Skip to content

Commit 330690d

Browse files
jiridanekjiridanek
committed
clamav attempt two
1 parent bfd0139 commit 330690d

File tree

2 files changed

+52
-1
lines changed

2 files changed

+52
-1
lines changed

.tekton/rocm-jupyter-minimal-ubi9-python-3-11-push.yaml

+12
Original file line numberDiff line numberDiff line change
@@ -403,6 +403,10 @@ spec:
403403
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
404404
- name: image-url
405405
value: $(tasks.build-image-index.results.IMAGE_URL)
406+
podTemplate:
407+
env:
408+
- name: CLAMD_CONF_MaxThreads
409+
value: '10'
406410
runAfter:
407411
- build-image-index
408412
taskRef:
@@ -607,6 +611,14 @@ spec:
607611
limits:
608612
memory: 8Gi
609613
pipelineTaskName: clair-scan
614+
- pipelineTaskName: clamav-scan
615+
stepSpecs:
616+
- computeResources:
617+
limits:
618+
cpu: '10'
619+
requests:
620+
cpu: '8'
621+
name: extract-and-scan-image
610622
taskRunTemplate: {}
611623
timeouts:
612624
pipeline: 4h

ci/cached-builds/konflux_generate_component_build_pipelines.py

+40-1
Original file line numberDiff line numberDiff line change
@@ -517,6 +517,14 @@ def component_build_pipeline(component_name, dockerfile_path, is_pr: bool = True
517517
},
518518
{
519519
"name": "clamav-scan",
520+
"podTemplate": {
521+
"env": [
522+
{
523+
"name": "CLAMD_CONF_MaxThreads",
524+
"value": "10"
525+
},
526+
],
527+
},
520528
"params": [
521529
{
522530
"name": "image-digest",
@@ -734,19 +742,50 @@ def component_build_pipeline(component_name, dockerfile_path, is_pr: bool = True
734742
},
735743
# https://github.com/tektoncd/pipeline/blob/main/docs/compute-resources.md
736744
# https://konflux.pages.redhat.com/docs/users/how-tos/configuring/overriding-compute-resources.html
737-
# https://github.com/red-hat-data-services/distributed-workloads/blob/face046a631a1ac9b0fc51bcd2984628e9f3db05/.tekton/training-rocm-push.yaml#L36-L42
738745
"taskRunSpecs": [
746+
# https://tekton.dev/docs/pipelines/taskruns/#overriding-task-steps-and-sidecars
739747
{
740748
"pipelineTaskName": task_name,
741749
"computeResources": {
742750
# the problem is going over limits, so requests need not be touched at all
751+
# https://github.com/red-hat-data-services/distributed-workloads/blob/face046a631a1ac9b0fc51bcd2984628e9f3db05/.tekton/training-rocm-push.yaml#L36-L42
743752
"limits": {
744753
"memory": "8Gi",
745754
},
746755
},
747756
# leaving out "prefetch-dependencies" because we don't do hermetic build yet
748757
# leaving out "build-images" for now, it already has a limit of 8Gi by default
749758
} for task_name in ("ecosystem-cert-preflight-checks", "clair-scan")
759+
] + [
760+
{
761+
# clamav is memory intensive and by default runs single-threaded
762+
# https://redhat-internal.slack.com/archives/C04PZ7H0VA8/p1739535522748909?thread_ts=1739441464.370119&cid=C04PZ7H0VA8
763+
"pipelineTaskName": "clamav-scan",
764+
# "computeResources": {
765+
# "requests": {
766+
# "cpu": "2",
767+
# },
768+
# },
769+
"stepSpecs": [
770+
{
771+
"name": "extract-and-scan-image",
772+
"computeResources": {
773+
"requests": {
774+
"cpu": "8",
775+
},
776+
"limits": {
777+
"cpu": "10",
778+
}
779+
},
780+
# "env": [
781+
# {
782+
# "name": "CLAMD_CONF_MaxThreads",
783+
# "value": "4"
784+
# }
785+
# ],
786+
},
787+
],
788+
},
750789
],
751790
"taskRunTemplate": {},
752791
"workspaces": [

0 commit comments

Comments
 (0)