Also I'd suggest that you rename 'scanner' as 'tests' folder as we are adding a bunch of tests to the Docker images.

@dinogun Did you want the folder structure to look like /tests/scanner/ or just put everything in /tests/?

@grzesuav
Copy link
Contributor

grzesuav commented Jun 3, 2020

@james-crowley maybe adding a information what kind of check scanner performs to scanner help command is a good idea.

As I understand it can : "to identify any missing images in DockerHub, identify bad manifests and identify if any images are not getting updated". So it is excepted to add it to CI build or use during local development ? From reading the README it checks already pushed images, right ?

@dinogun
Copy link
Collaborator

dinogun commented Jun 3, 2020

Also I'd suggest that you rename 'scanner' as 'tests' folder as we are adding a bunch of tests to the Docker images.

@dinogun Did you want the folder structure to look like /tests/scanner/ or just put everything in /tests/?

tests/scanner looks good.

@dinogun dinogun closed this Jun 3, 2020
@dinogun dinogun reopened this Jun 3, 2020
@dinogun
Copy link
Collaborator

dinogun commented Jun 3, 2020

Also please rebase the PR to include the fix for the linter script.

This was referenced Jun 3, 2020
Closed
Open
@james-crowley
Copy link
Author

So it is excepted to add it to CI build or use during local development ? From reading the README it checks already pushed images, right ?

@grzesuav This script could be used in a couple places. First use case would be having the script run as "cron" job in Jenkins every X hours/days. This should help you easily identify any issues with images/manifests.

Second use case would be integrating this into Adopt's CI/CD. After all your images/manifests have been built for nightly images, run this to verify everything got correctly published.

If you want to make a more manually approach, you can just run the script locally. If any issues raise then open a GitHub issue. That last couple issues I've open have been because this script caught errors in manifests and non-published images.

Jim Crowley added 2 commits June 3, 2020 15:21
Merge pull request #1 from AdoptOpenJDK/master
45bf5c3 
Merge Remote Tracking Branch
Merge pull request #2 from james-crowley/master
8be16ca 
Merge Remote Tracking Branch
karianna
karianna approved these changes Jun 4, 2020
View reviewed changes
Copy link
Member

@karianna karianna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@grzesuav
Copy link
Contributor

grzesuav commented Jun 4, 2020

So it is excepted to add it to CI build or use during local development ? From reading the README it checks already pushed images, right ?

@grzesuav This script could be used in a couple places. First use case would be having the script run as "cron" job in Jenkins every X hours/days. This should help you easily identify any issues with images/manifests.

Second use case would be integrating this into Adopt's CI/CD. After all your images/manifests have been built for nightly images, run this to verify everything got correctly published.

If you want to make a more manually approach, you can just run the script locally. If any issues raise then open a GitHub issue. That last couple issues I've open have been because this script caught errors in manifests and non-published images.

so actually we have two outstanding task(or maybe one ? ) - add it to CI pipeline /and/or/ cronjob ?

@james-crowley
Copy link
Author

@grzesuav I added more information on what the checks each verification "stage" does. Hope this clears some stuff up for you.

@dinogun I added the --show-valid flag to show you the valid images like you requested. I also added a --json flag so you can get more output if needed.

Let me know what else is needed to get this PR merged.

dinogun
dinogun approved these changes Jun 9, 2020
View reviewed changes
Copy link
Collaborator

@dinogun dinogun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@dinogun dinogun merged commit ff6c5b5 into AdoptOpenJDK:master Jun 9, 2020
@smlambert smlambert mentioned this pull request Jun 10, 2020
Closed
@llxia llxia mentioned this pull request Jun 23, 2020
Closed
@smlambert smlambert mentioned this pull request Jul 30, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dinogun dinogun dinogun approved these changes

@karianna karianna karianna approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
June 2020
Development

Successfully merging this pull request may close these issues.
4 participants
@james-crowley @dinogun @grzesuav @karianna