You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@airflow.apache.org by Jarek Potiuk <Ja...@polidea.com> on 2020/11/09 12:33:13 UTC
Removing Code QL security analysis CI jobs out of PRs
Hello everyone,
I have not seen a single time any security Analysis job Code QL would
produce any valuable output. I've seen it failing for no reason a few times
though. And the Python analysis takes 20 minutes of build-job time. And it
adds some complexity into cancelling duplicate jobs.
We've done some optimizations recently, and following that - I have a
feeling that only running this Analysis job in the master is a better
approach.
There is very little chance we will miss any warning there (we are basing
part of our workflow on the fact that master build is green (for example to
push a new version of master prod images) and we will likely get more of
it.
How about doing exactly this - only running the Code QL in
master/v1-10-test ?
J.
--
Jarek Potiuk
Polidea <https://www.polidea.com/> | Principal Software Engineer
M: +48 660 796 129 <+48660796129>
[image: Polidea] <https://www.polidea.com/>
Re: Removing Code QL security analysis CI jobs out of PRs
Posted by Jarek Potiuk <Ja...@polidea.com>.
Lazy consensus reached. Removing from PRs.
On Wed, Nov 11, 2020 at 7:33 PM Jarek Potiuk <Ja...@polidea.com>
wrote:
> Calling for lazy consensus here as well. Again if there are no objections
> till the end of the weekend, I will leave CodeQL only in the master. I
> believe checking v1-10 is indeed not something we must do now when we are
> switching our focus to 2.0. Though if someone has some doubts here, please
> raise your hand now :) (or be silent for ever ;) )
>
> J.
>
>
> On Mon, Nov 9, 2020 at 6:11 PM Kaxil Naik <ka...@gmail.com> wrote:
>
>> I would say let's just run it against master, not even v1-10-test
>>
>> On Mon, Nov 9, 2020 at 12:33 PM Jarek Potiuk <Ja...@polidea.com>
>> wrote:
>>
>>> Hello everyone,
>>>
>>> I have not seen a single time any security Analysis job Code QL would
>>> produce any valuable output. I've seen it failing for no reason a few times
>>> though. And the Python analysis takes 20 minutes of build-job time. And it
>>> adds some complexity into cancelling duplicate jobs.
>>>
>>> We've done some optimizations recently, and following that - I have a
>>> feeling that only running this Analysis job in the master is a better
>>> approach.
>>>
>>> There is very little chance we will miss any warning there (we are
>>> basing part of our workflow on the fact that master build is green (for
>>> example to push a new version of master prod images) and we will likely get
>>> more of it.
>>>
>>> How about doing exactly this - only running the Code QL in
>>> master/v1-10-test ?
>>>
>>> J.
>>>
>>> --
>>>
>>> Jarek Potiuk
>>> Polidea <https://www.polidea.com/> | Principal Software Engineer
>>>
>>> M: +48 660 796 129 <+48660796129>
>>> [image: Polidea] <https://www.polidea.com/>
>>>
>>>
>
> --
>
> Jarek Potiuk
> Polidea <https://www.polidea.com/> | Principal Software Engineer
>
> M: +48 660 796 129 <+48660796129>
> [image: Polidea] <https://www.polidea.com/>
>
>
--
Jarek Potiuk
Polidea <https://www.polidea.com/> | Principal Software Engineer
M: +48 660 796 129 <+48660796129>
[image: Polidea] <https://www.polidea.com/>
Re: Removing Code QL security analysis CI jobs out of PRs
Posted by Jarek Potiuk <Ja...@polidea.com>.
Calling for lazy consensus here as well. Again if there are no objections
till the end of the weekend, I will leave CodeQL only in the master. I
believe checking v1-10 is indeed not something we must do now when we are
switching our focus to 2.0. Though if someone has some doubts here, please
raise your hand now :) (or be silent for ever ;) )
J.
On Mon, Nov 9, 2020 at 6:11 PM Kaxil Naik <ka...@gmail.com> wrote:
> I would say let's just run it against master, not even v1-10-test
>
> On Mon, Nov 9, 2020 at 12:33 PM Jarek Potiuk <Ja...@polidea.com>
> wrote:
>
>> Hello everyone,
>>
>> I have not seen a single time any security Analysis job Code QL would
>> produce any valuable output. I've seen it failing for no reason a few times
>> though. And the Python analysis takes 20 minutes of build-job time. And it
>> adds some complexity into cancelling duplicate jobs.
>>
>> We've done some optimizations recently, and following that - I have a
>> feeling that only running this Analysis job in the master is a better
>> approach.
>>
>> There is very little chance we will miss any warning there (we are basing
>> part of our workflow on the fact that master build is green (for example to
>> push a new version of master prod images) and we will likely get more of
>> it.
>>
>> How about doing exactly this - only running the Code QL in
>> master/v1-10-test ?
>>
>> J.
>>
>> --
>>
>> Jarek Potiuk
>> Polidea <https://www.polidea.com/> | Principal Software Engineer
>>
>> M: +48 660 796 129 <+48660796129>
>> [image: Polidea] <https://www.polidea.com/>
>>
>>
--
Jarek Potiuk
Polidea <https://www.polidea.com/> | Principal Software Engineer
M: +48 660 796 129 <+48660796129>
[image: Polidea] <https://www.polidea.com/>
Re: Removing Code QL security analysis CI jobs out of PRs
Posted by Kaxil Naik <ka...@gmail.com>.
I would say let's just run it against master, not even v1-10-test
On Mon, Nov 9, 2020 at 12:33 PM Jarek Potiuk <Ja...@polidea.com>
wrote:
> Hello everyone,
>
> I have not seen a single time any security Analysis job Code QL would
> produce any valuable output. I've seen it failing for no reason a few times
> though. And the Python analysis takes 20 minutes of build-job time. And it
> adds some complexity into cancelling duplicate jobs.
>
> We've done some optimizations recently, and following that - I have a
> feeling that only running this Analysis job in the master is a better
> approach.
>
> There is very little chance we will miss any warning there (we are basing
> part of our workflow on the fact that master build is green (for example to
> push a new version of master prod images) and we will likely get more of
> it.
>
> How about doing exactly this - only running the Code QL in
> master/v1-10-test ?
>
> J.
>
> --
>
> Jarek Potiuk
> Polidea <https://www.polidea.com/> | Principal Software Engineer
>
> M: +48 660 796 129 <+48660796129>
> [image: Polidea] <https://www.polidea.com/>
>
>