aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters

Apache License 2.0

4.71k stars 581 forks source link

Fix Dockerfile build #303

Closed iyehuda closed 4 years ago

iyehuda commented 4 years ago

Description

The Docker build used a 2-step installation of requirements and application. This was broke by #272.

Contribution Guidelines

Please Read through the Contribution Guidelines.

Fixed Issues

Fixes #300

"BEFORE" and "AFTER" output

To verify that the change works as desired, please include an output of terminal before and after the changes under headings "BEFORE" and "AFTER".

BEFORE

docker build . failed

AFTER

docker build . works

Contribution checklist

[x] I have read the Contributing Guidelines.
[x] The commits refer to an active issue in the repository.
[ ] I have added automated testing to cover this case.

Notes

Changed build file. No code to test.

codecov-io commented 4 years ago

Codecov Report

Merging #303 into master will increase coverage by 0.10%. The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #303      +/-   ##
==========================================
+ Coverage   60.20%   60.30%   +0.10%     
==========================================
  Files          41       41              
  Lines        1945     1945              
==========================================
+ Hits         1171     1173       +2     
+ Misses        774      772       -2

Impacted Files	Coverage Δ
kube_hunter/core/events/handler.py	`89.89% <0.00%> (-1.02%)`	:arrow_down:
kube_hunter/modules/discovery/ports.py	`88.46% <0.00%> (+11.53%)`	:arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update ac5dd40...eac3624. Read the comment docs.

iyehuda commented 4 years ago

instead of the setuptools custom command, why not just run pip install ., which will automatically discover packages in setup.cfg?

why are we using --editable with pip install?

In order to use docker build cache properly, we need to separate dependencies installation apart from kube-hunter installation. Using pip install . installs both so it can't be split into two steps.
--editable is meant mostly for developing/debugging purposes. The install make target shouldn't use it.