Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optionally skip SBOM generation #1507

Merged
merged 1 commit into from
Jan 7, 2025
Merged

Optionally skip SBOM generation #1507

merged 1 commit into from
Jan 7, 2025

Conversation

arewm
Copy link
Member

@arewm arewm commented Oct 14, 2024
edited
Loading

Since we can require SBOMs to be present with EC policies, we can enable
users to optionally speed up their builds by not analyzing repositories
to generate build-time SBOMs.

While we may have a partial SBOM from the prefetched data, we should
just not upload an SBOM at all in order to simplify decisions (i.e.
removing the need to decide if the SBOM is full or partial).

@arewm arewm force-pushed the skip-sbom branch 2 times, most recently from 8913530 to b37c8c5 Compare December 19, 2024 20:15
@arewm arewm changed the title explore skipping SBOM generation Optionally skip SBOM generation Dec 19, 2024
@arewm arewm marked this pull request as ready for review December 19, 2024 20:36
@arewm arewm requested a review from a team as a code owner December 19, 2024 20:36
mmorhun
mmorhun previously approved these changes Dec 20, 2024
View reviewed changes
Copy link
Collaborator

@mmorhun mmorhun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@arewm
Copy link
Member Author

arewm commented Dec 20, 2024

I just need to wait for the Tekton change so that we can increase the size of buildah-remote. :)

@arewm
Copy link
Member Author

arewm commented Dec 20, 2024

This cannot be merged until the version of Tekton is updated. I think that is planned on Monday with redhat-appstudio/infra-deployments#5201

@tnevrlka
Copy link
Contributor

tnevrlka commented Jan 6, 2025

Hello @arewm. FYI version 0.3 of buildah tasks has been released. Would you mind rebasing and applying the changes to the newest version, please? Thank you!

@arewm
Copy link
Member Author

arewm commented Jan 6, 2025

Thanks for letting me know. I just pushed the changes.

@arewm
Optionally skip SBOM generation
1abe338 
Since we can require SBOMs to be present with EC policies, we can enable
users to optionally speed up their builds by not analyzing repositories
to generate build-time SBOMs.

While we may have a partial SBOM from the prefetched data, we should
just not upload an SBOM at all in order to simplify decisions (i.e.
removing the need to decide if the SBOM is full or partial).

Signed-off-by: arewm <[email protected]>
@arewm arewm enabled auto-merge January 6, 2025 20:18
@tnevrlka
Copy link
Contributor

tnevrlka commented Jan 7, 2025

Looks good to me.

Do we have a procedure for deprecating older versions of the buildah task though? I'm fine with updating 0.2 too, just wondering.

@arewm arewm added this pull request to the merge queue Jan 7, 2025
Merged via the queue into konflux-ci:main with commit 0ef7187 Jan 7, 2025
15 checks passed
@arewm arewm deleted the skip-sbom branch January 7, 2025 17:35
@arewm
Copy link
Member Author

arewm commented Jan 7, 2025

The 0.2 task can be deprecated whenever we determine that it is best to do it. Since it is not currently deprecated, I think it makes most sense to apply this change to both.

@rh-tap-build-team rh-tap-build-team bot mentioned this pull request Jan 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tnevrlka tnevrlka tnevrlka approved these changes

@mmorhun mmorhun mmorhun left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@arewm @tnevrlka @mmorhun @openshift-merge-robot