@@ -23,6 +23,7 @@ import (
2323 "fmt"
2424 "net/http"
2525 _ "net/http/pprof" //nolint:gosec
26+ "os"
2627 "strings"
2728
2829 "go.opencensus.io/stats/view"
@@ -35,6 +36,7 @@ import (
3536 "github.com/ossf/scorecard/v5/clients/ossfuzz"
3637 "github.com/ossf/scorecard/v5/cron/config"
3738 "github.com/ossf/scorecard/v5/cron/data"
39+ "github.com/ossf/scorecard/v5/cron/internal/cdn"
3840 format "github.com/ossf/scorecard/v5/cron/internal/format"
3941 "github.com/ossf/scorecard/v5/cron/monitoring"
4042 "github.com/ossf/scorecard/v5/cron/worker"
@@ -89,6 +91,7 @@ type ScorecardWorker struct {
8991 ciiClient clients.CIIBestPracticesClient
9092 ossFuzzRepoClient clients.RepoClient
9193 vulnsClient clients.VulnerabilitiesClient
94+ purgeClient cdn.Purger
9295 apiBucketURL string
9396 rawBucketURL string
9497 blacklistedChecks []string
@@ -131,6 +134,25 @@ func newScorecardWorker() (*ScorecardWorker, error) {
131134 }
132135 sw .vulnsClient = clients .DefaultVulnerabilitiesClient ()
133136
137+ // Use STORAGE_EMULATOR_HOST to determine if we're testing the worker locally,
138+ // in which case we don't want to purge the CDN.
139+ if os .Getenv ("STORAGE_EMULATOR_HOST" ) != "" {
140+ sw .logger .Info ("API result CDN purging disabled, STORAGE_EMULATOR_HOST is set" )
141+ sw .purgeClient = cdn .NewNoOpClient ()
142+ } else {
143+ apiBaseURL , err := config .GetAPIBaseURL ()
144+ if err != nil {
145+ sw .logger .Info ("API result CDN purging disabled, SCORECARD_API_BASE_URL not set" )
146+ sw .purgeClient = cdn .NewNoOpClient ()
147+ } else if purgeToken := os .Getenv ("FASTLY_PURGE_TOKEN" ); purgeToken == "" {
148+ sw .logger .Info ("API result CDN purging disabled, FASTLY_PURGE_TOKEN not set" )
149+ sw .purgeClient = cdn .NewNoOpClient ()
150+ } else {
151+ sw .logger .Info ("API result CDN purging enabled for " + apiBaseURL )
152+ sw .purgeClient = cdn .NewFastlyClient (purgeToken , apiBaseURL )
153+ }
154+ }
155+
134156 if sw .exporter , err = startMetricsExporter (); err != nil {
135157 return nil , fmt .Errorf ("startMetricsExporter: %w" , err )
136158 }
@@ -152,7 +174,7 @@ func (sw *ScorecardWorker) Close() {
152174func (sw * ScorecardWorker ) Process (ctx context.Context , req * data.ScorecardBatchRequest , bucketURL string ) error {
153175 return processRequest (ctx , req , sw .blacklistedChecks , bucketURL , sw .rawBucketURL , sw .apiBucketURL ,
154176 sw .checkDocs , sw .githubClient , sw .gitlabClient , sw .ossFuzzRepoClient , sw .ciiClient ,
155- sw .vulnsClient , sw .logger )
177+ sw .vulnsClient , sw .purgeClient , sw . logger )
156178}
157179
158180func (sw * ScorecardWorker ) PostProcess () {
@@ -167,6 +189,7 @@ func processRequest(ctx context.Context,
167189 githubClient , gitlabClient clients.RepoClient , ossFuzzRepoClient clients.RepoClient ,
168190 ciiClient clients.CIIBestPracticesClient ,
169191 vulnsClient clients.VulnerabilitiesClient ,
192+ purgeClient cdn.Purger ,
170193 logger * log.Logger ,
171194) error {
172195 filename := worker .ResultFilename (batchRequest )
@@ -276,10 +299,18 @@ func processRequest(ctx context.Context,
276299 if err := data .WriteToBlobStore (ctx , apiBucketURL , exportPath , exportBuffer .Bytes ()); err != nil {
277300 return fmt .Errorf ("error during writing to exportBucketURL: %w" , err )
278301 }
302+ path := fmt .Sprintf ("/projects/%s" , repo .URI ())
303+ if err := purgeClient .Purge (ctx , path ); err != nil {
304+ logger .Info (fmt .Sprintf ("failed to purge CDN for %s: %v" , path , err ))
305+ }
279306 // Export result based on commitSHA.
280307 if err := data .WriteToBlobStore (ctx , apiBucketURL , exportCommitSHAPath , exportBuffer .Bytes ()); err != nil {
281308 return fmt .Errorf ("error during exportBucketURL with commit SHA: %w" , err )
282309 }
310+ path = fmt .Sprintf ("/projects/%s?commit=%s" , repo .URI (), result .Repo .CommitSHA )
311+ if err := purgeClient .Purge (ctx , path ); err != nil {
312+ logger .Info (fmt .Sprintf ("failed to purge CDN for %s: %v" , path , err ))
313+ }
283314 // Export raw result.
284315 if err := data .WriteToBlobStore (ctx , apiBucketURL , exportRawPath , exportRawBuffer .Bytes ()); err != nil {
285316 return fmt .Errorf ("error during writing to exportBucketURL for raw results: %w" , err )
0 commit comments