chore(ci): Run Trivy scan `fs` instead of `image` for rocm+pytorch image due to resource constraints

opendatahub-io / notebooks

Notebook images for ODH

Apache License 2.0

17 stars 55 forks source link

chore(ci): Run Trivy scan `fs` instead of `image` for rocm+pytorch image due to resource constraints #637

Closed caponetto closed 1 month ago

caponetto commented 1 month ago

Description

Run Trivy scan fs instead of image for rocm+pytorch image due to resource constraints. At least, the daily report and PR will pass and will show the results for the lock file while we don't reduce the image size.

How Has This Been Tested?

Run the updated workflow for the pytorch image and another one to check both behaviors (image and fs)

Merge criteria:

[x] The commits are squashed in a cohesive manner and have meaningful messages.
[x] Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
[x] The developer has manually tested the changes and verified that the changes work

jiridanek commented 1 month ago

I don't like how complicated is the ci script becoming. So many variables. Let's see first if the grouping of run commands can make trivy image scan run?

Maybe there's still something else to shrink the images they can be tried?

caponetto commented 1 month ago

TBH I don't like to see a red CI every day. So I'd rather have this code in while we progress with the image optimizations.

jiridanek commented 1 month ago

/lgtm i'm not happy, but if we want to have passing trivy, this is the way

jstourac commented 1 month ago

/lgtm

openshift-ci[bot] commented 1 month ago

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/opendatahub-io/notebooks/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

caponetto commented 1 month ago

/override ci/prow/rocm-notebooks-e2e-tests /override ci/prow/images

openshift-ci[bot] commented 1 month ago

@caponetto: Overrode contexts on behalf of caponetto: ci/prow/images, ci/prow/rocm-notebooks-e2e-tests

In response to [this](https://github.com/opendatahub-io/notebooks/pull/637#issuecomment-2260595329): >/override ci/prow/rocm-notebooks-e2e-tests >/override ci/prow/images Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.