Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🤖 Fixup trivy scans #1093

Merged
merged 2 commits into from
Mar 10, 2023
Merged

🤖 Fixup trivy scans #1093

merged 2 commits into from
Mar 10, 2023

Conversation

mudler
Copy link
Member

@mudler mudler commented Mar 10, 2023
edited
Loading

It is just an attempt to see if makes it any better.

  • Deleting /tmp/* wasn't enough (but still good to keep it around, so we are coherent)
  • We skip /tmp in trivy now explicitly
  • Refactor the docker target. It is now split in base-image and image. the old docker target is equivalent to image. The base-image spits an image with an untouched os-release file so scanners can pick up the original base-image version. I've also removed some dups present in the Earthfile

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #1087

@mudler
🐧 Delete any files dangling in /tmp
089a610 
Signed-off-by: mudler <mudler@c3os.io>
@netlify
Copy link

netlify bot commented Mar 10, 2023
edited
Loading

Deploy Preview for kairos-io canceled.

Name Link
🔨 Latest commit af99a39
🔍 Latest deploy log https://app.netlify.com/sites/kairos-io/deploys/640b303a4a47290008ab8b0a

@mudler mudler changed the title 🐧 Delete any files dangling in /tmp 🤖 Fixup trivy scans Mar 10, 2023
@mudler mudler requested a review from a team March 10, 2023 10:48
@codecov-commenter
Copy link

codecov-commenter commented Mar 10, 2023
edited
Loading

Codecov Report

Merging #1093 (d6726a9) into master (7bb9af9) will increase coverage by 0.62%.
The diff coverage is 51.85%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##           master    #1093      +/-   ##
==========================================
+ Coverage   22.79%   23.41%   +0.62%     
==========================================
  Files          22       22              
  Lines        1610     1627      +17     
==========================================
+ Hits          367      381      +14     
- Misses       1179     1180       +1     
- Partials       64       66       +2
Impacted Files Coverage Δ
internal/agent/agent.go 43.10% <ø> (ø)
internal/agent/install.go 5.40% <51.85%> (+5.40%) ⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

Itxaka
Itxaka previously approved these changes Mar 10, 2023
View reviewed changes
@Itxaka
Copy link
Member

Itxaka commented Mar 10, 2023
edited
Loading

We should probably open an issues upstream on trivy so they can fix this directly in there

Edit: next time I should probably look it up before commenting aquasecurity/trivy#3811

@mudler mudler enabled auto-merge (squash) March 10, 2023 11:30
@mudler
Copy link
Member Author

mudler commented Mar 10, 2023

gah, my refactor broke things 🙄

@Itxaka
Copy link
Member

Itxaka commented Mar 10, 2023

IMO, fix should go in here, refactor somewhere else so we can merge this asap

@mudler
Copy link
Member Author

mudler commented Mar 10, 2023
edited
Loading

IMO, fix should go in here, refactor somewhere else so we can merge this asap

eeeh, you are right, I was too much optimistic

@mudler mudler mentioned this pull request Mar 10, 2023
Merged
@mudler
Copy link
Member Author

mudler commented Mar 10, 2023

refactor dropped and split into #1100

mudler
mudler commented Mar 10, 2023
View reviewed changes
Earthfile Outdated
@@ -331,23 +331,6 @@ docker:
# Avoid to accidentally push keys generated by package managers
RUN rm -rf /etc/ssh/ssh_host_*

# Copy flavor-specific overlay files
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this was a duplicate.. we already do that in the framework images

Itxaka
Itxaka reviewed Mar 10, 2023
View reviewed changes
Earthfile Outdated
@@ -331,23 +331,6 @@ docker:
# Avoid to accidentally push keys generated by package managers
RUN rm -rf /etc/ssh/ssh_host_*

# Copy flavor-specific overlay files
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess this is an artifact of the split?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nope, it actually is a dup in our Earthfile that I cought while re-walking it, moved it to the other PR

@mudler
🤖 Skip /tmp scan in trivy
af99a39 
Signed-off-by: mudler <mudler@c3os.io>
@mudler mudler disabled auto-merge March 10, 2023 13:28
@mudler mudler merged commit cc90b66 into master Mar 10, 2023
@mudler mudler deleted the fixup/trivy_2 branch March 10, 2023 13:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Itxaka Itxaka Itxaka approved these changes

Assignees
No one assigned
Labels
None yet
Projects
🧙Issue tracking board
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

🤖 Sporadic failures with trivy
3 participants
@mudler @codecov-commenter @Itxaka