mirror of https://gitlab.com/curben/blog
fix: post_path doesn't work in []()
use <a> as a workaround for now https://github.com/hexojs/hexo/issues/3321
This commit is contained in:
parent
8ba902f188
commit
6c75782dda
|
@ -48,7 +48,7 @@ Practically, you can use Snyk to patch it, *if* possible like this [hexo-all-min
|
||||||
15. Lastly, link the project to your Snyk account, `$ snyk monitor`. Your project will shows up at your Snyk account. Go to the project setting and add your github repo link. This is necessary to remove usage quota for open-source projects.
|
15. Lastly, link the project to your Snyk account, `$ snyk monitor`. Your project will shows up at your Snyk account. Go to the project setting and add your github repo link. This is necessary to remove usage quota for open-source projects.
|
||||||
16. Optional: add `snyk test`, `snyk protect` and `snyk monitor` commands to your CI script to protect your CI build image.
|
16. Optional: add `snyk test`, `snyk protect` and `snyk monitor` commands to your CI script to protect your CI build image.
|
||||||
|
|
||||||
***Attention:*** Snyk depends on GNU version of `patch` utility, so you need to install it if the CI build environment is Alpine or BSD. Otherwise, `snyk protect` won't work. Read my [newer post]({% post_path snyk-failed-to-patch-in-alpine-docker %}) for more info.
|
***Attention:*** Snyk depends on GNU version of `patch` utility, so you need to install it if the CI build environment is Alpine or BSD. Otherwise, `snyk protect` won't work. Read my <a href="{% post_path snyk-failed-to-patch-in-alpine-docker %}">newer post</a> for more info.
|
||||||
|
|
||||||
Alternatively, you could integrate directly to your remote repo (github/gitlab). This integration allows Snyk to automatically create pull/merge request. Enable this by going to your Snyk account and Integrations tab.
|
Alternatively, you could integrate directly to your remote repo (github/gitlab). This integration allows Snyk to automatically create pull/merge request. Enable this by going to your Snyk account and Integrations tab.
|
||||||
|
|
||||||
|
|
|
@ -7,12 +7,12 @@ Snyk initially runs fine on Alpine, until you try to `snyk protect` to patch the
|
||||||
|
|
||||||
<!-- more -->
|
<!-- more -->
|
||||||
|
|
||||||
Snyk is used to patch vulnerabilities of node_modules (read my [previous post]({% post_path secure-node-modules-with-snyk %}) for installation guide). I never had any issue with it running on Alpine docker image. That was because there was no modules to patch.
|
Snyk is used to patch vulnerabilities of node_modules (read my <a href="{% post_path secure-node-modules-with-snyk %}">previous post</a> for installation guide). I never had any issue with it running on Alpine docker image. That was because there was no modules to patch.
|
||||||
|
|
||||||
That is until I install [renovate](https://github.com/renovatebot/renovate), which has [vulnerabilities](https://snyk.io/test/npm/renovate) that can be patched.
|
That is until I install [renovate](https://github.com/renovatebot/renovate), which has [vulnerabilities](https://snyk.io/test/npm/renovate) that can be patched.
|
||||||
|
|
||||||
Snyk only tells modules failed to patch, which is not helpful at all. I initially thought it was due to file permissions, which I now realise don't make sense. All commands are executed as root and files are owned by root.
|
Snyk only tells modules failed to patch, which is not helpful at all. I initially thought it was due to file permissions, which I now realise don't make sense. All commands are executed as root and files are owned by root.
|
||||||
|
|
||||||
The issue was only pinpointed after I ran snyk with `--debug`, which I should've used it in the first place anyway. The issue is due to BusyBox's patch doesn't support `--backup` option. Sigh, [BusyBox versus GNU]({% post_path gnu-vs-busybox-unix-tools %}), back at it again.
|
The issue was only pinpointed after I ran snyk with `--debug`, which I should've used it in the first place anyway. The issue is due to BusyBox's patch doesn't support `--backup` option. Sigh, <a href="{% post_path gnu-vs-busybox-unix-tools %}">BusyBox versus GNU</a>, back at it again.
|
||||||
|
|
||||||
To install GNU's patch, simply add `apk add patch` before `npm install` in your CI config (e.g. `.gitlab-ci.yml`). The installation will automatically replace the BusyBox's patch symlink, so you don't need to.
|
To install GNU's patch, simply add `apk add patch` before `npm install` in your CI config (e.g. `.gitlab-ci.yml`). The installation will automatically replace the BusyBox's patch symlink, so you don't need to.
|
Loading…
Reference in New Issue