Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: Only release image without CVEs. #2114

Merged
merged 1 commit into from
Nov 10, 2023
Merged

ci: Only release image without CVEs. #2114

merged 1 commit into from
Nov 10, 2023

Conversation

eiffel-fl
Copy link
Member

Hi.

I marked this PR as RFC as maybe we should be able to bypass this.
On the other hand, this is not a good thing to publish flawed images.

Best regards.

mauriciovasquezbernal
mauriciovasquezbernal reviewed Oct 6, 2023
View reviewed changes
Copy link
Member

@mauriciovasquezbernal mauriciovasquezbernal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it'll become a bottleneck in our workflow not being able to push those images if there is a known CVE on the base image. I'm ok with having this for the release workflow, there we could wait until the base image is fixed, and if it's taking too long to change it or find another solution.

@eiffel-fl eiffel-fl changed the title [RFC] ci: Only publish image without CVEs. [RFC] ci: Only release image without CVEs. Oct 10, 2023
mauriciovasquezbernal
mauriciovasquezbernal approved these changes Oct 11, 2023
View reviewed changes
Copy link
Member

@mauriciovasquezbernal mauriciovasquezbernal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's fine. @alban do you have any opinions on this one?

@eiffel-fl
ci: Only release image without CVEs.
9111d0a 
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
@eiffel-fl eiffel-fl changed the title [RFC] ci: Only release image without CVEs. ci: Only release image without CVEs. Nov 9, 2023
alban
alban approved these changes Nov 9, 2023
View reviewed changes
Copy link
Member

@alban alban left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

The patch ensures that the step scan-gadget-container-images is executed for the release.

I see it has ignore-unfixed: true. Hopefully with that setting, we will not get blocked too much for a release.

@eiffel-fl eiffel-fl merged commit ad8e04b into main Nov 10, 2023
50 checks passed
@eiffel-fl eiffel-fl deleted the francis/publish-scan branch November 10, 2023 06:27
@eiffel-fl
Copy link
Member Author

Thank you for the reviews!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alban alban alban approved these changes

@mauriciovasquezbernal mauriciovasquezbernal mauriciovasquezbernal approved these changes

@mqasimsarfraz mqasimsarfraz Awaiting requested review from mqasimsarfraz mqasimsarfraz is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@eiffel-fl @alban @mauriciovasquezbernal