Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: add tag resolution for jobs missing it #1570

Merged
merged 3 commits into from
Jul 17, 2024
Merged

fix: add tag resolution for jobs missing it #1570

merged 3 commits into from
Jul 17, 2024

Conversation

dcaravel
Copy link
Contributor

@dcaravel dcaravel commented Jul 17, 2024
edited
Loading

The upload-dumps-for-downstream job did not upload bundles with the appropriate tag - breaking downstream builds.

@dcaravel dcaravel added the generate-dumps-on-pr Generates the image based on dumps from the PR label Jul 17, 2024
@dcaravel dcaravel requested review from jvdm, BradLugo, daynewlee, RTann and a team July 17, 2024 16:30
@dcaravel dcaravel changed the title fix: add tag resolution to jobs missing it fix: add tag resolution for jobs missing it Jul 17, 2024
RTann
RTann approved these changes Jul 17, 2024
View reviewed changes
Copy link
Collaborator

@RTann RTann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would we now need to cut a new release?

@dcaravel
Copy link
Contributor Author

Would we now need to cut a new release?

That's one option, OR, rename the files previously uploaded to use the proper tag (the latter being my preference)

@RTann
Copy link
Collaborator

RTann commented Jul 17, 2024

Would we now need to cut a new release?

That's one option, OR, rename the files previously uploaded to use the proper tag (the latter being my preference)

As long as you are sure the previous files have the right data, then that's fine with me

@dcaravel
Copy link
Contributor Author

As long as you are sure the previous files have the right data, then that's fine with me

Would be the same dump of data using in the tagged build: https://github.com/stackrox/scanner/actions/runs/9845637787

Taking a step back - makes me question the genesis-dump usage in .github/workflows/ci.yaml.

When we create a new scanner tag, we would have already created and added a genesis-dump reference to genesis_manifests.json - However, the CI workflow will create a new genesis-dump, and not re-use the dump referenced in genesis_manifests.json.

If that is accurate, that means the vulnerabilities embedded within an tagged image will be 'newer' then those referenced in genesis_manifests - which may be OK - the impact may just be the diff-dumps will include vulns that have already been updated.

BradLugo
BradLugo reviewed Jul 17, 2024
View reviewed changes
.github/workflows/ci.yaml Outdated Show resolved Hide resolved
@dcaravel dcaravel requested a review from BradLugo July 17, 2024 19:10
@dcaravel dcaravel merged commit a174835 into master Jul 17, 2024
30 checks passed
@dcaravel dcaravel deleted the dc/fix-tags-resolve-again branch July 17, 2024 21:30
RTann pushed a commit that referenced this pull request Aug 9, 2024
@dcaravel @RTann
fix: add tag resolution for jobs missing it (#1570)
557d31a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RTann RTann RTann approved these changes

@jvdm jvdm Awaiting requested review from jvdm

@daynewlee daynewlee Awaiting requested review from daynewlee

@BradLugo BradLugo Awaiting requested review from BradLugo

Assignees
No one assigned
Labels
generate-dumps-on-pr Generates the image based on dumps from the PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dcaravel @RTann @BradLugo