-
-
Notifications
You must be signed in to change notification settings - Fork 255
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add timestamps to repro_compare.sh and friends #4018
Conversation
Signed-off-by: Stewart X Addison <[email protected]>
@andrew-m-leonard semgrep is objecting to the use of |
not seen that before, suspect this file has not been changed since semgrep was introduced? |
Hmmm I guess it could have slipped between the cracks between the initial audit and us putting it into GHA. Do you know what the impact is of removing it? |
It will prompt for a PEM "pass phrase" to encrypt the key, which is not ideal for this purpose. Can we add an "ignore" like for linter things...? |
@sxa I think this works, change the two lines to:
|
I've got a few more comparison runs to kick off this evening so I'll do that and run with the changes. Cheers. [EDIT: Semgrep still objecting by the look of it:
] |
Signed-off-by: Stewart X Addison <[email protected]>
Signed-off-by: Stewart X Addison <[email protected]>
(Scratch that - it hadn't re-run that check alongside all of the others) |
Noting that I've added semgrep check exclusions to these files as the key is dynamically generated, temporary, does not use secret credentials and the certificate is not utilised off the machine. |
@sxa Will leave for you to merge if you're happy with the test |
I've been testing with these changes for stuff over been doing to validate adoptium/ci-jenkins-pipelines#1117 so I'm comfortable that it's good (and can fix up quickly if not). Cheers for the review |
This adds time stamps to the steps in the reproducible comparison script just to be able to compare how long it takes when it's running (particularly on machines with different disks).
It slightly changes the wording on some of the echo statements to to clarify what tools are being used for each step.
I've also enabled the use of
unzip -q
instead ofunzip ... > /dev/null
which looks nicer.I have also added
-quiet
to theopenssl
commands which should mask the line with all the.
and+
characters but that doesn't seem to do the job on the windows/cygwin environment. I'm leaving it in anyway on the basis that it will hopefully make the output cleaner in some circumstances, including on windows if an update to openssl comes in that's happier with it.Not tested on macos - it might be nice to verify that the
-q
andquiet
options don't cause a problem there prior to merging.