Build and push rootless docker container #8572
Conversation
cgdolan
requested review from
spencerdrak,
aryx,
bmahe and
apt-itude
as code owners
cgdolan
force-pushed
the
cgdolan/rootless-docker-build
branch
from
59a166c
to
5ff9867
Compare
cgdolan
force-pushed
the
cgdolan/rootless-docker-build
branch
from
b6463ff
to
dee4d34
Compare
|
🚫 The whole benchmark suite is too slow: +9.3% (+1.093 s) 14 benchmarks, 9.3% slower on average. Individual deviations greater than 20% from the baseline are reported. An individual performance degradation of over 30% or a global degradation of over 7% is an error and will block the pull request. See run output for full results ('Show all checks' > 'Tests / semgrep benchmark tests' 'Details'). |
|
🚫 The whole benchmark suite is too slow: +9.0% (+1.090 s) 14 benchmarks, 9.0% slower on average. Individual deviations greater than 20% from the baseline are reported. An individual performance degradation of over 30% or a global degradation of over 7% is an error and will block the pull request. See run output for full results ('Show all checks' > 'Tests / semgrep benchmark tests' 'Details'). |
|
🚫 The whole benchmark suite is too slow: +7.4% (+1.074 s) 14 benchmarks, 7.4% slower on average. Individual deviations greater than 20% from the baseline are reported. An individual performance degradation of over 30% or a global degradation of over 7% is an error and will block the pull request. See run output for full results ('Show all checks' > 'Tests / semgrep benchmark tests' 'Details'). |
There was a problem hiding this comment.
Thanks.
Why do we need this though? Was it impossible to make it rootless by default, so we don't need to build 2 images each time? Could you add a comment maybe in the Dockerfile next to the rootless target about why we provide 2 images (I guess it's easier for some customers, but would be nice to have some scenario in which the root one is needed and using the rootless would make too many customers suddently fail or something.
|
Sure, added a comment in the new nonroot docker stage explaining why we can't just make this the default. |
|
🚫 The whole benchmark suite is too slow: +7.6% (+1.076 s) 14 benchmarks, 7.6% slower on average. Individual deviations greater than 20% from the baseline are reported. An individual performance degradation of over 30% or a global degradation of over 7% is an error and will block the pull request. See run output for full results ('Show all checks' > 'Tests / semgrep benchmark tests' 'Details'). |
|
Please note just above your change that See: |
This reverts commit ff099a3. PR checklist: - [x] Purpose of the code is [evident to future readers](https://semgrep.dev/docs/contributing/contributing-code/#explaining-code) - [x] Tests included or PR comment includes a reproducible test plan - [x] Documentation is up-to-date - [x] A changelog entry was [added to changelog.d](https://semgrep.dev/docs/contributing/contributing-code/#adding-a-changelog-entry) for any user-facing change - [x] Change has no security implications (otherwise, ping security team) If you're unsure about any of this, please see: - [Contribution guidelines](https://semgrep.dev/docs/contributing/contributing-code)! - [One of the more specific guides located here](https://semgrep.dev/docs/contributing/contributing/)
|
reverting this diff @gedigi. Should be fixed in 1.38.3 later today. |
PR checklist: - [ ] Purpose of the code is [evident to future readers](https://semgrep.dev/docs/contributing/contributing-code/#explaining-code) - [ ] Tests included or PR comment includes a reproducible test plan - [ ] Documentation is up-to-date - [ ] A changelog entry was [added to changelog.d](https://semgrep.dev/docs/contributing/contributing-code/#adding-a-changelog-entry) for any user-facing change - [ ] Change has no security implications (otherwise, ping security team) If you're unsure about any of this, please see: - [Contribution guidelines](https://semgrep.dev/docs/contributing/contributing-code)! - [One of the more specific guides located here](https://semgrep.dev/docs/contributing/contributing/)
…grep#8615) This reverts commit ff099a3. PR checklist: - [x] Purpose of the code is [evident to future readers](https://semgrep.dev/docs/contributing/contributing-code/#explaining-code) - [x] Tests included or PR comment includes a reproducible test plan - [x] Documentation is up-to-date - [x] A changelog entry was [added to changelog.d](https://semgrep.dev/docs/contributing/contributing-code/#adding-a-changelog-entry) for any user-facing change - [x] Change has no security implications (otherwise, ping security team) If you're unsure about any of this, please see: - [Contribution guidelines](https://semgrep.dev/docs/contributing/contributing-code)! - [One of the more specific guides located here](https://semgrep.dev/docs/contributing/contributing/)
PR checklist:
If you're unsure about any of this, please see: