Use productized syft #870
Use productized syft #870
Conversation
task/buildah/0.1/buildah.yaml
Outdated
| @@ -257,7 +257,7 @@ spec: | |||
| workingDir: $(workspaces.source.path) | |||
|
|
|||
| - name: sbom-syft-generate | |||
| image: quay.io/redhat-appstudio/syft:v0.105.0@sha256:32a9d2007f2b042ceec4ef32fa1d90b8d28141822e7d9748f240da9d55c56601 | |||
| image: registry.redhat.io/rh-syft-tech-preview/syft-rhel9:0.105.0@sha256:8d34c03188cf294a77339b2a733b1f6811263a369b309e6b170d9b489abc0334 | |||
There was a problem hiding this comment.
Ah, I will first need to fix the tasks to use Syft the same way as buildah-rhtap
Otherwise, they fail on missing find
/tekton/scripts/script-1-cbxrs: line 4: find: command not found
There was a problem hiding this comment.
I gave up, buildah-remote (its generation script, more accurately) makes that too difficult. Just moved the find call to a different step.
chmeliik
force-pushed
the
use-productized-syft
branch
from
1e93da5 to
d539b64
Compare
no idea |
chmeliik
force-pushed
the
use-productized-syft
branch
from
d539b64 to
8e72fb2
Compare
|
Rebased |
|
So, I tried to test the docker-build pipeline in my local cluster and I'm getting: Apparently, mounting the |
Ah, right. Nice catch 👍 |
chmeliik
force-pushed
the
use-productized-syft
branch
from
8e72fb2 to
8ba172b
Compare
|
/retest |
1 similar comment
|
/retest |
Come on Quay /retest |
chmeliik
force-pushed
the
use-productized-syft
branch
3 times, most recently
from
64520de to
2c9df2f
Compare
why how /retest |
|
/retest I mean it |
But how No entiendo /retest |
|
/retest |
|
/retest Tekton, I beg you |
chmeliik
force-pushed
the
use-productized-syft
branch
from
19b84eb to
8785b11
Compare
|
Losing my mind here /retest |
|
The test run is gone /retest |
chmeliik
force-pushed
the
use-productized-syft
branch
from
8785b11 to
a7c0f14
Compare
¯\_(ツ)_/¯ /retest |
|
/retest Something is still killing the test after less than 2 hours even though I tried to bump the timeout 😕 |
|
The build pipelineRun (devfile-sample-python-basic-ebgn-c6fdw) failed but with no failure reason in the logs 🥲 /retest |
from tekton results: clamav-scan status:
completionTime: "2024-03-18T11:49:23Z"
conditions:
- lastTransitionTime: "2024-03-18T11:49:23Z"
message: 'failed to create task run pod "devfile-sample-python-basic-ebgn-c6fdw-clamav-scan": translating TaskSpec to Pod: secrets "devfile-sample-python-basic-b1jt" not found. Maybe missing or invalid Task build-templates-e2e/'
reason: PodCreationFailed
status: "False"
type: Succeededbase-image-check status:
completionTime: "2024-03-18T11:49:23Z"
conditions:
- lastTransitionTime: "2024-03-18T11:49:23Z"
message: 'failed to create task run pod "dev123043849dc5e7b4ad8d4de806402caf-deprecated-base-image-check": translating TaskSpec to Pod: secrets "devfile-sample-python-basic-b1jt" not found. Maybe missing or invalid Task build-templates-e2e/'
reason: PodCreationFailed
status: "False"
type: Succeededbuild-source-image status:
completionTime: "2024-03-18T11:49:23Z"
conditions:
- lastTransitionTime: "2024-03-18T11:49:23Z"
message: 'failed to create task run pod "devfile-sample-python-basic-ebgn-c6fdw-build-source-image": translating TaskSpec to Pod: secrets "devfile-sample-python-basic-b1jt" not found. Maybe missing or invalid Task build-templates-e2e/'
reason: PodCreationFailed
status: "False"
type: Succeeded |
Oh nice, I forgot I could get the logs for deleted PipelineRuns from tekton results The errors still don't make a whole lot of sense to me though :/ |
|
Timed out when waiting for attestation. Yup, 36 minutes and still nothing https://quay.io/repository/redhat-user-workloads/build-templates-e2e/test-app-870/devfile-sample-python-basic-jya7?tab=tags&tag=latest |
chmeliik
force-pushed
the
use-productized-syft
branch
from
a7c0f14 to
4243774
Compare
chmeliik
force-pushed
the
use-productized-syft
branch
from
4243774 to
e8414c6
Compare
chmeliik
force-pushed
the
use-productized-syft
branch
2 times, most recently
from
636fcc1 to
7897b72
Compare
|
Build pipeline timed out /retest |
We want to switch from the quay.io/redhat-appstudio/syft image to registry.redhat.io/rh-syft-tech-preview/syft-rhel9. The new syft image is built on ubi-micro and doesn't include the 'find' util. Delete the symlinks already in the build step. This is broken for buildah-remote, because the generation script (which lives in the multi-platform-controller repo) does not handle this part of the buildah script properly. To be fixed later. Signed-off-by: Adam Cmiel <[email protected]>
There are two reasons why the buildah-remote task cannot delete container symlinks in the build step: * the multi-platform-runner image does not include the 'find' util * the script that generates buildah-remote from buildah doesn't handle changes to that part of the code, it's hardcoded Move the command into a separate step in the buildah task in order to fix the buildah-remote task. Signed-off-by: Adam Cmiel <[email protected]>
STONEBLD-2174 For consistency, use the same Syft image for the Konflux tasks and the RHTAP tasks. Signed-off-by: Adam Cmiel <[email protected]>
All tasks now use the Syft image from registry.redhat.io. Signed-off-by: Adam Cmiel <[email protected]>
chmeliik
force-pushed
the
use-productized-syft
branch
from
7897b72 to
93351d0
Compare
|
|
Would be have to be re-done on the 0.2 versions of build tasks |
Before you complete this pull request ...
Look for any open pull requests in the repository with the title "e2e-tests update" and
see if there are recent e2e-tests updates that will be applicable to your change.