Merge pull request #1275 from Quentin-M/min_id_once

Compute min_id only once during securityworker's lifetime

workers/securityworker.py

@@ -28,6 +28,12 @@ class SecurityWorker(Worker):
       self._target_version = secscan_config['ENGINE_VERSION_TARGET']
       self._analyzer = LayerAnalyzer(app.config, secscan_api)
 
+      # Get the ID of the first image we want to analyze.
+      self._min_id = (Image
+                      .select(fn.Min(Image.id))
+                      .where(Image.security_indexed_engine < self._target_version)
+                      .scalar())
+
       self.add_operation(self._index_images, INDEXING_INTERVAL)
     else:
       logger.warning('Failed to validate security scan configuration')
@@ -37,19 +43,20 @@ class SecurityWorker(Worker):
       base_query = get_image_with_storage_and_parent_base()
       return base_query.where(Image.security_indexed_engine < self._target_version)
 
-    min_id = (Image
+    # Get the ID of the last image we can analyze.
-              .select(fn.Min(Image.id))
-              .where(Image.security_indexed_engine < self._target_version)
-              .scalar())
     max_id = Image.select(fn.Max(Image.id)).scalar()
 
     with UseThenDisconnect(app.config):
-      for candidate, abt in yield_random_entries(batch_query, Image.id, BATCH_SIZE, max_id, min_id):
+      for candidate, abt in yield_random_entries(batch_query, Image.id, BATCH_SIZE, max_id,
+                                                 self._min_id):
         _, continue_batch = self._analyzer.analyze_recursively(candidate)
         if not continue_batch:
           logger.info('Another worker pre-empted us for layer: %s', candidate.id)
           abt.set()
 
+    # If we reach this point, we analyzed every images up to max_id, next time the worker runs,
+    # we want to start from the next image.
+    self._min_id = max_id + 1
 
 if __name__ == '__main__':
   if not features.SECURITY_SCANNER: