From 0e6fd4385e7ea20632c089a30a4e6012bf817293 Mon Sep 17 00:00:00 2001 From: Rashika-Rjaraman Date: Thu, 3 Apr 2025 13:48:30 +0000 Subject: [PATCH 1/5] Mount compiler container's root file system as read-only --- nexus/compiler/Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nexus/compiler/Makefile b/nexus/compiler/Makefile index 7224f05b8..3ffe83caa 100644 --- a/nexus/compiler/Makefile +++ b/nexus/compiler/Makefile @@ -50,11 +50,17 @@ define run_in_container docker run \ --volume $(realpath .)/..:/go/src/github.com/vmware-tanzu/graph-framework-for-microservices/ \ --volume ~/.ssh:/root/.ssh \ + --volume /tmp:/tmp \ + --volume /go/pkg/mod:/go/pkg/mod \ + --volume /root/.cache/go-build:/root/.cache/go-build \ --network=host \ --workdir ${PKG_NAME} \ -e http_proxy=$(HTTP_PROXY) \ -e https_proxy=$(HTTPS_PROXY) \ + -e GOCACHE=/tmp/go-build-cache \ + -e GOMODCACHE=/tmp/go-mod-cache \ --user $(shell id -u):$(shell id -g) \ + --read-only \ "${BUILDER_DOCKER_TAG}" /bin/bash -c 'chown -R $(shell id -u) .; ${1}' endef else From 6d7c7efefc8a3dbdd9ff3bc55434de3454012496 Mon Sep 17 00:00:00 2001 From: Rashika-Rjaraman Date: Thu, 3 Apr 2025 14:11:00 +0000 Subject: [PATCH 2/5] Debug --- nexus/compiler/scripts/pin_deps.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nexus/compiler/scripts/pin_deps.sh b/nexus/compiler/scripts/pin_deps.sh index b94a931d0..8c4f0bf8e 100755 --- a/nexus/compiler/scripts/pin_deps.sh +++ b/nexus/compiler/scripts/pin_deps.sh @@ -14,6 +14,8 @@ DEFAULT_CLIENT_VERSION_TAG=$(printf "%s" $(yq eval -o=json .k8s_clients.versione fi done )) +echo "DEFAULT_CLIENT_NAME: $DEFAULT_CLIENT_NAME" +echo "DEFAULT_CLIENT_VERSION_TAG: $DEFAULT_CLIENT_VERSION_TAG" if [[ -z $DEFAULT_CLIENT_VERSION_TAG ]]; then echo "Could not determine default k8s client, exiting..." exit 1 From 03d032586c3617248fbb125bd054ac2f94486906 Mon Sep 17 00:00:00 2001 From: Rashika-Rjaraman Date: Thu, 3 Apr 2025 14:22:13 +0000 Subject: [PATCH 3/5] Debug --- nexus/compiler/scripts/pin_deps.sh | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/nexus/compiler/scripts/pin_deps.sh b/nexus/compiler/scripts/pin_deps.sh index 8c4f0bf8e..b26fa3957 100755 --- a/nexus/compiler/scripts/pin_deps.sh +++ b/nexus/compiler/scripts/pin_deps.sh @@ -6,14 +6,7 @@ set -e DEFAULT_CLIENT_NAME="$(yq eval .k8s_clients.default $( dirname "$0" )/../manifest.yaml)" -DEFAULT_CLIENT_VERSION_TAG=$(printf "%s" $(yq eval -o=json .k8s_clients.versioned $( dirname "$0" )/../manifest.yaml | jq -c '.[]' | while read i; do - NAME=$( jq -r '.name' <<< "${i}" ) - if [ $NAME = $DEFAULT_CLIENT_NAME ]; then - echo $( jq -r '.k8s_code_generator_git_tag' <<< "${i}" ) - break - fi -done -)) +DEFAULT_CLIENT_VERSION_TAG=$(yq eval -o=json .k8s_clients.versioned $(dirname "$0")/../manifest.yaml | jq -r ".[] | select(.name == \"$DEFAULT_CLIENT_NAME\") | .k8s_code_generator_git_tag") echo "DEFAULT_CLIENT_NAME: $DEFAULT_CLIENT_NAME" echo "DEFAULT_CLIENT_VERSION_TAG: $DEFAULT_CLIENT_VERSION_TAG" if [[ -z $DEFAULT_CLIENT_VERSION_TAG ]]; then From e5d51af75018c83b723271971292118e4f3fda56 Mon Sep 17 00:00:00 2001 From: Rashika-Rjaraman Date: Mon, 7 Apr 2025 03:08:35 +0000 Subject: [PATCH 4/5] Fix jq dependency --- nexus/compiler/builder/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nexus/compiler/builder/Dockerfile b/nexus/compiler/builder/Dockerfile index 707dbf3ea..09f22aeaa 100644 --- a/nexus/compiler/builder/Dockerfile +++ b/nexus/compiler/builder/Dockerfile @@ -22,7 +22,7 @@ RUN git config --global --add safe.directory '*' \ make=4.3-4.1 \ coreutils=9.1-1 \ openssh-client=1:9.2p1-2+deb12u5 \ - && curl -o /usr/local/bin/jq https://github.com/stedolan/jq/releases/latest/download/jq-linux-amd64 \ + && curl -L -o /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 \ && chmod +x /usr/local/bin/jq \ && go install github.com/onsi/ginkgo/ginkgo@v1.16.0 \ && go install github.com/onsi/gomega/...@v1.18.0 \ From 7b11b3daed1331b79f929f5319e642a648436bc0 Mon Sep 17 00:00:00 2001 From: Rashika-Rjaraman Date: Mon, 7 Apr 2025 03:19:13 +0000 Subject: [PATCH 5/5] Revert script file changes --- nexus/compiler/scripts/pin_deps.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/nexus/compiler/scripts/pin_deps.sh b/nexus/compiler/scripts/pin_deps.sh index b26fa3957..b94a931d0 100755 --- a/nexus/compiler/scripts/pin_deps.sh +++ b/nexus/compiler/scripts/pin_deps.sh @@ -6,9 +6,14 @@ set -e DEFAULT_CLIENT_NAME="$(yq eval .k8s_clients.default $( dirname "$0" )/../manifest.yaml)" -DEFAULT_CLIENT_VERSION_TAG=$(yq eval -o=json .k8s_clients.versioned $(dirname "$0")/../manifest.yaml | jq -r ".[] | select(.name == \"$DEFAULT_CLIENT_NAME\") | .k8s_code_generator_git_tag") -echo "DEFAULT_CLIENT_NAME: $DEFAULT_CLIENT_NAME" -echo "DEFAULT_CLIENT_VERSION_TAG: $DEFAULT_CLIENT_VERSION_TAG" +DEFAULT_CLIENT_VERSION_TAG=$(printf "%s" $(yq eval -o=json .k8s_clients.versioned $( dirname "$0" )/../manifest.yaml | jq -c '.[]' | while read i; do + NAME=$( jq -r '.name' <<< "${i}" ) + if [ $NAME = $DEFAULT_CLIENT_NAME ]; then + echo $( jq -r '.k8s_code_generator_git_tag' <<< "${i}" ) + break + fi +done +)) if [[ -z $DEFAULT_CLIENT_VERSION_TAG ]]; then echo "Could not determine default k8s client, exiting..." exit 1