Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

glibc.yaml: Add openssf-options (and disable it) #32446

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

justinvreeland
Copy link
Member

No description provided.

@justinvreeland justinvreeland added automated pr openssf-compiler-options Track adding openssf-compiler-options labels Oct 30, 2024
@justinvreeland justinvreeland requested a review from xnox October 30, 2024 20:00
@xnox xnox added the approved-to-run A repo member has approved this external contribution label Nov 12, 2024
@wolfi-dev wolfi-dev deleted a comment from octo-sts bot Nov 12, 2024
@justinvreeland justinvreeland force-pushed the jvreeland/automated-ssf-glibc.yaml branch from a786f91 to 6828b6a Compare November 18, 2024 21:53
@wolfi-dev wolfi-dev deleted a comment from octo-sts bot Nov 18, 2024
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Dec 9, 2024
@justinvreeland justinvreeland force-pushed the jvreeland/automated-ssf-glibc.yaml branch from 1affc2b to 909ebc4 Compare December 12, 2024 19:27
@wolfi-dev wolfi-dev deleted a comment from octo-sts bot Dec 12, 2024
@justinvreeland justinvreeland marked this pull request as ready for review December 12, 2024 21:31
Copy link
Contributor

@dannf dannf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @justinvreeland. I haven't had time to dig into the root cause yet, so let's go with this.

Would you mind adding a link to https://github.com/chainguard-dev/internal-dev/issues/7756 above the GCC_SPEC_FILE setting?

Should we guard this to only apply to the ARM builds?

@justinvreeland justinvreeland force-pushed the jvreeland/automated-ssf-glibc.yaml branch from 926cbac to 94770b7 Compare December 19, 2024 18:15
@justinvreeland
Copy link
Member Author

Would you mind adding a link to https://github.com/chainguard-dev/internal-dev/issues/7756 above the GCC_SPEC_FILE setting?

Done.

Should we guard this to only apply to the ARM builds?

I'm not sure if we can do that in the yaml tbh. But in general I prefer keeping things as close as possible in the architectures. Don't have particularly strong feelings about that though.

@dannf
Copy link
Contributor

dannf commented Dec 19, 2024

Would you mind adding a link to chainguard-dev/internal-dev#7756 above the GCC_SPEC_FILE setting?

Done.

Should we guard this to only apply to the ARM builds?

I'm not sure if we can do that in the yaml tbh.

Yeah, probably not in the environment section, so we'd have to do something like this in a runs:

[ "${{build.arch}}" = "aarch64" ] || export GCC_SPEC_FILE=/dev/null

But in general I prefer keeping things as close as possible in the architectures. Don't have particularly strong feelings about that though.

Fair enough, let's just merge this as-is. Thanks!

@dannf dannf changed the title glibc.yaml: Add openssf-options glibc.yaml: Add openssf-options (and disable it) Dec 19, 2024
@justinvreeland justinvreeland removed the request for review from xnox December 20, 2024 16:43
@justinvreeland justinvreeland enabled auto-merge (squash) December 20, 2024 16:43
@justinvreeland
Copy link
Member Author

Rebasing to see if that fixes whatever is stopping the merge

@justinvreeland justinvreeland force-pushed the jvreeland/automated-ssf-glibc.yaml branch from 94770b7 to 2dac188 Compare December 20, 2024 16:45
@xnox
Copy link
Member

xnox commented Dec 23, 2024

@justinvreeland it seems that "maintainers can modify this PR" has been turned off; and we have no ability to re-run ci-sbom-validity. Either you need to rebase this PR, or I guess i can create a new one with hope of it passing ci checks.

@xnox
Copy link
Member

xnox commented Dec 23, 2024

rebased PR here #38280 hopefully it will pass CI.

@justinvreeland justinvreeland force-pushed the jvreeland/automated-ssf-glibc.yaml branch from 2dac188 to f7723a4 Compare December 30, 2024 15:41
@justinvreeland
Copy link
Member Author

I rebased this one but looks like we have SBOM issues. Checked the maintainer edit button.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved-to-run A repo member has approved this external contribution bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. openssf-compiler-options Track adding openssf-compiler-options
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants