-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue 168 vulnerability checks #183
Conversation
Tested with -- EDIT Ya I just tested |
Islandora-Devops/isle-dc#219 resolved the cantaloupe issue |
Since you've been looking a pull requests, bump @dannylamb. |
Hi @nigelgbanks & @dannylamb curious what action or review is further required here? Should this go into the March / April 2022 - isle-buildkit 1.0.0 release ? |
Just needs to be tested and merged, by someone other than me. |
Reporting results from testing process: Test Environment
Test process / steps
Attempt 1Ran for about ~8 mins with full CPU lockup the entire time. @nigelgbanks Any way we can reduce that? #44 [stage-4 16/17] RUN ln -s /usr/local/share/.config/yarn/global/node_modules/.bin/code-server /usr/local/bin/code-server && ln -s /usr/local/share/.config/yarn/global/node_modules/.bin/node-gyp /usr/local/bin/node-gyp && ln -s /usr/local/share/.config/yarn/global/node_modules/.bin/grunt /usr/local/bin/grunt && ln -s /usr/local/share/.config/yarn/global/node_modules/.bin/bower /usr/local/bin/bower
#44 DONE 0.3s
#45 [stage-4 17/17] RUN chmod a=r,u+w /etc/sudo.conf
#45 DONE 0.3s
#46 exporting to image
#46 exporting layers
#46 exporting layers 3.1s done
#46 writing image sha256:164bfced1d11cf2b05c914dfac688138cbd19d4acf2bbf7ebc5c60f8456d303a done
#46 naming to docker.io/local/code-server:latest done
#46 DONE 3.1s
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':alpaca:build'.
> Process 'command 'docker'' finished with non-zero exit value 1
* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 8m 20s
28 actionable tasks: 28 executed
Attempt 2
#18 exporting to image
#18 exporting layers
#18 exporting layers 0.4s done
#18 writing image sha256:f92db08a102678c7525c8db5d0222553053d350b955af8673e0f96e87592d7de done
#18 naming to docker.io/local/alpaca:latest done
#18 DONE 0.4s
BUILD SUCCESSFUL in 2m 17s
33 actionable tasks: 7 executed, 26 up-to-date
@nigelgbanks 2nd time is the charm? What additional steps should I take from here? Attempt to use |
@nigelgbanks To be clear this is something you're intending to do this week and then I can get back to testing correct? |
dde3f2f
to
562ca98
Compare
@g7morris I was just sorting out the conflict and doing a quick build to check locally. |
You should be good to test when this finishes: https://github.com/Islandora-Devops/isle-buildkit/runs/5665429249?check_suite_focus=true with the commit |
Ignore previous comment. I'm too quick to test the build / push needs to finish. |
@g7morris Unfortunately this one needs to do a full rebuild which includes compiling imagemagick under emulation for linux/arm64 which is super slow |
@g7morris actually in this case it might be faster to build it locally as you'd only be building for your platform. |
@nigelgbanks What steps would be needed to do this? I can run it over night when I get back home on my laptop (non-Arm) or Apple M1 (ARM ish) Is there a flag for arm? Is this in isle-dc for the full monty or isle-buildkit. Sorry long day I'm probably asking something stupid. |
@g7morris looks like it's finished 😌 so you can just pull That being said, if you do |
Typically we make user of heavy caching which cuts the time down from over an hour to like 10 mins or so, but this pull request changes all the base images so no caching can be used. |
As for tests just the normal bring up the demo and muck about, the grype reports can be downloaded here: https://github.com/Islandora-Devops/isle-buildkit/suites/5774283956/artifacts/192302600 So that bit works, it's more so just to confirm I'm not broke anything, the automated tests wouldn't pick up on. |
Okay I think this passes and using the arm images to test is much faster on a Mac both in the isle-dc Reporting results from testing process: isle-buildkitTest Environment
Test process / steps
Attempt 1Ran for about < 6 mins with not so full CPU lockup the entire time. Close but it did go heavy into swap ~ 8GB. BUILD SUCCESSFUL in 5m 32s
33 actionable tasks: 33 executed isle-dcTest Environment
Steps taken to test
Results@nigelgbanks Process worked great and much faster than x86. No new errors. Site is snappier and drush commands don't lag. Nice Think we can ship this one eh? |
@g7morris awesome I'll merge it then 👍 |
Also updates many packages and software to reduce the number of vulnerabilities though many still exist in the java portions of the stack.
Requires Islandora-Devops/isle-gradle-docker-plugin#12 to be reviewed and merged.