-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create a periodic prow job to implement KEP-3203 #39
Comments
/sig security |
/sig testing |
/assign |
With the new flow, we may need to create a prow job that pushes to gcs-bucket instead of Github repo. We can use the same prow job to also call the build-hook for I will work on requesting a gcs-bucket in parallel in the meantime /retitle Create a periodic prow job to implement KEP-3203 |
Bucket request has been made here kubernetes/k8s.io#3494 |
@PushkarJ @sftim I have finished the python script to create the json blob using github apis.. Should I create one draft PR in this repo with the python script ? Also I think I will start working on creating the prow job to write to gcs bucket. @PushkarJ I see you have posted references of how to write to gcs bucket using prow in this issue #33. I can work with @rajaskakodkar to complete this.. Also when we will get the gcs bucket access any idea.? |
Also the location of prow job can be the same as synk scan .? We can create new yaml in the same location or update existing yaml also https://github.com/kubernetes/test-infra/blob/master/config/jobs/kubernetes/sig-k8s-infra/trusted/sig-security-trusted.yaml |
@nehaLohia27 yes draft PR is always welcome! Looks like two things need to be implemented next in prow job:
For GCS bucket, we may need to wait for it to get provisioned for a few days, but maybe its worth doing PoC for step 2 and testing the external build for now ? @sftim for option 2, is this a good example for how to do it: https://github.com/kubernetes/website/blob/main/.github/workflows/netlify-periodic-build.yml ? If yes, what's the best way to get the TOKEN variable in the file? |
Sure . Will work on doing the POC for external build for step2. Also @PushkarJ I think we cannot create the draft PR in this repo because we are not going to consume the script from this repo..May be I will work on prow job yaml and create the draft PR in test-infra. Should we create one separate prow job yaml under this location or something else ? For now posting the script below for any comments. Let me know any feedback on this.
Also the link to official_cve_feed.json from my github gists is updated. This is just a temporary URL. @sftim Can you also take a look at the script above? |
Yes that makes perfect sense to do as next step! |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
Infra k/test-infra PR(s): Fixed by above PRs |
@PushkarJ: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Related to kubernetes/enhancements#3203
Create a periodic prow job to query GitHub API for new CVEs announced (every 5 minutes).
If new CVE announced, push the new content to
k/sig-security/sig-security-tooling/feeds/official-cve-feed.json
This prow job will call the shell/golang/python script to query the github apis and populate the json with the below data.
The sample json format will be as :-
The text was updated successfully, but these errors were encountered: