Draft
Conversation
|
Skipping CI for Draft Pull Request. |
Contributor
|
Images are ready for the commit at 8494726. To use with deploy scripts, first |
dcaravel
changed the title
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #19236 +/- ##
==========================================
+ Coverage 49.25% 49.27% +0.01%
==========================================
Files 2727 2727
Lines 205788 205824 +36
==========================================
+ Hits 101371 101411 +40
+ Misses 96883 96881 -2
+ Partials 7534 7532 -2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
dcaravel
force-pushed
the
dc/scannerv4-ci-exp
branch
2 times, most recently
from
7d1142c to
cbdc9bb
Compare
dcaravel
force-pushed
the
dc/scannerv4-ci-exp
branch
from
9cfb727 to
f9c5f91
Compare
dcaravel
force-pushed
the
dc/scannerv4-ci-exp
branch
from
91b845d to
3fd6f0a
Compare
Contributor
Author
|
/retest |
2 similar comments
Contributor
Author
|
/retest |
Contributor
Author
|
/retest |
Contributor
Author
|
/test ocp-4-21-qa-e2e-tests |
1 similar comment
Contributor
Author
|
/test ocp-4-21-qa-e2e-tests |
5 tasks
Contributor
Author
|
/test aro-qa-e2e-tests |
Contributor
Author
|
/test osd-aws-qa-e2e-tests |
Contributor
Author
|
/test osd-gcp-qa-e2e-tests |
Contributor
Author
|
/test rosa-qa-e2e-tests |
Contributor
Author
|
/test osd-gcp-qa-e2e-tests |
Contributor
Author
|
/test aks-qa-e2e-tests |
Contributor
Author
|
/test eks-qa-e2e-tests |
Contributor
Author
|
/test osd-aws-qa-e2e-tests |
This was referenced Mar 26, 2026
…able numbers will not be the same if scanner v4 continues to return duplicates with different severities
May fix other test as well, Scanner V4 does not support debian 10 or less images, so updating this test image should allow both V2 and V4 to scan succesfully
After updating the base TEST_IMAGE various policy conditions had to be updatd as well.
The integration test relied on scanner integrations being deleted, however the scanner V4 integration cannot be deleted by design, therefore the test is now skipped when scanner v4 enabled. The fixable CVEs tests relied on the test image having 100 or more fixable vulnerabilities, scanner v4 reports less vulnerabilities for the test image by design, and therefore the regex was modified to expect 1 or more vulnerabilities.
Update expected component and severity counts to align with scanner v4 output
The image under test was debian:9 based and was reporting no vulns from scanner v4 breaking a few of the tests. Choosing a new image was challenging as the runtime was pulling arch specific images, not the image digest which was breaking the test. Instead pivoted the test to lookup the actual digest reported by the runtime for the deployment - which eliminates the 'issue' of trying to find an image that will trigger predictable behavior from the runtime (which was unsuccessful in first attempts)
Can't explain why but the wrong digest was being detected for other images then all of a sudden this digest started being mapped correctly. So this reverts the autodetection of digest and goes back to hardcoding. And with that fixes the failing style check
Add image prefetch due to initializationError observed in ci orchestratormanager.OrchestratorManagerException: The deployment did not start or reach replica ready state - if this job uses image prefetch check that this image is in the jobs prefetch list e.g. qa-tests-backend/scripts/images-to-prefetch.txt - quay.io/rhacs-eng/qa-multi-arch:nginx-3.21-1
Images had to be updated that were too old for scanner v4 results, Artifact Registry tests skipped because didn't have access to update the images and the ones there are too old / EoL so were getting no results.
Was able to get a new image pushed to Google Artifact Registry, as a result was able to update the test to work for both Scanner V2 and V4
Existing images were not producing scan results for Scanner V4 (the were EoL) Could not find a vuln that was common between the two images with different severities, so chose two different vulns that have differnt severities.
Add null guard to found checks so that it actually retries when image not found yet vs. failing with NullPointerException
The prior image produced no violations with Scanner v4 due to being EoL The updated image is still old but not old enough to yield zero results this may be brittle.
This reverts commit 2b438cfd09be0ca53ef8f4af4151dee9576c1796.
…ds and table" This reverts commit cbe83813887ac4315ed5dbbed31bb4868742f187.
dcaravel
force-pushed
the
dc/scannerv4-ci-exp
branch
from
8494726 to
cc7574a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
change me!
User-facing documentation
Testing and quality
Automated testing
How I validated my change
change me!