(tooling-trusted-releases) branch main updated: #550 - re-enable worker RLIMITs and set RAT Java args and CycloneDX .NET environment to git within them

Mon, 26 Jan 2026 09:12:05 -0800 

This is an automated email from the ASF dual-hosted git repository.

arm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


The following commit(s) were added to refs/heads/main by this push:
     new 9254c10  #550 - re-enable worker RLIMITs and set RAT Java args and 
CycloneDX .NET environment to git within them
9254c10 is described below

commit 9254c10ac89552f91a8f741fcb7a173705443bc4
Author: Alastair McFarlane <[email protected]>
AuthorDate: Mon Jan 26 17:11:10 2026 +0000

    #550 - re-enable worker RLIMITs and set RAT Java args and CycloneDX .NET 
environment to git within them
---
 atr/sbom/cyclonedx.py   |  7 +++++++
 atr/tasks/checks/rat.py | 16 ++++++----------
 atr/worker.py           | 27 ++++++++++++++-------------
 3 files changed, 27 insertions(+), 23 deletions(-)

diff --git a/atr/sbom/cyclonedx.py b/atr/sbom/cyclonedx.py
index 320cb1e..3545979 100644
--- a/atr/sbom/cyclonedx.py
+++ b/atr/sbom/cyclonedx.py
@@ -17,6 +17,7 @@
 
 from __future__ import annotations
 
+import os
 import subprocess
 from typing import TYPE_CHECKING
 
@@ -42,10 +43,16 @@ def validate_cli(bundle_value: models.bundle.Bundle) -> 
list[str] | None:
         "--input-file",
         bundle_value.path.as_posix(),
     ]
+    env = os.environ.copy()
+    env["DOTNET_GCHeapHardLimitSOH"] = "0x03000000"
+    env["DOTNET_GCHeapHardLimitLOH"] = "0x01000000"
+    env["DOTNET_GCHeapHardLimitPOH"] = "0x01000000"
+    env["DOTNET_GCHeapCount"] = "1"
     proc = subprocess.run(
         args,
         text=True,
         capture_output=True,
+        env=env,
     )
     if proc.returncode != 0:
         err = proc.stdout.strip() or proc.stderr.strip() or "cyclonedx failed"
diff --git a/atr/tasks/checks/rat.py b/atr/tasks/checks/rat.py
index a335f09..df80c13 100644
--- a/atr/tasks/checks/rat.py
+++ b/atr/tasks/checks/rat.py
@@ -34,16 +34,12 @@ import atr.tasks.checks as checks
 import atr.util as util
 
 _CONFIG: Final = config.get()
-_JAVA_MEMORY_ARGS: Final[list[str]] = []
-# Use this to set smaller memory limits and use SerialGC which also requires 
less memory
-# We prefer, however, to set this in the container
-# _JAVA_MEMORY_ARGS: Final[list[str]] = [
-#     "-XX:MaxMetaspaceSize=32m",
-#     "-Xmx128m",
-#     "-XX:+UseSerialGC",
-#     "-XX:MaxRAM=256m",
-#     "-XX:CompressedClassSpaceSize=16m"
-# ]
+_JAVA_MEMORY_ARGS: Final[list[str]] = [
+    "-Xmx64m",
+    "-XX:MaxMetaspaceSize=32m",
+    "-XX:+UseSerialGC",
+    "-XX:CompressedClassSpaceSize=16m",
+]
 
 # Generated file patterns, always excluded
 _GENERATED_FILE_PATTERNS: Final[list[str]] = [f"**/*{s}" for s in 
constants.GENERATED_FILE_SUFFIXES]
diff --git a/atr/worker.py b/atr/worker.py
index b7c9f5f..190945b 100644
--- a/atr/worker.py
+++ b/atr/worker.py
@@ -26,6 +26,7 @@ import asyncio
 import datetime
 import inspect
 import os
+import resource
 import signal
 import traceback
 from collections.abc import Awaitable, Callable
@@ -41,9 +42,9 @@ import atr.tasks as tasks
 import atr.tasks.checks as checks
 import atr.tasks.task as task
 
-# Resource limits, 5 minutes and 1GB
-# _CPU_LIMIT_SECONDS: Final = 300
-_MEMORY_LIMIT_BYTES: Final = 1024 * 1024 * 1024
+# Resource limits, 5 minutes and 3GB
+_CPU_LIMIT_SECONDS: Final = 300
+_MEMORY_LIMIT_BYTES: Final = 3 * 1024 * 1024 * 1024
 
 # # Create tables if they don't exist
 # SQLModel.metadata.create_all(engine)
@@ -304,18 +305,18 @@ def _worker_resources_limit_set() -> None:
     """Set CPU and memory limits for this process."""
     # TODO: https://github.com/apache/tooling-trusted-releases/issues/411
     # # Set CPU time limit
-    # try:
-    #     resource.setrlimit(resource.RLIMIT_CPU, (CPU_LIMIT_SECONDS, 
CPU_LIMIT_SECONDS))
-    #     log.info(f"Set CPU time limit to {CPU_LIMIT_SECONDS} seconds")
-    # except ValueError as e:
-    #     log.warning(f"Could not set CPU time limit: {e}")
+    try:
+        resource.setrlimit(resource.RLIMIT_CPU, (_CPU_LIMIT_SECONDS, 
_CPU_LIMIT_SECONDS))
+        log.info(f"Set CPU time limit to {_CPU_LIMIT_SECONDS} seconds")
+    except ValueError as e:
+        log.warning(f"Could not set CPU time limit: {e}")
 
     # Set memory limit
-    # try:
-    #     resource.setrlimit(resource.RLIMIT_AS, (_MEMORY_LIMIT_BYTES, 
_MEMORY_LIMIT_BYTES))
-    #     log.info(f"Set memory limit to {_MEMORY_LIMIT_BYTES} bytes")
-    # except ValueError as e:
-    #     log.warning(f"Could not set memory limit: {e}")
+    try:
+        resource.setrlimit(resource.RLIMIT_AS, (_MEMORY_LIMIT_BYTES, 
_MEMORY_LIMIT_BYTES))
+        log.info(f"Set memory limit to {_MEMORY_LIMIT_BYTES} bytes")
+    except ValueError as e:
+        log.warning(f"Could not set memory limit: {e}")
     return
 
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to