internal/worker: clean cache outside of sandbox
Cleaning cache inside the sandbox seems to raise some memory leaks
seemingly related to the sandbox process. Clean the cache outside
instead, for now.
Change-Id: Ieefb67ff9901c8f2f3aa65f90c31d41f0be3dc72
Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/472995
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/internal/worker/vulncheck_scan.go b/internal/worker/vulncheck_scan.go
index cd8b7ad..a8d7539 100644
--- a/internal/worker/vulncheck_scan.go
+++ b/internal/worker/vulncheck_scan.go
@@ -298,7 +298,7 @@
if s.insecure {
vulns, err = s.runGovulncheckScanInsecure(ctx, modulePath, version, stats)
} else {
- return nil, errors.New("Govulncheck scan is currently unsupported in sandbox mode")
+ return nil, errors.New("govulncheck scan is currently unsupported in sandbox mode")
}
if err != nil {
return nil, err
@@ -335,9 +335,13 @@
return unmarshalVulncheckOutput(stdout)
}
-// The Go module cache resides in its default location, $HOME/go/pkg/mod.
-// Inside the sandbox, the user is root and their home directory is /root.
-const sandboxGoModCache = "root/go/pkg/mod"
+// Inside the sandbox, the user is root and their $HOME directory is /root.
+const (
+ // The Go module cache resides in its default location, $HOME/go/pkg/mod.
+ sandboxGoModCache = "root/go/pkg/mod"
+ // The Go cache resides in its default location, $HOME/.cache/go-build.
+ sandboxGoCache = "root/.cache/go-build"
+)
func runSourceScanSandbox(ctx context.Context, modulePath, version, mode string, proxyClient *proxy.Client, sbox *sandbox.Sandbox) ([]byte, error) {
sandboxDir, cleanup, err := downloadModuleSandbox(ctx, modulePath, version, proxyClient)
@@ -363,7 +367,7 @@
return "", nil, err
}
// Download all dependencies outside of the sandbox, but use the Go build
- // cache inside the bundle.
+ // cache ("/bundle/rootfs/" + sandboxGoCache) inside the bundle.
log.Infof(ctx, "running go mod download")
cmd := exec.Command("go", "mod", "download")
cmd.Dir = imageDir
@@ -855,7 +859,11 @@
out, err = exec.Command("go", "clean", "-cache", "-modcache").CombinedOutput()
} else {
logDiskUsage("before")
- out, err = s.sbox.Command(sandboxGoPath, "clean", "-cache", "-modcache").Output()
+ // TODO(zpavlinovic): clean within sandbox. Currently, there is a memory leak.
+ //out, err = s.sbox.Command(sandboxGoPath, "clean", "-cache", "-modcache").Output()
+ c := exec.Command("go", "clean", "-cache", "-modcache")
+ c.Env = append(os.Environ(), "GOCACHE=/bundle/rootfs/"+sandboxGoCache, "GOMODCACHE=/bundle/rootfs/"+sandboxGoModCache)
+ out, err = c.CombinedOutput()
if err == nil {
logDiskUsage("after")
}