Skip to content

chore: Image scanning refactoring #4802

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Mar 22, 2024
Merged

chore: Image scanning refactoring #4802

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
8fb4421
added sql
kartik-579 Mar 17, 2024
8a1c206
updated event type for job in workflow request
kartik-579 Mar 17, 2024
da15c51
added comments, handling for global cm/cs
kartik-579 Mar 18, 2024
41abee8
fixed json string global cmcs
kartik-579 Mar 18, 2024
5af19e4
updated global cm/cs spec
kartik-579 Mar 18, 2024
03f23d5
wip
kartik-579 Mar 18, 2024
613dce8
Merge branch 'main' into image-scanning-refactoring
kartik-579 Mar 21, 2024
f1bce28
updated sql script number
kartik-579 Mar 21, 2024
7d2e555
Merge branch 'main' into image-scanning-refactoring
kartik-579 Mar 22, 2024
b0a54b2
updated sql script number
kartik-579 Mar 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pkg/pipeline/GlobalCMCSService.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ func NewGlobalCMCSServiceImpl(logger *zap.SugaredLogger,
type GlobalCMCSDataUpdateDto struct {
Id int `json:"id"`
Data map[string]string `json:"data" validate:"required"`
SecretIngestionFor string `json:"SecretIngestionFor"` // value can be one of [ci, cd, ci/cd]
SecretIngestionFor string `json:"secretIngestionFor"` // value can be one of [ci, cd, ci/cd]
UserId int32 `json:"-"`
}

Expand Down
2 changes: 1 addition & 1 deletion pkg/pipeline/WorkflowService.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,7 @@ func (impl *WorkflowServiceImpl) appendGlobalCMCS(workflowRequest *types.Workflo
var workflowSecrets []bean.ConfigSecretMap
if !workflowRequest.IsExtRun {
// inject global variables only if IsExtRun is false
globalCmCsConfigs, err := impl.globalCMCSService.FindAllActiveByPipelineType(workflowRequest.GetEventTypeForWorkflowRequest())
globalCmCsConfigs, err := impl.globalCMCSService.FindAllActiveByPipelineType(workflowRequest.GetPipelineTypeForGlobalCMCS())
if err != nil {
impl.Logger.Errorw("error in getting all global cm/cs config", "err", err)
return nil, nil, err
Expand Down
1 change: 1 addition & 0 deletions pkg/pipeline/bean/WorkflowTemplate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ const (
CI_WORKFLOW_NAME = "ci"
CI_WORKFLOW_WITH_STAGES = "ci-stages-with-env"
CiStage = "CI"
JobStage = "JOB"
CdStage = "CD"
CD_WORKFLOW_NAME = "cd"
CD_WORKFLOW_WITH_STAGES = "cd-stages-with-env"
Expand Down
17 changes: 15 additions & 2 deletions pkg/pipeline/types/Workflow.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,8 +211,10 @@ func (workflowRequest *WorkflowRequest) GetWorkflowJson(config *CiCdConfig) ([]b

func (workflowRequest *WorkflowRequest) GetEventTypeForWorkflowRequest() string {
switch workflowRequest.Type {
case bean.CI_WORKFLOW_PIPELINE_TYPE, bean.JOB_WORKFLOW_PIPELINE_TYPE:
case bean.CI_WORKFLOW_PIPELINE_TYPE:
return bean.CiStage
case bean.JOB_WORKFLOW_PIPELINE_TYPE:
return bean.JobStage
case bean.CD_WORKFLOW_PIPELINE_TYPE:
return bean.CdStage
default:
Expand All @@ -222,7 +224,7 @@ func (workflowRequest *WorkflowRequest) GetEventTypeForWorkflowRequest() string

func (workflowRequest *WorkflowRequest) GetWorkflowTypeForWorkflowRequest() string {
switch workflowRequest.Type {
case bean.CI_WORKFLOW_PIPELINE_TYPE, bean.JOB_WORKFLOW_PIPELINE_TYPE:
case bean.CI_WORKFLOW_PIPELINE_TYPE, bean.JOB_WORKFLOW_PIPELINE_TYPE: //TODO: separate job as did in eventType, will need changes in wf template for this
return bean.CI_WORKFLOW_NAME
case bean.CD_WORKFLOW_PIPELINE_TYPE:
return bean.CD_WORKFLOW_NAME
Expand All @@ -231,6 +233,17 @@ func (workflowRequest *WorkflowRequest) GetWorkflowTypeForWorkflowRequest() stri
}
}

func (workflowRequest *WorkflowRequest) GetPipelineTypeForGlobalCMCS() string {
switch workflowRequest.Type {
case bean.CI_WORKFLOW_PIPELINE_TYPE, bean.JOB_WORKFLOW_PIPELINE_TYPE:
return bean.CiStage //although for job, event type is changed to job from ci but for backward compatibility still sending ci for global cm/cs
case bean.CD_WORKFLOW_PIPELINE_TYPE:
return bean.CdStage
default:
return ""
}
}

func (workflowRequest *WorkflowRequest) getContainerEnvVariables(config *CiCdConfig, workflowJson []byte) (containerEnvVariables []v1.EnvVar) {
containerEnvVariables = []v1.EnvVar{{Name: bean.IMAGE_SCANNER_ENDPOINT, Value: config.ImageScannerEndpoint}, {Name: "NATS_SERVER_HOST", Value: config.NatsServerHost}}
eventEnv := v1.EnvVar{Name: "CI_CD_EVENT", Value: string(workflowJson)}
Expand Down
15 changes: 15 additions & 0 deletions scripts/sql/229_trivy_alter.down.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
UPDATE scan_tool_metadata
SET result_descriptor_template = '[{{$size1:= len .Results}}{{range $i1, $v1 := .Results}}{{ if $v1.Vulnerabilities}}{{$size2:= len $v1.Vulnerabilities}}{{range $i2, $v2 := $v1.Vulnerabilities}}{{if and (eq $i1 (add $size1 -1)) (eq $i2 (add $size2 -1)) }}
{
"package": "{{$v2.PkgName}}",
"packageVersion": "{{$v2.InstalledVersion}}",
"fixedInVersion": "{{$v2.FixedVersion}}",
"severity": "{{$v2.Severity}}",
"name": "{{$v2.VulnerabilityID}}"
}{{else}}{
"package": "{{$v2.PkgName}}",
"packageVersion": "{{$v2.InstalledVersion}}",
"fixedInVersion": "{{$v2.FixedVersion}}",
"severity": "{{$v2.Severity}}",
"name": "{{$v2.VulnerabilityID}}"
},{{end}}{{end}}{{end}}{{end}}]' where name = 'TRIVY' and version ='V1';
12 changes: 12 additions & 0 deletions scripts/sql/229_trivy_alter.up.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
UPDATE scan_tool_metadata
SET result_descriptor_template = '[
{
"pathToVulnerabilitiesArray": "Results.#.Vulnerabilities",
"name": "VulnerabilityID",
"package": "PkgName",
"packageVersion": "InstalledVersion",
"fixedInVersion": "FixedVersion",
"severity": "Severity"
}
]' where name = 'TRIVY' and version ='V1';

7 changes: 7 additions & 0 deletions specs/global_cm_cs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,13 @@ components:
type: object
additionalProperties:
type: string
secretIngestionFor:
type: string
description: field for defining at where this config is to be ingested. If not set, "CI/CD" will be used as default.
enum:
- "CI"
- "CD"
- "CI/CD"
Error:
required:
- code
Expand Down