ROX-21124: Move non-e2e testing OSCI jobs to GitHub Actions #1347
Conversation
|
Skipping CI for Draft Pull Request. |
BradLugo
force-pushed
the
blugo/ROX-21124-initial
branch
4 times, most recently
from
874f959 to
112788f
Compare
BradLugo
changed the title
BradLugo
force-pushed
the
blugo/ROX-21124-initial
branch
from
14d3b5c to
7aca1c8
Compare
BradLugo
force-pushed
the
blugo/ROX-21124-initial
branch
from
02ddd0c to
7e5f666
Compare
|
Images are ready for the commit at 1c61044. To use the images, use the tag |
scripts/ci/postgres.sh
Outdated
| adduser pg -u 1001 -g 1001 -d /var/lib/postgresql -s /bin/sh | ||
|
|
||
| # The PATH is not completely preserved, so set the PATH here to ensure postgres-related commands can be found. | ||
| runuser -l pg -c "PATH=$PATH $SCRIPTS_ROOT/scripts/ci/postgres.sh _start_postgres" # TODO(DO NOT MERGE): this is a mess |
There was a problem hiding this comment.
I don't love calling _start_postgres like this (I don't really even like the name tbh), but I don't fully understand idiomatic bash so 🤷. I also see some scripts use su <user> ... so I wasn't sure which should be used here. I'm fine to keep this as-is if y'all think it's fine
.github/workflows/build.yaml
Outdated
| uses: ./.github/actions/cache-go-dependencies | ||
|
|
||
| - name: Build Scanner | ||
| run: make scanner-build-nodeps |
There was a problem hiding this comment.
I don't remember this too well, but I remember this was created because of OpenShift CI oddities (no idea what). Do you think we still need to skip the deps step? I guess we've been skipping it for over a year by this point, so I guess it's ok
There was a problem hiding this comment.
Honestly, I think scanner-build-nodeps is a bit of a misnomer. AFAICT, it still grabs the dependencies anyway. That being said, now that I look at the deps target, it might be worth adding that step first (since it has some other dependent targets). The main reason I used scanner-build-nodeps (without deps) was because that's how we do it in stackrox/stackrox
There was a problem hiding this comment.
let's keep it as-is to stay aligned with stackrox/stackrox
.github/workflows/build.yaml
Outdated
| - name: diff-dumps | ||
| run: ./scripts/ci/jobs/diff-dumps.sh | ||
|
|
||
| # TODO(DO NOT MERGE): These store functions don't seem quite right |
There was a problem hiding this comment.
Basically what Gavin brought up here: https://github.com/stackrox/scanner/pull/1347/files#r1433028812
I'm not sure if these store functions are actually needed in GHA
There was a problem hiding this comment.
They should be removed. The artifacts are stored earlier (and available through the GH UI) via upload-artifact.
|
Build / generate-db-dump (pull_request) Successful in 44m I missed this |
.github/workflows/build.yaml
Outdated
| env: | ||
| ARTIFACT_DIR: /artifacts |
There was a problem hiding this comment.
Can you make this a workflow env. i.e. only declare once: https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow
Can you make it /tmp/artifacts. In other environments we run with a RO root and limited user and using /tmp is a good practice.
.github/workflows/build.yaml
Outdated
| - name: Create artifacts dir | ||
| run: mkdir -p "$ARTIFACT_DIR" |
There was a problem hiding this comment.
I took a deeper look at this ARTIFACT_DIR. I think you can remove it from this PR. It is only used in store_test_results and that returns for non openshift environments without doing anything.
The only reason to save those Junit test results would be to display them with something like https://github.com/test-summary/action which could be done in a follow on PR if warranted (I don't think there is enough ongoing dev in stackrox/scanner to warrant it IMHO).
There was a problem hiding this comment.
I changed the implementation of store_test_results in this branch, but yeah, that's actually why I had comment at https://github.com/stackrox/scanner/pull/1347/files#diff-d0777657fa3fd81d23aaf7273e58aee453b04e67882517900c56daeef9b3e4c1R370. Would it make sense to remove all the usage of ARTIFACT_DIR and all the jobs that only call store_test_results?
There was a problem hiding this comment.
Ah I see. I missed that. I'd say remove store_test_results() from any test/job that is moved to GHA. The jobs that remain in OSCI will still benefit from it.
There was a problem hiding this comment.
Can you remove this empty file, it is triggering an action failure.
BradLugo
force-pushed
the
blugo/ROX-21124-initial
branch
from
41231dc to
c0eecec
Compare
|
fysa, |
| github.event_name != 'pull_request' || | ||
| contains(github.event.pull_request.labels.*.name, 'generate-dumps-on-pr') |
There was a problem hiding this comment.
Could also be needs.generate-genesis-dump.result == 'success' maybe? Probably doesn't matter that much
|
Needs to be rebased once #1364 is merged. |
can be done in a followup PR, if not already done here |
@RTann Would this suffice? https://github.com/stackrox/scanner/actions/runs/7292017884 |
yep! |
|
/retest |
|
/override ci/prow/images ci/prow/style-checks ci/prow/unit-tests |
|
@BradLugo: Overrode contexts on behalf of BradLugo: ci/prow/images, ci/prow/style-checks, ci/prow/unit-tests In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
All |
This reverts commit b9dfecf.
BradLugo
force-pushed
the
blugo/ROX-21124-initial
branch
from
1ec96a6 to
2dbcd09
Compare
|
/retest |
|
@BradLugo: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
e2e tests are fixed here: #1368 |
Description
These changes move the OpenShift CI jobs into GitHub Actions and change the updater to use an API token for grabbing NVD data.
Some interesting side-effects from this work: