diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 86ef6dba..90397f2c 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -56,8 +56,10 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - - name: Clean workspace if git module is found - run: rm -rf ${GITHUB_WORKSPACE}/* + # - name: Clean workspace if git module is found + # run: | + # sudo chown -R $USER:$USER $GITHUB_WORKSPACE + # rm -rf ${GITHUB_WORKSPACE}/* # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout ${{ matrix.coverage_type }} Branch @@ -118,7 +120,7 @@ jobs: if: always() run: | rm /tmp/tmp-* || true - rm -rf ${{ env.ARTIFACT_DIR }}|| true + rm -rf /tmp/tmp-* ${{ env.ARTIFACT_DIR }} ${GITHUB_WORKSPACE}/* || true docker ps -aqf "name=${{ matrix.container_name }}" | xargs docker stop docker rmi $(docker images | grep '' | awk '{print $3}') || true diff --git a/.github/workflows/sdl_req.yml b/.github/workflows/sdl_req.yml index bbb14342..86661c31 100644 --- a/.github/workflows/sdl_req.yml +++ b/.github/workflows/sdl_req.yml @@ -75,9 +75,12 @@ jobs: Bandit: name: Run Bandit - runs-on: gasp + runs-on: + group: intellabs-generic-runners + labels: vdms-check-in + # runs-on: gasp (unstable) container: - image: cache-registry.caas.intel.com/cache/library/python:3.8-slim + image: python:3.8-slim steps: - name: Checkout Branch uses: actions/checkout@v3 @@ -131,11 +134,14 @@ jobs: docker rmi $(docker images | grep '' | awk '{print $3}') || true BDBA: - runs-on: gasp + runs-on: + group: intellabs-generic-runners + labels: vdms-check-in + # runs-on: gasp (unstable) name: BDBA needs: BuildLatest container: - image: cache-registry.caas.intel.com/cache/library/python:3.8-slim + image: python:3.8-slim steps: - name: Download Docker Image uses: actions/download-artifact@v3 @@ -202,6 +208,8 @@ jobs: docker run --rm -i --env SNYK_TOKEN=${{ env.SNYK_TOKEN}} \ --env SNYK_API=${{ env.SNYK_API}} --env SNYK_DISABLE_ANALYTICS=1 \ --env COMMAND="pip install -r /app/requirements.txt --proxy $HTTP_PROXY" \ + --env NO_PROXY=${{ secrets.NO_PROXY }} --env HTTP_PROXY="" --env HTTPS_PROXY="" \ + --env no_proxy=${{ secrets.NO_PROXY }} --env http_proxy="" --env https_proxy="" \ -v /var/run/docker.sock:/var/run/docker.sock \ -v ${PWD}:/app/ \ snyk/snyk:python-3.8 snyk test -d --file=/app/requirements.txt --package-manager=pip --exclude-base-image-vulns \ @@ -237,10 +245,10 @@ jobs: group: intellabs-generic-runners labels: vdms-check-in steps: - - name: Checkout Branch - uses: actions/checkout@v3 - with: - submodules: true + # - name: Checkout Branch + # uses: actions/checkout@v3 + # with: + # submodules: true # ref: ${{ env.CHECKOUT_REF }} - name: Download Docker Image uses: actions/download-artifact@v3 @@ -293,7 +301,7 @@ jobs: # cf. https://github.com/actions/upload-artifact/issues/256 if: always() run: | - rm /tmp/tmp-* ${{ env.DOCKER_ARTIFACT_DIR }} ${{ env.ARTIFACT_DIR }} ${GITHUB_WORKSPACE}/* || true + rm /tmp/tmp-* ${{ env.DOCKER_ARTIFACT_DIR }} ${{ env.ARTIFACT_DIR }} ${GITHUB_WORKSPACE}/docker-bench-security || true docker stop vdms_test-CIS && docker rm vdms_test-CIS docker rmi $(docker images | grep '' | awk '{print $3}') || true