Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(trivy): update trivy version and enforce OCI compliant repo names in local image storage #1068

Merged
merged 1 commit into from
Jan 18, 2023
Merged

chore(trivy): update trivy version and enforce OCI compliant repo names in local image storage #1068

merged 1 commit into from
Jan 18, 2023

Conversation

andaaron
Copy link
Contributor

@andaaron andaaron commented Dec 15, 2022
edited

Originally 4 commits, squashed so the can be signed after rebasing.

  1. chore(trivy): update trivy library version

The trivy team switched github.com/urfave/cli for viper so
there are some other code changes as well.

Since we don't use github.com/urfave/cli directly in our software
we needed to add a tools.go in order for "go mod tidy" to not delete it.
See this pattern explained in:

The jobs using "go get -u" have been updated to use "go install", since go get
modifies the go.mod by upgrading some of the packages, but downgrading trivy to an older
version with broken dependencies

  1. fix(storage) Update local storage to ignore folder names not compliant with dist spec
    Also updated trivy to download the DB and cache results under the rootDir/_trivy folder

  2. fix(s3): one of the s3 tests was missing the skipIt call
    This caused a failure when running locally without s3 being available

  3. make sure the offline scanning is enabled, and zot only downloads the trivy DB
    on the regular schedule, and doesn't download the DB on every image scan

Signed-off-by: Andrei Aaron andaaron@cisco.com

@andaaron andaaron force-pushed the andrei-trivy branch 6 times, most recently from ce97bb8 to c9dec89 Compare December 19, 2022 18:48
@codecov
Copy link

codecov bot commented Dec 19, 2022
edited

Codecov Report

Merging #1068 (cc313ad) into main (9294ebb) will decrease coverage by 0.18%.
The diff coverage is 100.00%.

❗ Current head cc313ad differs from pull request most recent head 15d1529. Consider uploading reports for the commit 15d1529 to get more accurate results

@@            Coverage Diff             @@
##             main    #1068      +/-   ##
==========================================
- Coverage   89.23%   89.05%   -0.18%     
==========================================
  Files          89       74      -15     
  Lines       18294    15056    -3238     
==========================================
- Hits        16324    13408    -2916     
+ Misses       1504     1284     -220     
+ Partials      466      364     -102
Impacted Files Coverage Δ
pkg/regexp/regexp.go 88.88% <ø> (ø)
pkg/api/routes.go 94.52% <100.00%> (+0.52%) ⬆️
pkg/extensions/search/cve/trivy/scanner.go 96.66% <100.00%> (+1.64%) ⬆️
pkg/storage/local/local.go 82.91% <100.00%> (+0.34%) ⬆️
pkg/test/common.go 89.27% <100.00%> (+5.66%) ⬆️
pkg/extensions/search/schema.resolvers.go 83.47% <0.00%> (-14.02%) ⬇️
pkg/storage/cache/dynamodb.go 94.63% <0.00%> (-2.15%) ⬇️
pkg/extensions/search/common/oci_layout.go 91.61% <0.00%> (-0.66%) ⬇️
pkg/requestcontext/context.go 100.00% <0.00%> (ø)
pkg/extensions/extension_search.go 87.50% <0.00%> (ø)
... and 27 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@andaaron andaaron force-pushed the andrei-trivy branch 3 times, most recently from 47a0945 to dfe1c92 Compare December 22, 2022 17:52
@andaaron andaaron changed the title partial work on updating trivy chore(tricy): update trivy version and enforce OCI compliant repo names in local image storage Dec 22, 2022
@andaaron andaaron marked this pull request as ready for review December 22, 2022 17:59
@andaaron andaaron changed the title chore(tricy): update trivy version and enforce OCI compliant repo names in local image storage chore(trivy): update trivy version and enforce OCI compliant repo names in local image storage Dec 22, 2022
@andaaron andaaron force-pushed the andrei-trivy branch 7 times, most recently from 6f173e6 to a24f436 Compare December 23, 2022 14:24
@andaaron andaaron force-pushed the andrei-trivy branch 2 times, most recently from fd383ea to 56b5692 Compare January 9, 2023 17:44
shimish2
shimish2 reviewed Jan 10, 2023
View reviewed changes
Copy link
Collaborator

@shimish2 shimish2 left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rchincha

With this change we are not using our forks (trivy, trivy-db and fanal) and now we are configuring our cache dir (_trivy).

@rchincha
Copy link
Contributor

@shimish2 can you review this pls?

@shimish2
Copy link
Collaborator

@shimish2 can you review this pls?

I already did that.

@andaaron andaaron force-pushed the andrei-trivy branch 9 times, most recently from 5c11927 to 35da59d Compare January 17, 2023 10:59
@andaaron
chore(trivy): update trivy version and enforce OCI compliant repo nam…
15d1529 
…es in local image storage

1. chore(trivy): update trivy library version

The trivy team switched github.com/urfave/cli for viper so
there are some other code changes as well.

Since we don't use github.com/urfave/cli directly in our software
we needed to add a tools.go in order for "go mod tidy" to not delete it.
See this pattern explained in:
- https://github.com/99designs/gqlgen#quick-start
- https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module
- https://github.com/go-modules-by-example/index/blob/master/010_tools/README.md#walk-through

The jobs using "go get -u" have been updated to use "go install", since go get
modifies the go.mod by upgrading some of the packages, but downgrading trivy to an older
version with broken dependencies

2. fix(storage) Update local storage to ignore folder names not compliant with dist spec
Also updated trivy to download the DB and cache results under the rootDir/_trivy folder

3. fix(s3): one of the s3 tests was missing the skipIt call
This caused a failure when running locally without s3 being available

4. make sure the offline scanning is enabled, and zot only downloads the trivy DB
on the regular schedule, and doesn't download the DB on every image scan

ci: increase build and test timeout as tests are reaching the limit more often

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
@andaaron andaaron mentioned this pull request Jan 18, 2023
Closed
rchincha
rchincha approved these changes Jan 18, 2023
View reviewed changes
Copy link
Contributor

@rchincha rchincha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@rchincha rchincha merged commit fac1d1d into project-zot:main Jan 18, 2023
@andaaron andaaron self-assigned this Jan 18, 2023
@andaaron andaaron mentioned this pull request Jan 19, 2023
Closed
@andaaron andaaron linked an issue Jan 19, 2023 that may be closed by this pull request
[Bug]: showing extra dot when listing repository #1081
Closed
@andaaron andaaron added this to the v2.0.0 milestone Jan 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shimish2 shimish2 shimish2 left review comments

@rchincha rchincha rchincha approved these changes

@peusebiu peusebiu Awaiting requested review from peusebiu peusebiu is a code owner

Assignees

@andaaron andaaron

Labels
None yet
Projects
None yet
Milestone
v2.0.0
Development

Successfully merging this pull request may close these issues.

[Bug]: showing extra dot when listing repository
3 participants
@andaaron @rchincha @shimish2