test: pipeline to check vulnerabilities for KFP images #5066
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Bobgy The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
1 similar comment
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Bobgy The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| # Mirror Image | ||
|
|
||
|
|
||
| def mirror_image( |
There was a problem hiding this comment.
Maybe this component is easier to define in YAML form, since it just calls a command-line program.
| source_registry: str, | ||
| destination_registry: str, | ||
| tag: str = '', | ||
| ): |
There was a problem hiding this comment.
The component should probably output the destination_image, so that it can be chained.
|
|
||
| kritis_check = kfp.components.load_component_from_text( | ||
| ''' | ||
| name: Kritis Check |
There was a problem hiding this comment.
In the future we can put this component YAML in /components/. Maybe in /components/container-operations/Scan_for_vulnerabilities/using_Kritis/
| registry_url: str = 'gcr.io/gongyuan-pipeline-test/dev' | ||
| ): | ||
| kfp_images_task = kfp_images(registry_url=registry_url, version=version) | ||
| with kfp.dsl.ParallelFor(kfp_images_task.output) as image: |
There was a problem hiding this comment.
Have you tried:
images = json.dumps([...])
with kfp.dsl.ParallelFor(images) as image:
| - -ec | ||
| - | | ||
| program_path=$(mktemp) | ||
| echo -n "$0" > "$program_path" |
There was a problem hiding this comment.
Can you please use the latest SDK version for the compilation? The latest one uses printf "%s" "$0" instead of echo -n "$0"
|
Great idea, Yuan. I like that you're using KFP to test KFP. /lgtm You can unhold when you want |
7542f0e to
44d22a6
Compare
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
/lifecycle frozen |
|
@Bobgy: The In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@Bobgy You can unhold this PR at any time. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
/close This work is in progress within Security WG. |
|
@rimolive: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Description of your changes:
Part of #3857
Checklist:
Do you want this pull request (PR) cherry-picked into the current release branch?
Learn more about cherry-picking updates into the release branch.