From f6be7492d2d85f002fde5527e010d9217340a90f Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Thu, 5 Oct 2023 17:21:09 +0530 Subject: [PATCH 01/14] image scanning plugin --- assets/ic-plugin-vulnerability-scan.png | Bin 0 -> 5193 bytes scripts/sql/177_image_scan_plugin.down.sql | 5 +++ scripts/sql/177_image_scan_plugin.up.sql | 39 +++++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 assets/ic-plugin-vulnerability-scan.png create mode 100644 scripts/sql/177_image_scan_plugin.down.sql create mode 100644 scripts/sql/177_image_scan_plugin.up.sql diff --git a/assets/ic-plugin-vulnerability-scan.png b/assets/ic-plugin-vulnerability-scan.png new file mode 100644 index 0000000000000000000000000000000000000000..c324a69fbf9514858ea818a8f9a60b7809356af5 GIT binary patch literal 5193 zcmV-P6t?S$P)5u5JV9OWc6ZN(j}cwb*7hry!r&%og9q^Ul|YpNbmjc{ zSBFDGyQV1^rLe9C&z_xk4DS{J$YY!Ex(;L|83wlk!kjZT+(Ok1r&N!RLR{J!C`MO&fkY}Fw2au zn=|JJpWVB+tF8<9`2g!ajfE#o<)@+SQQcrcYZtJQ4iLjA*Vfmg+~IM;{xsHIX?YW} z$D?1aTzQp$=FFeQB^>1nSz))7zQ0Neu_|I??AKm8y`-zFt3Sy|F8LUku)@LtXZGy- z=01C1FFnt~Pp`QS%mUfe3(Q`@)KyXn>)|{=6W2V7-}E;C=04G|Ounh3`x5q%GS~6? zA4t^qR_NPnbwRTHkdz}pzIEH;JAa5KpC z0B~F8Cv~W3Q`y$ajr6rj8##1K{I9QExuSUT#}-NJ`Ckl+0IfP%d=SS)?+=&s7C?Arg8lka`MQR9Ufm! z)F1L?kgu|RrOs9D@cGcS9Z$(pak;_)VEviy?hP(IU<@v?jJ&bwRgZ&LG&t08fLl@80cb3@e=Xn@E%R@Am;mMAi6P6Ay9^oo~fQfr$}Lkb)p0;jb(mH zhmmTF?4ch4#ZW;hjeN&P&od#5Ah4q0Q~gkUpe~BHqz$7!CCN5*s+_A3*P(-D*e-r9 z#kNqn&oz&=jhtgrfN;&@prRh>=23v7(t(*}NU36iSNIxv3`r&okF7@;AS}PHM~-rZ zV;&*FM_!`(Kpq$G5k*-v8Hwckrad)O^#p2wed3jLa4F~by1ngRn0^I|pRFvqlKe=v zv5jnpNda(*$(mXEK zm5e+K4tXPbg$9y5)7)FR1g2z>@{-#4iT;&b12|pnps22GnbASj8SkSyvVBs3REW{6 z7Z6rxC|(^M4p;y(f*6JR0cjXFrDxC8%1Wzr$|eu2$2tp^;z<~fZ~ zuiTBNaEII-1*6h}I`%vbsFiA`S=Ao3aL_DZ|kNSVv^%L&roEj8-*x{Iv|AudJeTGF&ZtVrcH@; zuJV>pdqxmySu|UzDWAd!l~@#(+Ex~Wby*3s2P7Qb?xwf)aA%nG6N3YuJaxK7axUC? z9sNN%9k^&=tAyMaL}_hZAy|m{rEeckKYrA4x=B9uZNiI%+S@HCjDQtJAJQu{fY`CY zfmPl|0E9Me@Nq&68*ISFf5x-f%&Z5$@tkBaaNHV8Ya#3ISVmwuramyELeCNsd>SP3 zGWaZmPu&)j9!0^eRQ)M{W$TI~D<0jv;~8=0+$~~s^cookDG>@NVGEYa9A_O@ZC|_Y z3-@F=n@4SEhP+J{mW`z99(r3qKYEP{c?vse22_9vUq|a1+2QDcb7DPJq)8oKO79te z{*C9l|MstM7x{dFFiAL^rrU?*8fnUud_vxdk+SiSSX1!HZ{Ok@4E|HTW3W)-H!XiA9|S|RbVhF5pEK6 z&XEb5qI_h^{=c5>uyti2CUj_NH$-5lmXep$hDue(^azEqH!%Z*^zc4R@+qOpy}^+% z%Nle1&6Du-vo9zhFgPoX00-lQVSI#GKRA+y|NNgP;Lb1J0@q#l8Lc#fndIeUkPMA( zR+q$m1RxD^sGces3`Nx+((-V3m8`ySmG!C_U$YDO0aJKzEB6BX~a9ebc@W(&-|q7BY5=PlBe z`cku{Fu)jVLZgE;1B^5GkcvTAE2aR`8pogB} zP8S1*}kWkzW0wk%RqVvqk|f46pgy7aNXP3u1hET2>=>XR?yI@Y6-WgL+a%YtyA^pEzm|$-MRA%fzJ80UeSc1bR&_& zgBj7+-{8)>vM16N>BkV+BDGJ3_rK^+B$Ex`2 zGp+e&c799xr5tZ>dnvc>%Ri=WL+$a*m_a#T?+P5PD;SmWV-slnrR5QV-;BsY~~)hrQ)S#mdtal!D61Qk>KcE#HWk(G2#Vn@Sq+-PsnYJY}2}utyKvifqK0ve%(o0Ld zE`#{027}q@9*pOwQsAw=>G9Ib`|p90uija5Gex)i#o1A4**V|fl*~O;7MgB^)L|#c zNLdYznX=_*_slHaN}glgb~I)~;B^*yOSSiFODRJ$~bxYdCxR<*K@JjyJD#s#Pf zu*!v#h?I@iNxXH|K>Dsb9t(~hzb@=Ly%Y+C#w@mK@Vu&{2;SsC>IQs|j8lmJvmp#g zy@d!