I believe we print a new line anyway from e.g. envInt, which calls fmt.Fprintln.
Found by staticcheck:
main.go:127:17: error strings should not end with punctuation or newlines (ST1005)
main.go:157:13: error strings should not end with punctuation or newlines (ST1005)
main.go:187:13: error strings should not end with punctuation or newlines (ST1005)
main.go:217:13: error strings should not end with punctuation or newlines (ST1005)
Distroless is stuck on debian 11 - we can do the same thing, more or
less in our own script. Sad that we have to, but here we are.
The net result is a about 8MB smaller and passes e2e and passes trivy.
Previously, errors from askpass and credential storage were being
ignored, causing git clone/fetch to later error with hard-to-read
errors.
Now the error indicates the credential refresh as the problem, and
does not try to sync.
The "origin" remote is implicitly used as the basis for relative-paths
in submodules. It's very subtly documented, and I have no idea if there
are other places where it is used. It seems git really expects it to
exist, so let's just do that.
For each package and binary we need, this pulls in all the files and
deps (shared libs, mostly). The build is slower but the final image is
85 MB (versus 157 MB before). e2e passes. Hopefully less CVE surface.
This is based on scripts used in kubernetes and KinD.
This ensures we do not miss events. E.g.
before:
t0: hash changes to X
t1: send webhook(X), waiting for response
t2: hash changes to Y
t3: queue next webhook(Y) but can't send because previous is not done
t4: crash
t5: restart
t6: find repo at hash Y
no webhook(Y) was sent.
after:
t0: hash changes to X
t1: send webhook(X), waiting for response
t2: hash changes to Y
t3: queue next webhook(Y) but can't send because previous is not done
t4: crash
t5: restart
t6: find repo at hash Y
t7: send webhook(Y), waiting for response
This is a breaking change. The `--change-permissions` flag was too
coarse (e.g. changed directories and files alike) and not expressive (no
way to say "g+w").
I doubt if anyone was using it, and if they were, the new
`--group-write` is almost certainly what they want.
To do this, we run the e2e test as a different user. To do that, we
need git-sync to make sure that everything is group accessible. To
clean up after the test, we need everything to be group writable. To do
that, we add a new flag: `--group-write`.
justinsb
Kubernetes Prow Robot
Tim Hockin
Karl Isenberg
Ofek Buchnik
Sacha Viscaino