Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install nvm on jenkins builders #779

Open
grzesuav opened this issue May 2, 2019 · 15 comments
Open

Install nvm on jenkins builders #779

grzesuav opened this issue May 2, 2019 · 15 comments
Assignees
@sxa @Haroon-Khel
Labels
enhancement security
Milestone
Backlog

Comments

@grzesuav
Copy link

grzesuav commented May 2, 2019

In order to enable snyk analysis, I would need nvm installed, to use it for install npm and snyk
@grzesuav grzesuav changed the title Install nvm on jenkins Install nvm on jenkins builders May 2, 2019
@karianna karianna added this to the 2019 May milestone May 2, 2019
@karianna
Copy link
Contributor

karianna commented May 2, 2019

We should identify the scope of which Docker containers we want to scan and where and when. My understanding is that we currently:

  1. via openjdk-build scripts, we run the build in a docker container to test that our "build in a docker container" functionality works for users outside of Adopt (as in Adopt we currently build on 'bare metal' (or close enough to it). This functionality isn't well tested/maintained and we don't release these via our API or website.

  2. via openjdk-docker we create docker builds using various linux distros as baselines and provide slim versions, full versions etc. The results of these docker builds are pushed to DockerHub

  3. via openjdk-tests (and friends) we do a host of testing using underlying docker containers to host the env / tests

So my question which of these do we want to scan and when/why.

@grzesuav
Copy link
Author

grzesuav commented May 2, 2019

I would suggest that most beneficial would be hook it into 2. as :

  • those scripts are relatively simple
  • they are used to produce AdoptOpenJDK docker images

@karianna
Copy link
Contributor

karianna commented May 2, 2019

OK, given snyk is enabled for that repo - does that integration not check the resulting image? Or does the GitHub integration not scan containers?

@grzesuav
Copy link
Author

grzesuav commented May 7, 2019

github integration does not scan Dockerfiles/images

@grzesuav
Copy link
Author

grzesuav commented May 7, 2019

https://snyk.io/docs/github/#integration-features

@karianna karianna modified the milestones: 2019 May, 2019 June Jun 3, 2019
@sxa sxa modified the milestones: 2019 June, July 2019 Jul 2, 2019
@karianna karianna modified the milestones: July 2019, August 2019 Aug 6, 2019
@karianna karianna modified the milestones: August 2019, September 2019 Sep 2, 2019
@karianna karianna modified the milestones: September 2019, October 2019 Oct 4, 2019
@sxa
Copy link
Member

sxa commented Oct 28, 2019

Do we need this on all the machines or is there a limited number of systems we're planning to run this on?

@grzesuav
Copy link
Author

not sure, probably best to start witch machines used to build linux images. @karianna any thoughs ?

@karianna
Copy link
Contributor

I'd say linux for any docker related builds.

@sxa sxa modified the milestones: October 2019, November 2019 Nov 1, 2019
@sxa sxa modified the milestones: November 2019, December 2019 Nov 29, 2019
@sxa sxa modified the milestones: December 2019, January 2020 Dec 31, 2019
@sxa sxa self-assigned this Jan 7, 2020
@sxa
Copy link
Member

sxa commented Jan 7, 2020

OK I've put it on for the jenkins user on build-scaleway-ubuntu1604-x64-2 which is where the x86 docker builds are generally done. If you source $HOME/.nvm/nvm.sh that should activate it in whatever scripts you need it. I would suggest that you check for the presence of that at the start and warn/abort/do nothing as appropriate based on your requirements.

@karianna karianna modified the milestones: January 2020, February 2020 Feb 3, 2020
@karianna
Copy link
Contributor

@grzesuav - Are you able to test this out now?

@grzesuav
Copy link
Author

hi, just finishing AdoptOpenJDK/openjdk-docker#263 and I will switch to this, hopefully this weekend

@sxa sxa modified the milestones: February 2020, March 2020 Feb 25, 2020
@grzesuav grzesuav mentioned this issue Feb 26, 2020
Closed
@grzesuav
Copy link
Author

@sxa555 how can I test if code on mt branch will execute properly ? Is there any way I can run my branch (PR above) to check how it behaves ?

@grzesuav
Copy link
Author

I would imagine I need to perform https://support.snyk.io/hc/en-us/articles/360003812458-Getting-started-with-the-CLI
with nvm which is :

@sxa sxa modified the milestones: March 2020, April 2020 Mar 31, 2020
@sxa sxa modified the milestones: April 2020, May 2020 May 4, 2020
@Haroon-Khel Haroon-Khel modified the milestones: May 2020, June 2020 Jun 1, 2020
@Haroon-Khel Haroon-Khel modified the milestones: June 2020, July 2020 Jul 3, 2020
@Haroon-Khel Haroon-Khel modified the milestones: July 2020, August 2020 Aug 18, 2020
@Haroon-Khel Haroon-Khel modified the milestones: August 2020, October 2020 Oct 5, 2020
@Haroon-Khel Haroon-Khel modified the milestones: November 2020, Backlog Dec 10, 2020
@sxa sxa added the security label May 30, 2022
@sxa
Copy link
Member

sxa commented Feb 6, 2023

Is this is still in progress and blocked?

@grzesuav
Copy link
Author

@sxa the question is do we want to continue with snyk analysis for docker images

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sxa sxa

@Haroon-Khel Haroon-Khel

Labels
enhancement security
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@karianna @sxa @grzesuav @Haroon-Khel