Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

extend the sast-coverity-check CI task to support buildful scanning #1653

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

extend the sast-coverity-check CI task to support buildful scanning #1653

wants to merge 9 commits into from
+2,761 −216

Conversation

kdudka
Copy link
Contributor

@kdudka kdudka commented Nov 26, 2024

@kdudka kdudka force-pushed the cov-bf branch 10 times, most recently from d9f50ab to d105ef6 Compare December 2, 2024 15:02
@kdudka kdudka mentioned this pull request Dec 2, 2024
Merged
5 tasks
@kdudka kdudka force-pushed the cov-bf branch 4 times, most recently from 01c1285 to 31c6f24 Compare December 12, 2024 09:54
@kdudka
Copy link
Contributor Author

kdudka commented Dec 12, 2024

/ok-to-test

kdudka added a commit to kdudka/build-definitions that referenced this pull request Dec 12, 2024
@kdudka
buildah: fix Checkton/ShellCheck findings
a53a2c9 
They cause the CI to be red on tasks derived from the buildah task.

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Dec 12, 2024
@kdudka
coverity-availability-check: remove workspace
806cbd3 
It was required but not used for anything.  Also the parameters set
in the build template were not used by the coverity-availability-check
task.

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Dec 12, 2024
@kdudka
sast-coverity-check: do not require IMAGE_DIGEST parameter
48fce4d 
... which is not used for anything

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Dec 12, 2024
@kdudka
sast-coverity-check: rename the workspace to source
5062466 
... to make the interface compatible with the `build-container` task

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Dec 12, 2024
@kdudka
use kustomize to build sast-coverity-check
cb9a16a 
... from the build-container task.  The `hack/generate-sast-tasks.sh`
script can be used to rebuild `sast-coverity-check.yaml`.

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Dec 12, 2024
@kdudka
buildah: fix Checkton/ShellCheck findings
9031fb4 
They cause the CI to be red on tasks derived from the buildah task.

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Dec 12, 2024
@kdudka
coverity-availability-check: remove workspace
7ca55eb 
It was required but not used for anything.  Also the parameters set
in the build template were not used by the coverity-availability-check
task.

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Dec 12, 2024
@kdudka
sast-coverity-check: do not require IMAGE_DIGEST parameter
327d455 
... which is not used for anything

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Dec 12, 2024
@kdudka
sast-coverity-check: rename the workspace to source
266f2fc 
... to make the interface compatible with the `build-container` task

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Dec 12, 2024
@kdudka
use kustomize to build sast-coverity-check
c341498 
... from the build-container task.  The `hack/generate-sast-tasks.sh`
script can be used to rebuild `sast-coverity-check.yaml`.

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Dec 12, 2024
@kdudka
buildah: fix Checkton/ShellCheck findings
244c039 
They cause the CI to be red on tasks derived from the buildah task.

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Jan 8, 2025
@kdudka
sast-coverity-check: generate the oci-ta copy of the task
b21b663 
Resolves: https://issues.redhat.com/browse/OSH-750
Closes: konflux-ci#1653
@kdudka
Copy link
Contributor Author

kdudka commented Jan 8, 2025

/ok-to-test

@kdudka
Copy link
Contributor Author

kdudka commented Jan 8, 2025

@chmeliik Thanks for the hint! I have updated pipelines/docker-build/patch.yaml as you suggest.

@kdudka kdudka marked this pull request as ready for review January 8, 2025 12:48
@kdudka kdudka requested a review from chmeliik January 8, 2025 12:49
@chmeliik
Copy link
Contributor

chmeliik commented Jan 8, 2025

/retest

kdudka added a commit to kdudka/build-definitions that referenced this pull request Jan 10, 2025
@kdudka
buildah: fix Checkton/ShellCheck findings
dfa0636 
They cause the CI to be red on tasks derived from the buildah task.

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Jan 10, 2025
@kdudka
coverity-availability-check: remove workspace
ab96c1d 
It was required but not used for anything.  Also the parameters set
in the build template were not used by the coverity-availability-check
task.

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Jan 10, 2025
@kdudka
sast-coverity-check: do not require IMAGE_DIGEST parameter
6b21853 
... which is not used for anything

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Jan 10, 2025
@kdudka
sast-coverity-check: rename the workspace to source
57468dc 
... to make the interface compatible with the `build-container` task

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Jan 10, 2025
@kdudka
sast-coverity-check: use kustomize to build the task
91997fb 
... from the build-container task.  The `hack/generate-sast-tasks.sh`
script can be used to rebuild `sast-coverity-check.yaml`.

Related: konflux-ci#1653
kdudka added a commit to kdudka/build-definitions that referenced this pull request Jan 10, 2025
@kdudka
sast-coverity-check: test names of patched objects
e314d78 
... which have to be indexed by numbers due to limitations of kustomize

Related: https://issues.redhat.com/browse/KONFLUX-6272
Closes: konflux-ci#1653
@kdudka kdudka mentioned this pull request Jan 10, 2025
Merged
1 task
@kdudka
Copy link
Contributor Author

kdudka commented Jan 10, 2025

/retest

1 similar comment
@kdudka
Copy link
Contributor Author

kdudka commented Jan 13, 2025

/retest

kdudka added 9 commits January 13, 2025 14:38
@kdudka
buildah: fix Checkton/ShellCheck findings
c7becfe 
They cause the CI to be red on tasks derived from the buildah task.

Related: konflux-ci#1653
@kdudka
coverity-availability-check: remove workspace
7129f48 
It was required but not used for anything.  Also the parameters set
in the build template were not used by the coverity-availability-check
task.

Related: konflux-ci#1653
@kdudka
sast-coverity-check: do not require IMAGE_DIGEST parameter
984abd9 
... which is not used for anything

Related: konflux-ci#1653
@kdudka
sast-coverity-check: rename the workspace to source
00fcc6c 
... to make the interface compatible with the `build-container` task

Related: konflux-ci#1653
@kdudka
sast-coverity-check: use kustomize to build the task
d4c2b2c 
... from the build-container task.  The `hack/generate-sast-tasks.sh`
script can be used to rebuild `sast-coverity-check.yaml`.

Related: konflux-ci#1653
@kdudka
sast-coverity-check: embed capture stats into scan results
4eb7de1 
Related: https://issues.redhat.com/browse/OSH-769
@kdudka
sast-coverity-check: generate the oci-ta copy of the task
e1b9934 
Resolves: https://issues.redhat.com/browse/OSH-750
@kdudka
sast-coverity-check: test names of patched objects
a5efc4b 
... which have to be indexed by numbers due to limitations of kustomize

Related: https://issues.redhat.com/browse/KONFLUX-6272
@kdudka
sast-coverity-check: use the latest release of coverity
8f1739c 
Related: https://issues.redhat.com/browse/OSH-750
Related: https://issues.redhat.com/browse/OSH-796
Closes: konflux-ci#1653
@kdudka
Copy link
Contributor Author

kdudka commented Jan 13, 2025

I can see the following CI failure:

- result: RPMS_DATA
        task: rpms-signature-scan
success: false

Unfortunately, I do not have access to any details. Could you please tell me which RPMs is the failure about?

@kdudka kdudka mentioned this pull request Jan 14, 2025
Open
@chmeliik
Copy link
Contributor

I can see the following CI failure:

- result: RPMS_DATA
        task: rpms-signature-scan
success: false

Unfortunately, I do not have access to any details. Could you please tell me which RPMs is the failure about?

I think this was a bug with the EC checks

/retest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chmeliik chmeliik Awaiting requested review from chmeliik

At least 1 approving review is required to merge this pull request.

Assignees

@kdudka kdudka

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@kdudka @kasemAlem @tnevrlka @dirgim @chmeliik @openshift-merge-robot