Install `nvm` on jenkins builders

adoptium / infrastructure

This repo contains all information about machine maintenance.

Apache License 2.0

85 stars 101 forks source link

Install `nvm` on jenkins builders #779

Open grzesuav opened 5 years ago

grzesuav commented 5 years ago

In order to enable snyk analysis, I would need nvm installed, to use it for install npm and snyk

karianna commented 5 years ago

We should identify the scope of which Docker containers we want to scan and where and when. My understanding is that we currently:

via openjdk-build scripts, we run the build in a docker container to test that our "build in a docker container" functionality works for users outside of Adopt (as in Adopt we currently build on 'bare metal' (or close enough to it). This functionality isn't well tested/maintained and we don't release these via our API or website.
via openjdk-docker we create docker builds using various linux distros as baselines and provide slim versions, full versions etc. The results of these docker builds are pushed to DockerHub
via openjdk-tests (and friends) we do a host of testing using underlying docker containers to host the env / tests

So my question which of these do we want to scan and when/why.

grzesuav commented 5 years ago

I would suggest that most beneficial would be hook it into 2. as :

those scripts are relatively simple
they are used to produce AdoptOpenJDK docker images

karianna commented 5 years ago

OK, given snyk is enabled for that repo - does that integration not check the resulting image? Or does the GitHub integration not scan containers?

grzesuav commented 5 years ago

github integration does not scan Dockerfiles/images

grzesuav commented 5 years ago

https://snyk.io/docs/github/#integration-features

sxa commented 4 years ago

Do we need this on all the machines or is there a limited number of systems we're planning to run this on?

grzesuav commented 4 years ago

not sure, probably best to start witch machines used to build linux images. @karianna any thoughs ?

karianna commented 4 years ago

I'd say linux for any docker related builds.

sxa commented 4 years ago

OK I've put it on for the jenkins user on build-scaleway-ubuntu1604-x64-2 which is where the x86 docker builds are generally done. If you source $HOME/.nvm/nvm.sh that should activate it in whatever scripts you need it. I would suggest that you check for the presence of that at the start and warn/abort/do nothing as appropriate based on your requirements.

karianna commented 4 years ago

@grzesuav - Are you able to test this out now?

grzesuav commented 4 years ago

hi, just finishing https://github.com/AdoptOpenJDK/openjdk-docker/pull/263 and I will switch to this, hopefully this weekend

grzesuav commented 4 years ago

@sxa555 how can I test if code on mt branch will execute properly ? Is there any way I can run my branch (PR above) to check how it behaves ?

grzesuav commented 4 years ago

I would imagine I need to perform https://support.snyk.io/hc/en-us/articles/360003812458-Getting-started-with-the-CLI with nvm which is :

installing snyk package
setting some secrets (pass auth token and use it - https://support.snyk.io/hc/en-us/articles/360004499218-Authenticate-the-CLI-with-your-account)
execute snyk scan command after image is build
execute snyk monitor on image push to repository

sxa commented 1 year ago

Is this is still in progress and blocked?

grzesuav commented 1 year ago

@sxa the question is do we want to continue with snyk analysis for docker images