Skip to content

Commit dc0cf7d

Browse files
kartik-579kartik-579
authored
chore: Image scanning refactoring (#4802)
* added sql * updated event type for job in workflow request * added comments, handling for global cm/cs * fixed json string global cmcs * updated global cm/cs spec * wip * updated sql script number * updated sql script number
1 parent ce94374 commit dc0cf7d

File tree

7 files changed

+52
-4
lines changed

7 files changed

+52
-4
lines changed

pkg/pipeline/GlobalCMCSService.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ func NewGlobalCMCSServiceImpl(logger *zap.SugaredLogger,
3636
type GlobalCMCSDataUpdateDto struct {
3737
Id int `json:"id"`
3838
Data map[string]string `json:"data" validate:"required"`
39-
SecretIngestionFor string `json:"SecretIngestionFor"` // value can be one of [ci, cd, ci/cd]
39+
SecretIngestionFor string `json:"secretIngestionFor"` // value can be one of [ci, cd, ci/cd]
4040
UserId int32 `json:"-"`
4141
}
4242

pkg/pipeline/WorkflowService.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -204,7 +204,7 @@ func (impl *WorkflowServiceImpl) appendGlobalCMCS(workflowRequest *types.Workflo
204204
var workflowSecrets []bean.ConfigSecretMap
205205
if !workflowRequest.IsExtRun {
206206
// inject global variables only if IsExtRun is false
207-
globalCmCsConfigs, err := impl.globalCMCSService.FindAllActiveByPipelineType(workflowRequest.GetEventTypeForWorkflowRequest())
207+
globalCmCsConfigs, err := impl.globalCMCSService.FindAllActiveByPipelineType(workflowRequest.GetPipelineTypeForGlobalCMCS())
208208
if err != nil {
209209
impl.Logger.Errorw("error in getting all global cm/cs config", "err", err)
210210
return nil, nil, err

pkg/pipeline/bean/WorkflowTemplate.go

+1
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ const (
3737
CI_WORKFLOW_NAME = "ci"
3838
CI_WORKFLOW_WITH_STAGES = "ci-stages-with-env"
3939
CiStage = "CI"
40+
JobStage = "JOB"
4041
CdStage = "CD"
4142
CD_WORKFLOW_NAME = "cd"
4243
CD_WORKFLOW_WITH_STAGES = "cd-stages-with-env"

pkg/pipeline/types/Workflow.go

+15-2
Original file line numberDiff line numberDiff line change
@@ -211,8 +211,10 @@ func (workflowRequest *WorkflowRequest) GetWorkflowJson(config *CiCdConfig) ([]b
211211

212212
func (workflowRequest *WorkflowRequest) GetEventTypeForWorkflowRequest() string {
213213
switch workflowRequest.Type {
214-
case bean.CI_WORKFLOW_PIPELINE_TYPE, bean.JOB_WORKFLOW_PIPELINE_TYPE:
214+
case bean.CI_WORKFLOW_PIPELINE_TYPE:
215215
return bean.CiStage
216+
case bean.JOB_WORKFLOW_PIPELINE_TYPE:
217+
return bean.JobStage
216218
case bean.CD_WORKFLOW_PIPELINE_TYPE:
217219
return bean.CdStage
218220
default:
@@ -222,7 +224,7 @@ func (workflowRequest *WorkflowRequest) GetEventTypeForWorkflowRequest() string
222224

223225
func (workflowRequest *WorkflowRequest) GetWorkflowTypeForWorkflowRequest() string {
224226
switch workflowRequest.Type {
225-
case bean.CI_WORKFLOW_PIPELINE_TYPE, bean.JOB_WORKFLOW_PIPELINE_TYPE:
227+
case bean.CI_WORKFLOW_PIPELINE_TYPE, bean.JOB_WORKFLOW_PIPELINE_TYPE: //TODO: separate job as did in eventType, will need changes in wf template for this
226228
return bean.CI_WORKFLOW_NAME
227229
case bean.CD_WORKFLOW_PIPELINE_TYPE:
228230
return bean.CD_WORKFLOW_NAME
@@ -231,6 +233,17 @@ func (workflowRequest *WorkflowRequest) GetWorkflowTypeForWorkflowRequest() stri
231233
}
232234
}
233235

236+
func (workflowRequest *WorkflowRequest) GetPipelineTypeForGlobalCMCS() string {
237+
switch workflowRequest.Type {
238+
case bean.CI_WORKFLOW_PIPELINE_TYPE, bean.JOB_WORKFLOW_PIPELINE_TYPE:
239+
return bean.CiStage //although for job, event type is changed to job from ci but for backward compatibility still sending ci for global cm/cs
240+
case bean.CD_WORKFLOW_PIPELINE_TYPE:
241+
return bean.CdStage
242+
default:
243+
return ""
244+
}
245+
}
246+
234247
func (workflowRequest *WorkflowRequest) getContainerEnvVariables(config *CiCdConfig, workflowJson []byte) (containerEnvVariables []v1.EnvVar) {
235248
containerEnvVariables = []v1.EnvVar{{Name: bean.IMAGE_SCANNER_ENDPOINT, Value: config.ImageScannerEndpoint}, {Name: "NATS_SERVER_HOST", Value: config.NatsServerHost}}
236249
eventEnv := v1.EnvVar{Name: "CI_CD_EVENT", Value: string(workflowJson)}

scripts/sql/232_trivy_alter.down.sql

+15
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
UPDATE scan_tool_metadata
2+
SET result_descriptor_template = '[{{$size1:= len .Results}}{{range $i1, $v1 := .Results}}{{ if $v1.Vulnerabilities}}{{$size2:= len $v1.Vulnerabilities}}{{range $i2, $v2 := $v1.Vulnerabilities}}{{if and (eq $i1 (add $size1 -1)) (eq $i2 (add $size2 -1)) }}
3+
{
4+
"package": "{{$v2.PkgName}}",
5+
"packageVersion": "{{$v2.InstalledVersion}}",
6+
"fixedInVersion": "{{$v2.FixedVersion}}",
7+
"severity": "{{$v2.Severity}}",
8+
"name": "{{$v2.VulnerabilityID}}"
9+
}{{else}}{
10+
"package": "{{$v2.PkgName}}",
11+
"packageVersion": "{{$v2.InstalledVersion}}",
12+
"fixedInVersion": "{{$v2.FixedVersion}}",
13+
"severity": "{{$v2.Severity}}",
14+
"name": "{{$v2.VulnerabilityID}}"
15+
},{{end}}{{end}}{{end}}{{end}}]' where name = 'TRIVY' and version ='V1';

scripts/sql/232_trivy_alter.up.sql

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
UPDATE scan_tool_metadata
2+
SET result_descriptor_template = '[
3+
{
4+
"pathToVulnerabilitiesArray": "Results.#.Vulnerabilities",
5+
"name": "VulnerabilityID",
6+
"package": "PkgName",
7+
"packageVersion": "InstalledVersion",
8+
"fixedInVersion": "FixedVersion",
9+
"severity": "Severity"
10+
}
11+
]' where name = 'TRIVY' and version ='V1';
12+

specs/global_cm_cs.yaml

+7
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,13 @@ components:
6060
type: object
6161
additionalProperties:
6262
type: string
63+
secretIngestionFor:
64+
type: string
65+
description: field for defining at where this config is to be ingested. If not set, "CI/CD" will be used as default.
66+
enum:
67+
- "CI"
68+
- "CD"
69+
- "CI/CD"
6370
Error:
6471
required:
6572
- code

0 commit comments

Comments
 (0)