Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GoSec fixes and improvements #59

Merged
merged 4 commits into from
Apr 20, 2023
Merged

GoSec fixes and improvements #59

merged 4 commits into from
Apr 20, 2023

Conversation

JustinKuli
Copy link
Member

Fixes some issues identified by GoSec, and incorporates the scan into CI here so it will fail when other issues are found.

@JustinKuli
Fix gosec:G104
86d22ef 
Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>
@openshift-ci openshift-ci bot requested review from gparvin and mprahl April 20, 2023 17:34
@JustinKuli JustinKuli mentioned this pull request Apr 20, 2023
Merged
@JustinKuli
Copy link
Member Author

/cc @dhaiducek

I don't know if something like this gosec change would be better in a common makefile?

@openshift-ci openshift-ci bot requested a review from dhaiducek April 20, 2023 17:36
dhaiducek
dhaiducek requested changes Apr 20, 2023
View reviewed changes
Copy link
Member

@dhaiducek dhaiducek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good--thanks for the update! We should have done this a while ago. I have some comments for consideration.

Makefile Outdated Show resolved Hide resolved
.github/workflows/kind.yml Outdated Show resolved Hide resolved
@JustinKuli
Check gosec results in CI
588bb1b 
The KinD tests action will now run the gosec-scan, and that target will
fail if any vulnerabilities are found. The target was also configured to
ignore the test code.

Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>
@JustinKuli
Add more information to the e2e-debug
a51eea7 
Information about the gatekeeper pods might help if those tests fail.

Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>
@JustinKuli
Copy link
Member Author

/hold

I found the other test issue

@dhaiducek
Copy link
Member

dhaiducek commented Apr 20, 2023
edited
Loading

I don't know if something like this gosec change would be better in a common makefile?

I was going to do it, but if you have a moment, it can go here: https://github.com/stolostron/governance-policy-framework/blob/02d52d5811bfa706ec84fcd9a2f153a46ae9aa5b/build/common/Makefile.common.mk#L108

@JustinKuli
Fix test assertion for duplicate events
6bde7dd 
The test is meant to ensure that the gatekeeper-sync is not emitting the
same event multiple times in a row. But the assertion was failing
sometimes because of duplicate events from template-errors. Those will
sometimes occur during normal (correct) operation of the template-sync.

Signed-off-by: Justin Kulikauskas <jkulikau@redhat.com>
@JustinKuli
Copy link
Member Author

/unhold 🤞

@openshift-ci openshift-ci bot added the lgtm label Apr 20, 2023
@openshift-ci
Copy link

openshift-ci bot commented Apr 20, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dhaiducek, JustinKuli

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [JustinKuli,dhaiducek]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot merged commit 906dcff into open-cluster-management-io:main Apr 20, 2023
@JustinKuli JustinKuli deleted the gosec-plus branch April 21, 2023 01:50
@magic-mirror-bot magic-mirror-bot bot mentioned this pull request Apr 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhaiducek dhaiducek dhaiducek approved these changes

@gparvin gparvin Awaiting requested review from gparvin

@mprahl mprahl Awaiting requested review from mprahl

Assignees

@dhaiducek dhaiducek

Labels
approved dco-signoff: yes lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JustinKuli @dhaiducek