(MiS;gH{_McA|7MGje~$*UDID3(AyLNd8$ac1-E1FYpKsIK7@-M0b?C28(SP} zpNQ?P%+iq`-#RQGK&$^^!e|&jN|bOhGMWp{yt^PLg*V5oJ~VPJPXn*hF)9Y}IHRYe z4K*$wm>iUH#!q^xt*9b4@gG&?HHC1y9(O{iGWmsR_wgNWFpe&w`4 zTNKm@-*qEU2k^c1ZHEtU?T2X)hiQ^8ig%0!j?qU=@p%asmE;)mgRwcmRoe~)_fp16 z_rf%3+5q8xt8ctIJL&_WfRCE`h8yCw(0+j-of`yj`_e;C+7TFKIWBO2M<2G z8Kz0o&OuY5ch-DmG2(Q1s{9k>Abyz#&HpqHSH^gx(jUNk-#!VW-F}q}hr2giz5DU~ zP-B{Qh)spAXcR}$!ak@0rIt1-aEN#_zAm}Gp^69JDxAF-;HW;~A`siO31?#V1k`|n zQ=`$UmvTw|^^xlS@MS1mB&zuuv9t5;=BAdb|L$P1^w90O)Rb}@y))M*ih;70)<=G2_{?4^ zdjuZAtx)MJsP}RB0OTV$LB$pe6X%hO8m34jsW=umob60GnU!rX|KLOCm#NUSw;E#+#(lSlx7QLf-q}hX z0tqj7p8cbH{{|E8cM!qcc=9C9O!Q6FvXeu`hEt6F!T&upA9`uR(nPKSQ@Z3O5r=A-}P-2Gpu0jW?h|1b7D-Qy|F%^%f2=>FoS zFEunbJ~54jgZ-B4 z15}^5e*``PTDb2gLwNa#`9$A}VIMBpe&Dua;ZTztR4ZZ^VHWzZbWt{|ze{upph@Tw zK$FlVfF_|!08K)d0GfoV0K&7UX1GKVDS&YC(G`_Qxfnj7ggC6W_w=(lbX5R(natJ% zU+3($wodqj5&ilEUOMfw5F!T1{L)FZxx+Bq(ykkPB8VIUH@V5L|7_?s`_bs!#{96- zA%L=Pc)WlNdteg!ZT$r*bc7~MDfF`(or&TuJh-{J3Lv636zb^RYzIt_eiwd$il_`6 zqOw_xDu@9R;r0ol4Va6s@1E!n(6=m01jnXNoGw=04e|g00;m8000000Mb*F00000NkvXXu0mjf D$i?K_ literal 0 HcmV?d00001 diff --git a/scripts/sql/177_image_scan_plugin.down.sql b/scripts/sql/177_image_scan_plugin.down.sql new file mode 100644 index 00000000000..ae8f5e5c235 --- /dev/null +++ b/scripts/sql/177_image_scan_plugin.down.sql @@ -0,0 +1,5 @@ +DELETE FROM plugin_step_variable WHERE plugin_step_id =(SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false); +DELETE FROM plugin_stage_mapping WHERE plugin_id =(SELECT id FROM plugin_metadata WHERE name='Image Scanning'); +DELETE FROM pipeline_stage_step_variable WHERE pipeline_stage_step_id in (SELECT id FROM pipeline_stage_step where ref_plugin_id =(SELECT id from plugin_metadata WHERE name ='Image Scanning')); +DELETE FROM pipeline_stage_step where ref_plugin_id in (SELECT id from plugin_metadata WHERE name ='Image Scanning'); +DELETE FROM plugin_metadata WHERE name ='Image Scanning'; diff --git a/scripts/sql/177_image_scan_plugin.up.sql b/scripts/sql/177_image_scan_plugin.up.sql new file mode 100644 index 00000000000..6db380ee65b --- /dev/null +++ b/scripts/sql/177_image_scan_plugin.up.sql @@ -0,0 +1,39 @@ +INSERT INTO "plugin_metadata" ("id", "name", "description","type","icon","deleted", "created_on", "created_by", "updated_on", "updated_by") +VALUES (nextval('id_seq_plugin_metadata'), 'Image Scanning','Scan a image','PRESET','https://raw.githubusercontent.com/devtron-labs/devtron/main/assets/ic-plugin-vulnerability-scan.png','f', 'now()', 1, 'now()', 1); + +INSERT INTO "plugin_stage_mapping" ("plugin_id","stage_type","created_on", "created_by", "updated_on", "updated_by") +VALUES ((SELECT id FROM plugin_metadata WHERE name='Image Scanning'),0,'now()', 1, 'now()', 1); + +INSERT INTO "plugin_pipeline_script" ("id", "script", "type","deleted","created_on", "created_by", "updated_on", "updated_by") +VALUES (nextval('id_seq_plugin_pipeline_script'), + '#!