Skip to content

Fix unicode and shell sast checks #601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 25, 2025
Merged

Fix unicode and shell sast checks #601

merged 3 commits into from
Apr 25, 2025

Conversation

thepetk
Copy link
Contributor

@thepetk thepetk commented Apr 11, 2025
edited
Loading

Description of Changes

Based on the description and the resources provided in https://gitlab.cee.redhat.com/konflux/docs/sop/-/blob/main/conforma/new-sast-tasks-mar25.md

The PR updates the shell and unicode cheks to use the checks that the onliner installs. Provided here: https://github.com/simonbaird/konflux-pipeline-patcher/blob/main/specific-one-liners.md#sast-unicode-and-shell-check-tasks

Related Issue(s)

Fixes devfile/api#1702 (partially)

Acceptance Criteria

  • Contributing guide

Have you read the devfile registry contributing guide and followed its instructions?

  • Test automation

Does this repository's tests pass with your changes?

  • Documentation

Does any documentation need to be updated with your changes?

  • Check Tools Provider

Have you tested the changes with existing tools, i.e. Odo, Che, Console? (See devfile registry contributing guide on how to test changes)

Tests Performed

Explain what tests you personally ran to ensure the changes are functioning as expected.

How To Test

Instructions for the reviewer on how to test your changes.

Notes To Reviewer

Any notes you would like to include for the reviewer.

@thepetk thepetk requested a review from a team as a code owner April 11, 2025 10:58
@openshift-ci openshift-ci bot requested review from elsony and Jdubrick April 11, 2025 10:58
@thepetk thepetk requested review from michael-valdron and removed request for elsony and Jdubrick April 11, 2025 10:58
@thepetk thepetk changed the title Fix unicode and shell sast checks WIP: Fix unicode and shell sast checks Apr 11, 2025
@thepetk thepetk closed this Apr 11, 2025
@thepetk thepetk reopened this Apr 11, 2025
@thepetk
Copy link
Contributor Author

thepetk commented Apr 11, 2025

I've repleced the checks with the content provided by the onliner here: https://github.com/simonbaird/konflux-pipeline-patcher/blob/main/specific-one-liners.md#sast-unicode-and-shell-check-tasks

@thepetk thepetk changed the title WIP: Fix unicode and shell sast checks Fix unicode and shell sast checks Apr 11, 2025
@thepetk
Copy link
Contributor Author

thepetk commented Apr 16, 2025

Currenlty fails because of:

Results:
✕ [Violation] tasks.required_tasks_found
  ImageRef: quay.io/redhat-user-workloads/devfiles-tenant/registry-viewer-main@sha256:b686e21d9f8ec73b94182ae02376b4403eaa3b9e42c04a4843204e46a4c1f56f
  Reason: One of "sast-unicode-check", "sast-unicode-check-oci-ta" tasks is missing
  Title: All required tasks were included in the pipeline
  Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add one or
  more of "tasks.required_tasks_found:sast-unicode-check", "tasks.required_tasks_found:sast-unicode-check-oci-ta" to the `exclude`
  section of the policy configuration.
  Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
  xref:ec-cli:ROOT:configuration.adoc#_data_sources[data] under the key 'required-tasks'.

My guess is we need first to merge devfile-web

@thepetk thepetk mentioned this pull request Apr 16, 2025
Merged
3 tasks
@michael-valdron
Copy link
Member

/retest

1 similar comment
@thepetk
Copy link
Contributor Author

thepetk commented Apr 23, 2025

/retest

@thepetk thepetk closed this Apr 24, 2025
@openshift-ci openshift-ci bot removed the approved label Apr 24, 2025
@thepetk thepetk reopened this Apr 24, 2025
@thepetk
Copy link
Contributor Author

thepetk commented Apr 24, 2025

/retest

@thepetk
Copy link
Contributor Author

thepetk commented Apr 24, 2025

@michael-valdron I guess we are ready, once is reviewed we should be ready to merge.

michael-valdron
michael-valdron approved these changes Apr 24, 2025
View reviewed changes
Copy link
Member

@michael-valdron michael-valdron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Looks good to me label Apr 24, 2025
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Apr 24, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: michael-valdron, thepetk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [michael-valdron,thepetk]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@thepetk thepetk merged commit 974b2f0 into devfile:main Apr 25, 2025
13 checks passed
@thepetk thepetk mentioned this pull request Apr 25, 2025
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michael-valdron michael-valdron michael-valdron approved these changes

Assignees

@michael-valdron michael-valdron

Labels
approved lgtm Looks good to me
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Konflux EC testing failures due to new sast tasks
2 participants
@thepetk @michael-valdron