Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(plugin): enable binary plugin support #1794

Merged
merged 23 commits into from
Jul 8, 2024
Merged

feat(plugin): enable binary plugin support #1794

merged 23 commits into from
Jul 8, 2024

Conversation

zsoltkacsandi
Copy link
Contributor

@zsoltkacsandi zsoltkacsandi commented Jun 13, 2024
edited by akijakya
Loading

Description

Added top-level binary_mode config to the plugin scanner family, and also to the individual plugin scanners, defaulting to false. If the top-level binary_mode config is explicitly specified, it'll overwrite the individual plugin-level ones.

If binary mode is enabled, it results in running the scanner plugins without the docker daemon, which means downloading the image (without docker pull), extracting its content to the machine, mounting the necessary directories of the host machine under the plugin filesystem and executing its entrypoint with chroot (details are in plugins/runner/internal/runtimehandler/binary/handler.go).

This solution is not intended for using it in production, but for testing purposes in dockerless environments (e.g. CI/CD pipelines).

Type of Change

  • Bug Fix
  • New Feature
  • Breaking Change
  • Refactor
  • Documentation
  • Other (please describe)

Checklist

  • I have read the contributing guidelines
  • Existing issues have been referenced (where applicable)
  • I have verified this change is not present in other open pull requests
  • Functionality is documented
  • All code style checks pass
  • New code contribution is covered by automated tests
  • All new and existing tests pass

@zsoltkacsandi zsoltkacsandi requested a review from a team as a code owner June 13, 2024 11:25
@zsoltkacsandi zsoltkacsandi force-pushed the feat-enable-binary-plugin-support branch from 3ec1a8a to d0761d8 Compare June 13, 2024 11:29
@zsoltkacsandi zsoltkacsandi marked this pull request as draft June 13, 2024 11:30
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@akijakya akijakya force-pushed the feat-enable-binary-plugin-support branch from 37377af to 1145bcb Compare June 13, 2024 14:36
akijakya
akijakya reviewed Jun 17, 2024
View reviewed changes
plugins/runner/runner.go Outdated Show resolved Hide resolved
ramizpolic
ramizpolic reviewed Jun 19, 2024
View reviewed changes
.families.yaml Outdated Show resolved Hide resolved
zsoltkacsandi
zsoltkacsandi commented Jun 21, 2024
View reviewed changes
plugins/sdk-python/example/Dockerfile.test Show resolved Hide resolved
plugins/runner/internal/runtimehandler/binary/handler.go Show resolved Hide resolved
plugins/runner/internal/runtimehandler/binary/handler.go Show resolved Hide resolved
plugins/runner/runtimehandler_linux.go Outdated Show resolved Hide resolved
.families.yaml Outdated Show resolved Hide resolved
.families.yaml Outdated Show resolved Hide resolved
plugins/runner/internal/runtimehandler/binary/handler.go Outdated Show resolved Hide resolved
plugins/runner/internal/runtimehandler/binary/handler.go Show resolved Hide resolved
plugins/runner/internal/runtimehandler/binary/handler.go Outdated Show resolved Hide resolved
@akijakya akijakya force-pushed the feat-enable-binary-plugin-support branch 3 times, most recently from c15f4e2 to 67d7ec0 Compare June 21, 2024 12:21
@akijakya akijakya added the scanners Issues related to adding new scanners label Jun 21, 2024
@akijakya akijakya force-pushed the feat-enable-binary-plugin-support branch 2 times, most recently from bb495ba to f0c1a17 Compare June 24, 2024 14:04
@zsoltkacsandi zsoltkacsandi marked this pull request as ready for review June 24, 2024 14:35
@akijakya akijakya force-pushed the feat-enable-binary-plugin-support branch from 830ddfb to 3d19b6d Compare June 25, 2024 08:24
@ramizpolic ramizpolic mentioned this pull request Jun 26, 2024
Merged
13 tasks
ramizpolic
ramizpolic reviewed Jun 27, 2024
View reviewed changes
plugins/runner/go.mod Outdated Show resolved Hide resolved
zsoltkacsandi and others added 16 commits June 27, 2024 15:20
@zsoltkacsandi @akijakya
docs(plugin): add warning
e2a3c44
@akijakya
chore(plugin): go mod tidy
8ab18a1 
Signed-off-by: András Jáky <[email protected]>
@zsoltkacsandi @akijakya
fix(plugin): fix linter warnings
a7099a9
@zsoltkacsandi @akijakya
fix(plugin): add mutex to prevent possible race condition during star…
2a103a5 
…ting the plugin
@zsoltkacsandi @akijakya
fix(plugin): fix log streaming
69e7a44
@zsoltkacsandi @akijakya
fix(plugin): move plugins into the user's home directory
fefea69
@zsoltkacsandi @akijakya
fix(plugin): unmount on panic
927848f
@akijakya
fix(plugin): cleanup image after unmount
42ce799 
Also make cleanup error log more informative.