/bin/sh + echo "IMAGE SCAN" + curl -X POST $IMAGE_SCANNER_ENDPOINT/scanner/image -H "Content-Type: application/json" -d "{\"image\": \"$DEST\", \"imageDigest\": \"$DIGEST\", \"pipelineId\" : $PIPELINE_ID, \"userId\": + $TRIGGERED_BY, \"dockerRegistryId\": \"$DOCKER_REGISTRY_ID\" }" + if [ $? != 0 ] + then + echo -e "\033[1m======== Image scanning request failed ========" + exit 1 + fi', + 'SHELL', + 'f', + 'now()', + 1, + 'now()', + 1); + + + + +INSERT INTO "plugin_step" ("id", "plugin_id","name","description","index","step_type","script_id","deleted", "created_on", "created_by", "updated_on", "updated_by") +VALUES (nextval('id_seq_plugin_step'), (SELECT id FROM plugin_metadata WHERE name='Image Scanning'),'Step 1','Step 1 - Image Scanning','1','INLINE',(SELECT last_value FROM id_seq_plugin_pipeline_script),'f','now()', 1, 'now()', 1); + + +INSERT INTO "plugin_step_variable" ("id", "plugin_step_id", "name", "format", "description", "is_exposed", "allow_empty_value","variable_type", "value_type", "variable_step_index",reference_variable_name, "deleted", "created_on", "created_by", "updated_on", "updated_by") VALUES + (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false), 'DEST','STRING','image dest',false,true,'INPUT','GLOBAL',1 ,'DEST','f','now()', 1, 'now()', 1), + (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false), 'DIGEST','STRING','Image Digest',false,true,'INPUT','GLOBAL',1 ,'DIGEST','f','now()', 1, 'now()', 1), + (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false), 'PIPELINE_ID','STRING','Pipeline id',false,true,'INPUT','GLOBAL',1 ,'PIPELINE_ID','f','now()', 1, 'now()', 1), + (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false), 'TRIGGERED_BY','STRING','triggered by user',false,true,'INPUT','GLOBAL',1 ,'TRIGGERED_BY','f','now()', 1, 'now()', 1), + (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false), 'DOCKER_REGISTRY_ID','STRING','docker registry id',false,true,'INPUT','GLOBAL',1 ,'DOCKER_REGISTRY_ID','f','now()', 1, 'now()', 1), + (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false), 'IMAGE_SCANNER_ENDPOINT','STRING','image scanner endpoint',false,true,'INPUT','GLOBAL',1 ,'IMAGE_SCANNER_ENDPOINT','f','now()', 1, 'now()', 1); + From 7418f2bfab7a7a004ae72acc52908e4f73abc959 Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Wed, 11 Oct 2023 17:31:04 +0530 Subject: [PATCH 02/14] check for active ci_pipeline_material --- internal/sql/repository/pipelineConfig/CiPipelineRepository.