Add near-live refresh for CVE feed page #44074
Conversation
Signed-off-by: David Ahmadov <ahmedavid@gmail.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
sig/docs
|
Welcome @ahmedavid! |
k8s-ci-robot
added
cncf-cla: no
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
k8s-ci-robot
added
cncf-cla: yes
Signed-off-by: David Ahmadov <ahmedavid@gmail.com>
Signed-off-by: David Ahmadov <ahmedavid@gmail.com>
|
/retitle Add near-live refresh for CVE feed page |
k8s-ci-robot
changed the title
|
/area web-development |
k8s-ci-robot
added
the
area/web-development
There was a problem hiding this comment.
Thank you for the PR.
This does not close #43968 (there will still be more work to do, around generating the JSON feed data more frequently)
Please update the PR description to reflect that @ahmedavid
|
Hi @sftim , I changed the description. First part was straight forward. But I have no clue about second part. I am happy to help but I need some pointers. |
|
Thanks for updating the PR description. If / when this is reviewed and approved, I expect we'll be able to merge this change without waiting on an update that addresses the other part (generating the feed data more often). |
|
I have couple of concerns
|
|
/assign |
Signed-off-by: David Ahmadov <ahmedavid@gmail.com>
Signed-off-by: David Ahmadov <ahmedavid@gmail.com>
Signed-off-by: David Ahmadov <ahmedavid@gmail.com>
|
This kind of works; the code is not wrong but, it's still not the whole solution. Actually, there's a different thing we can do. We can skip all this change and instead trigger a whole-site deploy whenever there is a diff between the public CVE feed and the source data in GCP. And some Kubernetes infrastructure could do that fix once every 10 minutes. |
Can you point me to the code that generates json? Redeploy website every 10 mins? That doesn't sound like a good idea to me. I think all we need to do is to make sure json is updated frequently on some backend , I don't know where. |
Every 10 mins:
This will trigger approximately 10 rebuilds a year, which is fine. It will also add a few HTTP GETs to our served traffic (which is about 10 TB / month IIRC). See kubernetes/sig-security#1 for the overall issue tracker and more context. |
|
misclicked! |
|
@sftim: Reopened this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
And where this logic would run? Reading through the KEP I can't tell if there is some kind of script exists that implements Design Details steps 1,2,3,4. Or they put a one time static file into the bucket and that is what we are getting. If such script or automation does not exist. First that part needs to be done. Can you confirm if that part is already done? |
I'm going to step back from this conversation (as I have around 80 other things I'm also involved in for Kubernetes, and there is an upcoming release); I hope other contributors step in. |
Appreciate your input so far, thanks. |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
| @@ -21,3 +22,43 @@ | |||
| {{ end }} | |||
| </tbody> | |||
| </table> | |||
|
|
|||
| <script> | |||
There was a problem hiding this comment.
Consider incorporating this script into the header or footer of the page, loading conditionally based on the presence of the HasShortcode parameter.
For guidance, refer to the tips provided at https://gohugo.io/templates/shortcode-templates/ and refer our existing layouts to see how we handle 'HasShortcode'.
| const renderCVEs = (cves) => { | ||
| let tbodyHTML = "" | ||
| for (let cve of cves) { | ||
| tbodyHTML += `<tr> |
There was a problem hiding this comment.
Additionally, we should also refresh the table caption when fetching new data, as it provides the timestamp indicating the last update of the CVE feed data.
| @@ -21,3 +22,43 @@ | |||
| {{ end }} | |||
| </tbody> | |||
| </table> | |||
|
|
|||
| <script> | |||
| window.addEventListener("DOMContentLoaded", () => { | |||
There was a problem hiding this comment.
💭 How about adding a refresh/fetch button in the corner of the table, alongside this auto-trigger logic of every 10 minutes? This button could be used explicitly to refresh the feed table data.
There was a problem hiding this comment.
In the deploy preview (here), I've see following a CORS policy error:
Access to fetch at 'https://storage.googleapis.com/k8s-cve-feed/official-cve-feed.json' from origin 'https://deploy-preview-44074--kubernetes-io-main-staging.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.I'm hoping that this cross-site script error will be gone in the production build at kubernetes.io
k8s-ci-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
I'm not qualified to weigh in on the code changes here - is there anyone researching the review comments? |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
Edited cve-feed.html to add script that fetches cve json feed and updates cve table periodically.