Skip to content

Fix trivy scan flow #2310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 25, 2025
Merged

Fix trivy scan flow #2310

merged 1 commit into from
Apr 25, 2025

Conversation

Prajyot-Parab
Copy link
Contributor

@Prajyot-Parab Prajyot-Parab commented Apr 15, 2025
edited
Loading

What this PR does / why we need it:

  • Fix trivy scan flow

avoid build error -

Error: /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/fanal/image/daemon/docker.go:66:58: cannot use c.ImageSave (value of type func(ctx context.Context, imageIDs []string, saveOpts ..."github.com/docker/docker/client".ImageSaveOption) (io.ReadCloser, error)) as imageSave value in argument to imageOpener

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #2328

Special notes for your reviewer:

/area provider/ibmcloud

  1. Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

Release note:

Fix trivy scan flow

@k8s-ci-robot k8s-ci-robot added area/provider/ibmcloud Issues or PRs related to ibmcloud provider cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Apr 15, 2025
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Apr 15, 2025
@netlify Netlify
Copy link

netlify bot commented Apr 15, 2025
edited
Loading

Deploy Preview for kubernetes-sigs-cluster-api-ibmcloud ready!

Name Link
🔨 Latest commit 6677f3a
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-cluster-api-ibmcloud/deploys/680b59803e4a540008811b97
😎 Deploy Preview https://deploy-preview-2310.cluster-api-ibmcloud.sigs.k8s.io
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@Prajyot-Parab
Copy link
Contributor Author

/cc @Amulyam24

@k8s-ci-robot k8s-ci-robot requested a review from Amulyam24 April 15, 2025 06:09
@Prajyot-Parab Prajyot-Parab changed the title Fix trviy scan flow Fix trivy scan flow Apr 15, 2025
Amulyam24
Amulyam24 reviewed Apr 15, 2025
View reviewed changes
Copy link
Contributor

@Amulyam24 Amulyam24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Prajyot-Parab, any reason for adding a new script for installing trivy?

currently we are updating the version and installing via make.

@Prajyot-Parab
Copy link
Contributor Author

@Prajyot-Parab, any reason for adding a new script for installing trivy?

currently we are updating the version and installing via make.

The present approach to build binary fails with following error -

Error: /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/fanal/image/daemon/docker.go:66:58: cannot use c.ImageSave (value of type func(ctx context.Context, imageIDs []string, saveOpts ..."github.com/docker/docker/client".ImageSaveOption) (io.ReadCloser, error)) as imageSave value in argument to imageOpener

This is because the docker package getting installed is not compatible with the one trivy needs, (as some other package needs latest docker), so now I am switching to directly download the binary rather than building it, this is inline with CAPI approach.

@Amulyam24
Copy link
Contributor

Can we remove the duplicate code which will not be used?
https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/hack/tools/Makefile#L129-L131

@mkumatag
Copy link
Member

The challenge with this approach is that you will not be able to run this on ppc64le environment.

@Prajyot-Parab
Copy link
Contributor Author

The challenge with this approach is that you will not be able to run this on ppc64le environment.

agreed. However this seems like the only way right now to get trivy scans to work for now (once the build issue is fixed in future release of trivy we can revert back to that approach)

@Prajyot-Parab
Copy link
Contributor Author

Can we remove the duplicate code which will not be used? https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/hack/tools/Makefile#L129-L131

As per my prior comment, we will switch back to that approach once we have present build issue fixed in future trivy release, hence I was of opinion to keep the code for now.

Amulyam24
Amulyam24 approved these changes Apr 21, 2025
View reviewed changes
Copy link
Contributor

@Amulyam24 Amulyam24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 21, 2025
@Amulyam24
Copy link
Contributor

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 21, 2025
@Amulyam24
Copy link
Contributor

/retest

@Prajyot-Parab
Fix trviy scan flow
6677f3a 
Signed-off-by: Prajyot-Parab <[email protected]>
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Apr 25, 2025
@Prajyot-Parab Prajyot-Parab requested a review from Amulyam24 April 25, 2025 09:49
@Prajyot-Parab
Copy link
Contributor Author

Can we remove the duplicate code which will not be used? https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/hack/tools/Makefile#L129-L131

Yes removed, trivy is available for ppc64le as well so this approach should hold good in future too.

@Prajyot-Parab
Copy link
Contributor Author

/unhold

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 25, 2025
Amulyam24
Amulyam24 approved these changes Apr 25, 2025
View reviewed changes
Copy link
Contributor

@Amulyam24 Amulyam24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 25, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Amulyam24, Prajyot-Parab

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 38fffdc into kubernetes-sigs:main Apr 25, 2025
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Amulyam24 Amulyam24 Amulyam24 approved these changes

@Karthik-K-N Karthik-K-N Awaiting requested review from Karthik-K-N

@mkumatag mkumatag Awaiting requested review from mkumatag

Assignees

@Amulyam24 Amulyam24

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/provider/ibmcloud Issues or PRs related to ibmcloud provider cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Trivy build failure
4 participants
@Prajyot-Parab @Amulyam24 @mkumatag @k8s-ci-robot