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/internal/sql/repository/pipelineConfig/CiPipelineRepository.go b/internal/sql/repository/pipelineConfig/CiPipelineRepository.go index 974d1b7b6e8..fccf0f5166f 100644 --- a/internal/sql/repository/pipelineConfig/CiPipelineRepository.go +++ b/internal/sql/repository/pipelineConfig/CiPipelineRepository.go @@ -285,6 +285,9 @@ func (impl CiPipelineRepositoryImpl) FindById(id int) (pipeline *CiPipeline, err pipeline = &CiPipeline{Id: id} err = impl.dbConnection.Model(pipeline). Column("ci_pipeline.*", "App", "CiPipelineMaterials", "CiTemplate", "CiTemplate.DockerRegistry", "CiPipelineMaterials.GitMaterial"). + Relation("CiPipelineMaterials", func(q *orm.Query) (query *orm.Query, err error) { + return q.Where("(ci_pipeline_material.active=true)"), nil + }). Where("ci_pipeline.id= ?", id). Where("ci_pipeline.deleted =? ", false). Select() From 647bf1d7ae7e6a07cbb4f92ddc65e57479320e5d Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Thu, 12 Oct 2023 11:17:24 +0530 Subject: [PATCH 03/14] sql script number change --- ..._image_scan_plugin.down.sql => 179_image_scan_plugin.down.sql} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scripts/sql/{177_image_scan_plugin.down.sql => 179_image_scan_plugin.down.sql} (100%) diff --git a/scripts/sql/177_image_scan_plugin.down.sql b/scripts/sql/179_image_scan_plugin.down.sql similarity index 100% rename from scripts/sql/177_image_scan_plugin.down.sql rename to scripts/sql/179_image_scan_plugin.down.sql From cf95eaa708faea2f56d345431cedd630d510e9ed Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Thu, 12 Oct 2023 11:17:33 +0530 Subject: [PATCH 04/14] sql script number change --- ...{177_image_scan_plugin.up.sql => 179_image_scan_plugin.up.sql} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename scripts/sql/{177_image_scan_plugin.up.sql => 179_image_scan_plugin.up.sql} (100%) diff --git a/scripts/sql/177_image_scan_plugin.up.sql b/scripts/sql/179_image_scan_plugin.up.sql similarity index 100% rename from scripts/sql/177_image_scan_plugin.up.sql rename to scripts/sql/179_image_scan_plugin.up.sql From 29a213babbdd35843125dc62290cecf0dbe13a29 Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Fri, 20 Oct 2023 14:48:12 +0530 Subject: [PATCH 05/14] image scanning plugin check --- pkg/pipeline/WebhookService.go | 57 ++++++++++++------- pkg/pipeline/bean/pipelineStage.go | 4 ++ .../repository/PipelineStageRepository.go | 14 +++++ wire_gen.go | 2 +- 4 files changed, 55 insertions(+), 22 deletions(-) diff --git a/pkg/pipeline/WebhookService.go b/pkg/pipeline/WebhookService.go index 59d6ab8f207..11c07b3e483 100644 --- a/pkg/pipeline/WebhookService.go +++ b/pkg/pipeline/WebhookService.go @@ -28,6 +28,9 @@ import ( "github.com/devtron-labs/devtron/internal/sql/repository/pipelineConfig" util2 "github.com/devtron-labs/devtron/internal/util" "github.com/devtron-labs/devtron/pkg/app" + "github.com/devtron-labs/devtron/pkg/pipeline/bean" + repository2 "github.com/devtron-labs/devtron/pkg/pipeline/repository" + repository3 "github.com/devtron-labs/devtron/pkg/plugin/repository" "github.com/devtron-labs/devtron/pkg/sql" "github.com/devtron-labs/devtron/util/event" "github.com/go-pg/pg" @@ -58,16 +61,18 @@ type WebhookService interface { } type WebhookServiceImpl struct { - ciArtifactRepository repository.CiArtifactRepository - ciConfig *CiConfig - logger *zap.SugaredLogger - ciPipelineRepository pipelineConfig.CiPipelineRepository - ciWorkflowRepository pipelineConfig.CiWorkflowRepository - appService app.AppService - eventClient client.EventClient - eventFactory client.EventFactory - workflowDagExecutor WorkflowDagExecutor - ciHandler CiHandler + ciArtifactRepository repository.CiArtifactRepository + ciConfig *CiConfig + logger *zap.SugaredLogger + ciPipelineRepository pipelineConfig.CiPipelineRepository + ciWorkflowRepository pipelineConfig.CiWorkflowRepository + appService app.AppService + eventClient client.EventClient + eventFactory client.EventFactory + workflowDagExecutor WorkflowDagExecutor + ciHandler CiHandler + pipelineStageRepository repository2.PipelineStageRepository + globalPluginRepository repository3.GlobalPluginRepository } func NewWebhookServiceImpl( @@ -77,17 +82,21 @@ func NewWebhookServiceImpl( appService app.AppService, eventClient client.EventClient, eventFactory client.EventFactory, ciWorkflowRepository pipelineConfig.CiWorkflowRepository, - workflowDagExecutor WorkflowDagExecutor, ciHandler CiHandler) *WebhookServiceImpl { + workflowDagExecutor WorkflowDagExecutor, ciHandler CiHandler, + pipelineStageRepository repository2.PipelineStageRepository, + globalPluginRepository repository3.GlobalPluginRepository) *WebhookServiceImpl { webhookHandler := &WebhookServiceImpl{ - ciArtifactRepository: ciArtifactRepository, - logger: logger, - ciPipelineRepository: ciPipelineRepository, - appService: appService, - eventClient: eventClient, - eventFactory: eventFactory, - ciWorkflowRepository: ciWorkflowRepository, - workflowDagExecutor: workflowDagExecutor, - ciHandler: ciHandler, + ciArtifactRepository: ciArtifactRepository, + logger: logger, + ciPipelineRepository: ciPipelineRepository, + appService: appService, + eventClient: eventClient, + eventFactory: eventFactory, + ciWorkflowRepository: ciWorkflowRepository, + workflowDagExecutor: workflowDagExecutor, + ciHandler: ciHandler, + pipelineStageRepository: pipelineStageRepository, + globalPluginRepository: globalPluginRepository, } config, err := GetCiConfig() if err != nil { @@ -199,7 +208,13 @@ func (impl WebhookServiceImpl) HandleCiSuccessEvent(ciPipelineId int, request *C IsArtifactUploaded: request.IsArtifactUploaded, AuditLog: sql.AuditLog{CreatedBy: request.UserId, UpdatedBy: request.UserId, CreatedOn: createdOn, UpdatedOn: updatedOn}, } - if pipeline.ScanEnabled { + plugin, err := impl.globalPluginRepository.GetPluginByName(bean.IMAGE_SCANNING_PLUGIN) + if err != nil || len(plugin) == 0 { + impl.logger.Errorw("error in