Skip to content

Commit

Permalink
Merge pull request openshift#164 from gabemontero/snyk-examples
Browse files Browse the repository at this point in the history 
OCPBUGS-27860,OCPBUGS-28261: address SAST/SNYK findings
  • Loading branch information
@openshift-merge-bot
openshift-merge-bot[bot] authored Jan 29, 2024
2 parents 83c961e + 11a7ad4 commit 4208399
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 1 deletion.
6 changes: 5 additions & 1 deletion .snyk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,8 @@
# https://docs.snyk.io/snyk-cli/commands/ignore
exclude:
global:
- vendor/**
# all yamls, including the pod ones, in our examples directory are simply samples for users trying shared resources out; these artifacts are not created by any of the images
- examples/**
# this pod.yaml in apimachinery is just another sample that is never created by our images; you'll see it creates the pod "some-name" in the default namespace
- vendor/k8s.io/apimachinery/pkg/util/managedfields/pod.yaml
- unpacked_remote_sources/cachito-gomod-with-deps/app/vendor/k8s.io/apimachinery/pkg/util/managedfields/pod.yaml
5 changes: 5 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS builder
WORKDIR /go/src/github.com/openshift/csi-driver-shared-resource
# to make SAST/SNYK happy
RUN rm -rf examples
RUN rm -f vendor/k8s.io/apimachinery/pkg/util/managedfields/pod.yaml
COPY . .
RUN rm -rf /go/src/github.com/openshift/csi-driver-shared-resource/examples
RUN rm -f /go/src/github.com/openshift/csi-driver-shared-resource/vendor/k8s.io/apimachinery/pkg/util/managedfields/pod.yaml
RUN make build

FROM registry.ci.openshift.org/ocp/4.16:base-rhel9
Expand Down
3 changes: 3 additions & 0 deletions Dockerfile.mustgather
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
FROM registry.ci.openshift.org/ocp/4.16:must-gather
# to make SAST/SNYK happy
RUN rm -rf examples
RUN rm -f vendor/k8s.io/apimachinery/pkg/util/managedfields/pod.yaml
COPY must-gather/* /usr/bin/
RUN chmod +x /usr/bin/gather

Expand Down
5 changes: 5 additions & 0 deletions Dockerfile.webhook
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.21-openshift-4.16 AS builder
WORKDIR /go/src/github.com/openshift/csi-driver-shared-resource
# to make SAST/SNYK happy
RUN rm -rf examples
RUN rm -f vendor/k8s.io/apimachinery/pkg/util/managedfields/pod.yaml
COPY . .
RUN rm -rf /go/src/github.com/openshift/csi-driver-shared-resource/examples
RUN rm -f /go/src/github.com/openshift/csi-driver-shared-resource/vendor/k8s.io/apimachinery/pkg/util/managedfields/pod.yaml
RUN make build-webhook

FROM registry.ci.openshift.org/ocp/4.16:base-rhel9
Expand Down

0 comments on commit 4208399

Please sign in to comment.