From 3527bdd0f41d8c8ed735242ca3bc2b02e53d585d Mon Sep 17 00:00:00 2001 From: jiangpengcheng Date: Wed, 15 May 2024 16:01:21 +0800 Subject: [PATCH] Fix error --- .github/workflows/trivy.yml | 59 ------------------- .../pulsarctl.Dockerfile | 1 - .../pulsar-functions-python-runner/Dockerfile | 3 +- .../pulsarctl.Dockerfile | 2 +- 4 files changed, 2 insertions(+), 63 deletions(-) diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index fc40aa27..7b5f6f90 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -119,62 +119,3 @@ jobs: image-ref: 'pulsar-functions-pulsarctl-go-runner:latest' format: 'table' exit-code: '0' - - # Comment on PR with the scan output since the action won't fail with CVEs - - name: Comment on PR - uses: actions/github-script@v7 - with: - script: | - const fs = require('fs'); - const path = require('path'); - const uniqueIdentifier = '#Runner Images Scan Result:'; - - // Function to get output from a file - function getOutput(stepId) { - const outputFile = path.join(process.env.GITHUB_WORKSPACE, `${stepId}_output.txt`); - if (fs.existsSync(outputFile)) { - return fs.readFileSync(outputFile, 'utf8'); - } - return ''; // Return empty string if file does not exist - } - - // Combine outputs from different steps - const outputs = [ - { label: 'Java Runner', output: '${{ steps.scan-java-runner.outputs.result }}' }, - { label: 'Python Runner', output: '${{ steps.scan-python-runner.outputs.result }}' }, - { label: 'Go Runner', output: '${{ steps.scan-go-runner.outputs.result }}' }, - { label: 'Java Runner with Pulsarctl', output: '${{ steps.scan-java-pulsarctl-runner.outputs.result }}' }, - { label: 'Python Runner with Pulsarctl', output: '${{ steps.scan-python-pulsarctl-runner.outputs.result }}' }, - { label: 'Go Runner with Pulsarctl', output: '${{ steps.scan-go-pulsarctl-runner.outputs.result }}' }, - ].filter(item => item.output !== ''); - - // Format the combined message - let combinedMessage = outputs.map(item => `**${item.label} Vulnerabilities:**\n\`\`\`\n${item.output}\n\`\`\``).join('\n\n'); - combinedMessage = `${uniqueIdentifier}\n\n` + combinedMessage; // Add unique identifier to the message - - const issue_number = context.issue.number; - const { data: comments } = await github.rest.issues.listComments({ - ...context.repo, - issue_number: issue_number, - }); - - // Find existing comment - const existingComment = comments.find(comment => comment.body.includes(uniqueIdentifier)); - - // Update or create comment - if (existingComment) { - await github.rest.issues.updateComment({ - ...context.repo, - comment_id: existingComment.id, - body: combinedMessage - }); - } else { - await github.rest.issues.createComment({ - ...context.repo, - issue_number: issue_number, - body: combinedMessage - }); - } - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - diff --git a/images/pulsar-functions-java-runner/pulsarctl.Dockerfile b/images/pulsar-functions-java-runner/pulsarctl.Dockerfile index a34c6dc6..28969486 100644 --- a/images/pulsar-functions-java-runner/pulsarctl.Dockerfile +++ b/images/pulsar-functions-java-runner/pulsarctl.Dockerfile @@ -32,7 +32,6 @@ RUN echo "VERSION_TAG=${VERSION_TAG}" && \ apk update && apk add --no-cache $JRE_PACKAGE_NAME COPY --from=pulsar --chown=$UID:$GID /pulsar/conf /pulsar/conf -COPY --from=pulsar --chown=$UID:$GID /pulsar/bin /pulsar/bin COPY --from=pulsar --chown=$UID:$GID /pulsar/lib /pulsar/lib COPY --from=pulsar --chown=$UID:$GID /pulsar/instances/java-instance.jar /pulsar/instances/java-instance.jar COPY --from=pulsar --chown=$UID:$GID /pulsar/instances/deps /pulsar/instances/deps diff --git a/images/pulsar-functions-python-runner/Dockerfile b/images/pulsar-functions-python-runner/Dockerfile index a2c5875f..3fc1e161 100644 --- a/images/pulsar-functions-python-runner/Dockerfile +++ b/images/pulsar-functions-python-runner/Dockerfile @@ -30,8 +30,7 @@ RUN python3 get-pip.py WORKDIR /pulsar -RUN if [ -f "/pulsar/bin/install-pulsar-client-37.sh" ]; then /pulsar/bin/install-pulsar-client-37.sh || true ; fi -RUN if [ -f "/pulsar/bin/install-pulsar-client.sh" ]; then /pulsar/bin/install-pulsar-client.sh || pip3 install 'pulsar-client[all]==3.5.0' ; fi +RUN pip3 install 'pulsar-client[all]==3.5.0' # this dir is duplicate with the installed pulsar-client pip package, and maybe not compatible with the `_pulsar`(the .so library package) RUN rm -rf /pulsar/instances/python-instance/pulsar/ \ diff --git a/images/pulsar-functions-python-runner/pulsarctl.Dockerfile b/images/pulsar-functions-python-runner/pulsarctl.Dockerfile index 29dbc58c..5b961233 100644 --- a/images/pulsar-functions-python-runner/pulsarctl.Dockerfile +++ b/images/pulsar-functions-python-runner/pulsarctl.Dockerfile @@ -3,7 +3,6 @@ ARG PULSAR_IMAGE_TAG FROM ${PULSAR_IMAGE}:${PULSAR_IMAGE_TAG} as pulsar FROM pulsar-functions-pulsarctl-runner-base:latest -COPY --from=pulsar --chown=$UID:$GID /pulsar/bin /pulsar/bin COPY --from=pulsar --chown=$UID:$GID /pulsar/instances/python-instance /pulsar/instances/python-instance # Pulsar 2.11.0 removes /pulsar/pulsar-client from docker image # But it required with Pulsar 2.10.X and below @@ -26,6 +25,7 @@ RUN apk update \ RUN if [ -f "/pulsar/bin/install-pulsar-client-37.sh" ]; then /pulsar/bin/install-pulsar-client-37.sh || pip3 install 'pulsar-client[all]==3.5.0' ; fi RUN if [ -f "/pulsar/bin/install-pulsar-client.sh" ]; then /pulsar/bin/install-pulsar-client.sh || pip3 install 'pulsar-client[all]==3.5.0' ; fi +RUN pip3 install 'pulsar-client[all]==3.5.0' # this dir is duplicate with the installed pulsar-client pip package, and maybe not compatible with the `_pulsar`(the .so library package) RUN rm -rf /pulsar/instances/python-instance/pulsar/ \