From 5785a7cb52611c8699756604b379606041ac102d Mon Sep 17 00:00:00 2001 From: Ryan Kuba Date: Mon, 9 Jun 2025 20:30:10 +0000 Subject: [PATCH 1/3] pin to specific syft version (#342) --- Jenkinsfile | 2 +- ansible/roles/repository/templates/Jenkinsfile.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index a1dc14d1..0a2f6431 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -734,7 +734,7 @@ pipeline { docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v ${TEMPDIR}:/tmp \ - ghcr.io/anchore/syft:latest \ + ghcr.io/anchore/syft:v1.26.1 \ ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 ) echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github" diff --git a/ansible/roles/repository/templates/Jenkinsfile.j2 b/ansible/roles/repository/templates/Jenkinsfile.j2 index 535894b8..b416f209 100644 --- a/ansible/roles/repository/templates/Jenkinsfile.j2 +++ b/ansible/roles/repository/templates/Jenkinsfile.j2 @@ -1082,7 +1082,7 @@ pipeline { docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v ${TEMPDIR}:/tmp \ - ghcr.io/anchore/syft:latest \ + ghcr.io/anchore/syft:v1.26.1 \ ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 ) echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github" From c4368bb9125d9a2c62b86170747ca1169594446c Mon Sep 17 00:00:00 2001 From: thespad Date: Mon, 9 Jun 2025 21:33:42 +0100 Subject: [PATCH 2/3] Fix output folder permissions for syft 1.27+ --- ansible/roles/repository/templates/Jenkinsfile.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/roles/repository/templates/Jenkinsfile.j2 b/ansible/roles/repository/templates/Jenkinsfile.j2 index b416f209..92254772 100644 --- a/ansible/roles/repository/templates/Jenkinsfile.j2 +++ b/ansible/roles/repository/templates/Jenkinsfile.j2 @@ -1073,6 +1073,7 @@ pipeline { sh '''#! /bin/bash set -e TEMPDIR=$(mktemp -d) + chown 65532:65532 "${TEMPDIR}" if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" != "true" ]; then LOCAL_CONTAINER=${IMAGE}:amd64-${META_TAG} else @@ -1082,7 +1083,7 @@ pipeline { docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v ${TEMPDIR}:/tmp \ - ghcr.io/anchore/syft:v1.26.1 \ + ghcr.io/anchore/syft:latest \ ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 ) echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github" From 96ba80204147e18946f7b160b255c556b6b63e91 Mon Sep 17 00:00:00 2001 From: thespad Date: Mon, 9 Jun 2025 21:41:30 +0100 Subject: [PATCH 3/3] Run dev builder --- Jenkinsfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 0a2f6431..eb9e0531 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -725,6 +725,7 @@ pipeline { sh '''#! /bin/bash set -e TEMPDIR=$(mktemp -d) + chown 65532:65532 "${TEMPDIR}" if [ "${MULTIARCH}" == "true" ] && [ "${PACKAGE_CHECK}" != "true" ]; then LOCAL_CONTAINER=${IMAGE}:amd64-${META_TAG} else @@ -734,7 +735,7 @@ pipeline { docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v ${TEMPDIR}:/tmp \ - ghcr.io/anchore/syft:v1.26.1 \ + ghcr.io/anchore/syft:latest \ ${LOCAL_CONTAINER} -o table=/tmp/package_versions.txt NEW_PACKAGE_TAG=$(md5sum ${TEMPDIR}/package_versions.txt | cut -c1-8 ) echo "Package tag sha from current packages in buit container is ${NEW_PACKAGE_TAG} comparing to old ${PACKAGE_TAG} from github"