feat(STONEINTG-1377): rox-task-init#30
feat(STONEINTG-1377): rox-task-init#30jsztuka wants to merge 1 commit intomainjsztuka/devfile-sample-java-springboot-basic:mainfrom rox-task-init-1377jsztuka/devfile-sample-java-springboot-basic:rox-task-init-1377Copy head branch name to clipboard
Conversation
| if [ ! -s /tekton/home/rox-output.json ]; then | ||
| echo "Failed to scan image using Roxctl" | ||
| note="Task $(context.task.name) failed: Failed to scan image using Roxctl image: $IMAGE For details, check Tekton task log." | ||
| ERROR_OUTPUT=$note |
There was a problem hiding this comment.
| ERROR_OUTPUT=$note | |
| ERROR_OUTPUT=$(make_result_json -r "ERROR" -t "$note") |
There was a problem hiding this comment.
I would love to do so, unfortunately roxctl image does not have utils.sh :(
There was a problem hiding this comment.
Can this type of ERROR_OUTPUT without result be handled by EC verify task. I am not sure.
There was a problem hiding this comment.
I think you are correct, the error does not get reflected in the final result log, it is just printed out and being everwritten by next result that uses make_result_json.
Do we have idea about workaround for this?
There was a problem hiding this comment.
Can we keep the simple echo message informing about the fact that scan did not run properly wihtin a step, followed by the error output from the next step that wich catch that output file is empty and provide error message to the result from there?
There was a problem hiding this comment.
Important note, the result output is not evaluated by EC anymore.
There was a problem hiding this comment.
I think you may generate the ERROR_OUTPUT as we did without utils.sh script as a workaround since it doesn't exist in this image.
|
Will remove the default params. |
76b1f9b to
cbef327
Compare
1f4e939 to
41b6e3c
Compare
| - --token-file=/service-account-token/token | ||
| - name: get-image-manifests | ||
| image: quay.io/konflux-ci/konflux-test:v1.4.43@sha256:0bcc59de96bdc6f989d5c06d142d674da5d495c450a760fdd7d6fd333433342e | ||
| # the clair-in-ci image neither has skopeo or jq installed. Hence, we create an extra step to get the image manifest digests |
There was a problem hiding this comment.
We'll probably need to update this comment to mention roxctl instead of clair
|
I tested the task on the prod, obviously with different central link. |
| value: Tekton | ||
| script: | | ||
| #!/usr/bin/env bash | ||
| roxctl image scan --insecure-skip-tls-verify=$INSECURE --output=$OUTPUT --image=$IMAGE | tee /tekton/home/rox-output.json |
There was a problem hiding this comment.
I just realize should we scan the different arches for the image as we do in clair-scan?
There was a problem hiding this comment.
We are not currently scanning multiple arches using roxctl at the moment. This would be covered in upcoming stories most probably.
| app.kubernetes.io/version: "0.1" | ||
| spec: | ||
| description: >- | ||
| Exchanges a kubernetes service account token against a Red Hat Advanced Cluster Security short-lived token. |
There was a problem hiding this comment.
Is this the expected description for the task? Or should be for roxctl scan something...
41b6e3c to
56ce707
Compare
|
New version with addressed feedback is created in konflux-test-tasks repo. |
5404208 to
9455577
Compare
1ff4431 to
0516e28
Compare
Init task for roxctl scan.