From: Sai.Sathujoda@toshiba-tsip.com
To: cip-dev@lists.cip-project.org, jan.kiszka@siemens.com
Cc: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>,
dinesh.kumar@toshiba-tsip.com, kazuhiro3.hayashi@toshiba.co.jp
Subject: [isar-cip-core v2 3/3] .gitlab-ci.yml: Run cve-checks job only when it is manually triggered in the pipeline
Date: Thu, 18 Jan 2024 23:29:42 +0530 [thread overview]
Message-ID: <20240118175942.1052089-4-Sai.Sathujoda@toshiba-tsip.com> (raw)
In-Reply-To: <20240118175942.1052089-1-Sai.Sathujoda@toshiba-tsip.com>
From: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>
The cve-checks job generates CVE reports from latest copy of dpkg status files
using cve_checker.py script in debian-cve-checker. This job can only be triggered
manually with no dependency on build jobs running in build stage. This dependency
is removed so that one does not have to wait until all the jobs running in build
stage are passed or is unable to run the cve-checks at all because some job has
failed in the build stage.
Signed-off-by: Sai Sathujoda <Sai.Sathujoda@toshiba-tsip.com>
---
.gitlab-ci.yml | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1de6570..2527427 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -29,6 +29,7 @@ variables:
stages:
- build
- test
+ - cve-check
default:
before_script:
@@ -341,4 +342,17 @@ build:qemu-riscv64:
deploy: disable
allow_failure: true
+cve-checks:
+ stage: cve-check
+ needs: []
+ image: registry.gitlab.com/cip-playground/debian-cve-checker:latest
+ script:
+ - scripts/run-cve-checks.sh
+ when: manual
+ allow_failure: true
+ artifacts:
+ expire_in: 1 day
+ paths:
+ - cve-reports
+
include: '.reproducible-check-ci.yml'
--
2.30.2
next prev parent reply other threads:[~2024-01-18 17:59 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-18 17:59 [isar-cip-core v2 0/3] Generate CVE-reports only with manual trigger Sai.Sathujoda
2024-01-18 17:59 ` [isar-cip-core v2 1/3] scripts/run-cve-checks.sh: Add script to generate CVE report Sai.Sathujoda
2024-01-18 18:20 ` Jan Kiszka
2024-01-18 17:59 ` [isar-cip-core v2 2/3] scripts/deploy-cip-core.sh: Upload dpkg-status files to gitlab CI artifacts Sai.Sathujoda
2024-01-18 17:59 ` Sai.Sathujoda [this message]
2024-01-18 18:20 ` [isar-cip-core v2 0/3] Generate CVE-reports only with manual trigger Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240118175942.1052089-4-Sai.Sathujoda@toshiba-tsip.com \
--to=sai.sathujoda@toshiba-tsip.com \
--cc=cip-dev@lists.cip-project.org \
--cc=dinesh.kumar@toshiba-tsip.com \
--cc=jan.kiszka@siemens.com \
--cc=kazuhiro3.hayashi@toshiba.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.