Move cvdmirror #1383
Move cvdmirror #1383
Conversation
# Conflicts: # .github/workflows/cluster-deploy-conditions-konto.yml # .github/workflows/deploy.yml
|
forwarding the review to @vidriduch |
| @@ -21,7 +21,6 @@ jobs: | |||
|
|
|||
| conditions: | |||
| name: Check for cluster conditions | |||
| needs: build-forms-shared | |||
There was a problem hiding this comment.
now forms shared are not build on every run, but only on those instances where are needed
| - id: prod-clamav | ||
| name: Check for prod clamav | ||
| if: startsWith(github.ref, 'refs/tags/prod-clamav') || steps.prod.outputs.condition == 'true' | ||
| if: startsWith(github.ref, 'refs/tags/prod-clamav') || steps.staging.outputs.condition == 'true' |
There was a problem hiding this comment.
Why has prod-clamav staging condition?
There was a problem hiding this comment.
No it shouldn't be there. It's an old typo that I fixed in ClamAV branch afterwards, but this branch was created before the fix, so the typo remains. It`s now fixed.
cvdmirror/Dockerfile
Outdated
|
|
||
| # Set permissions | ||
| RUN chmod +x ./health.sh | ||
| RUN chmod +x ./entrypoint.sh |
There was a problem hiding this comment.
I'm guessing this can be executed in just one RUN instruction
github-actions
bot
added
the
pr: needs work 🛠️
cvdmirror/health.sh
Outdated
| else | ||
| echo "ping failed" | ||
| exit 1 | ||
| fi |
There was a problem hiding this comment.
(optional) Missing end lines in bunch of files
| name: dev cvdmirror | ||
| needs: conditions | ||
| if: needs.conditions.outputs.dev-cvdmirror == 'true' | ||
| uses: bratislava/github-actions/.github/workflows/deploy-with-bratiska-cli-inhouse.yml@beta |
There was a problem hiding this comment.
I'm not totally sure if this should be @beta couse of DEV or it needs to be changed before release to @stable.
There was a problem hiding this comment.
I usually leave dev deployments with the beta tag, which I use for testing future updates on pipelines. It’s good to keep it distinct from stable.
github-actions
bot
added
pr: fix & ship 🚢
|
Test build pipeline info 🚀 |
|
❗ We have zero builds based on conditions. Exiting pipeline. |
This PR introduces the final missing piece to the scanning infrastructure—a mirror of CVD files. The mirror is updated regularly to maintain the latest CVD (ClamAV Virus Database) and distribute it to
clamcvinstances.Why Do We Need It?
The CVD distributor limits the number of connections per IP to twice every 24 hours. If you exceed this limit, you get blocked and are unable to run ClamAV.
Key Changes:
CVD Mirror Integration:
clamavinstances.Updated Pipeline Precedence:
The scanning pipeline precedence is now as follows:
cvdmirror: Deployed first and holds the latest CVD files.clamav: Downloads the CVD database fromcvdmirror.nest-clamav-scanner: Relies onclamavfor scanning, requiringclamavto be running.Exclusion of
forms-shared:forms-sharedno longer needs to be built during scanner infrastructure deployment since it’s not required.