Signed-off-by: András Jáky <[email protected]>
@zsoltkacsandi @akijakya
fix(plugin): stopping gracefully if the context is cancelled
29f6587
@zsoltkacsandi @akijakya
Update plugins/runner/internal/runtimehandler/binary/handler.go
7c22bb5 
Co-authored-by: András Jáky <[email protected]>
@zsoltkacsandi @akijakya
refactor(plugin): move deferred unmount
0fb40fc
@zsoltkacsandi @akijakya
refactor(plugin): move deferred unmount
65060fe
@zsoltkacsandi @akijakya
fix(plugin): fix input dir permission
85e68b5
@akijakya
refactor: scanner/utils/containerrootfs->utils/fsutils/
69b6ed9 
Signed-off-by: András Jáky <[email protected]>
@akijakya
chore: make gen
62a0fa6 
Signed-off-by: András Jáky <[email protected]>
@akijakya
fix(plugin): linter issues
4a1dca1 
Signed-off-by: András Jáky <[email protected]>
@akijakya akijakya force-pushed the feat-enable-binary-plugin-support branch from b22489c to 4a1dca1 Compare June 27, 2024 13:21
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@ramizpolic ramizpolic mentioned this pull request Jul 8, 2024
Merged
13 tasks
ramizpolic
ramizpolic approved these changes Jul 8, 2024
View reviewed changes
Copy link
Member

@ramizpolic ramizpolic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great work everyone!! :shipit:

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 8, 2024

Hey!

Your images are ready:

  • ghcr.io/openclarity/vmclarity-apiserver-dev:pr1794-3edc0ecdf36f5ac563b82808948f6c6fc3530930
  • ghcr.io/openclarity/vmclarity-cli-dev:pr1794-3edc0ecdf36f5ac563b82808948f6c6fc3530930
  • ghcr.io/openclarity/vmclarity-cr-discovery-server-dev:pr1794-3edc0ecdf36f5ac563b82808948f6c6fc3530930
  • ghcr.io/openclarity/vmclarity-orchestrator-dev:pr1794-3edc0ecdf36f5ac563b82808948f6c6fc3530930
  • ghcr.io/openclarity/vmclarity-plugin-kics-dev:pr1794-3edc0ecdf36f5ac563b82808948f6c6fc3530930
  • ghcr.io/openclarity/vmclarity-ui-dev:pr1794-3edc0ecdf36f5ac563b82808948f6c6fc3530930
  • ghcr.io/openclarity/vmclarity-ui-backend-dev:pr1794-3edc0ecdf36f5ac563b82808948f6c6fc3530930

@akijakya akijakya added this pull request to the merge queue Jul 8, 2024
Merged via the queue into main with commit 0e90409 Jul 8, 2024
41 checks passed
@akijakya akijakya deleted the feat-enable-binary-plugin-support branch July 8, 2024 11:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akijakya akijakya akijakya left review comments

@ramizpolic ramizpolic ramizpolic approved these changes

Assignees

@zsoltkacsandi zsoltkacsandi

@akijakya akijakya

Labels
scanners Issues related to adding new scanners
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@zsoltkacsandi @ramizpolic @akijakya