WIP First fix speedup #723
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@thegreyd: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
openshift-merge-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
At GA time, we determine which flaw bugs are first fixes and only attach those to advisories.
But this analysis is quite heavy, each flaw bug can take upto half a minute or more and there
are 50+ flaw bugs to analyze at GA time. So this can mean 30+ minutes to determine first fixes.
This means the commands
attach-cve-flawsandverify-attached-bugs --verify-flawsboth areessentially blocked on this, they cannot proceed with the other things that they do before this
analysis completes.
In addition to that http requests can fail/timeout, which can cause the command to fail and be
brittle. So in this proposal, we can capture the list of cves that are determined to be first fixes in
the first proper run (30+ mins) and then in subsequent runs we can provide the command with
this list to speedup. Essentially a cache. We can think about capturing this in assembly definition
or redis. One more todo is to look at the http requests we are making and caching them and see
if there is a significant speedup due to duplicate requests.