getting image scanning plugin", "err", err) + return 0, err + } + isScanPluginConfigured := impl.pipelineStageRepository.CheckPluginExistsInCiPipeline(pipeline.Id, string(repository2.PIPELINE_STAGE_TYPE_POST_CI), plugin[0].Id) + if pipeline.ScanEnabled || isScanPluginConfigured { artifact.Scanned = true } if err = impl.ciArtifactRepository.Save(artifact); err != nil { diff --git a/pkg/pipeline/bean/pipelineStage.go b/pkg/pipeline/bean/pipelineStage.go index 166cf22bf7d..e559727647c 100644 --- a/pkg/pipeline/bean/pipelineStage.go +++ b/pkg/pipeline/bean/pipelineStage.go @@ -92,3 +92,7 @@ type PortMap struct { PortOnLocal int `json:"portOnLocal" validate:"number,gt=0"` PortOnContainer int `json:"portOnContainer" validate:"number,gt=0"` } + +const ( + IMAGE_SCANNING_PLUGIN string = "Image Scanning" +) diff --git a/pkg/pipeline/repository/PipelineStageRepository.go b/pkg/pipeline/repository/PipelineStageRepository.go index 56ce81b3303..8aaf09b253b 100644 --- a/pkg/pipeline/repository/PipelineStageRepository.go +++ b/pkg/pipeline/repository/PipelineStageRepository.go @@ -154,6 +154,7 @@ type PipelineStageRepository interface { MarkPipelineStageStepsDeletedByStageId(stageId int, updatedBy int32, tx *pg.Tx) error GetAllStepsByStageId(stageId int) ([]*PipelineStageStep, error) GetAllCiPipelineIdsByPluginIdAndStageType(pluginId int, stageType string) ([]int, error) + CheckPluginExistsInCiPipeline(pipelineId int, stageType string, pluginId int) bool GetStepById(stepId int) (*PipelineStageStep, error) MarkStepsDeletedByStageId(stageId int) error MarkStepsDeletedExcludingActiveStepsInUpdateReq(activeStepIdsPresentInReq []int, stageId int) error @@ -394,6 +395,19 @@ func (impl *PipelineStageRepositoryImpl) GetAllCiPipelineIdsByPluginIdAndStageTy return ciPipelineIds, nil } +func (impl *PipelineStageRepositoryImpl) CheckPluginExistsInCiPipeline(pipelineId int, stageType string, pluginId int) bool { + var step PipelineStageStep + query := "Select * from pipeline_stage_step pss " + + "INNER JOIN pipeline_stage ps ON ps.id = pss.pipeline_stage_id " + + "where pss.ref_plugin_id = ? and ps.type = ? and pss.deleted = false and ps.deleted = false and ps.ci_pipeline_id= ?" + _, err := impl.dbConnection.Query(&step, query, pluginId, stageType, pipelineId) + if err != nil { + impl.logger.Errorw("err in getting pipelineStageStep", "err", err, "pluginId", pluginId, "pipelineId", pipelineId, "stageType", stageType) + return false + } + return step.Id != 0 +} + func (impl *PipelineStageRepositoryImpl) MarkStepsDeletedByStageId(stageId int) error { var step PipelineStageStep _, err := impl.dbConnection.Model(&step).Set("deleted = ?", true). diff --git a/wire_gen.go b/wire_gen.go index 7e8c5e2da22..bfb6afc6098 100644 --- a/wire_gen.go +++ b/wire_gen.go @@ -544,7 +544,7 @@ func InitializeApp() (*App, error) { gitWebhookRepositoryImpl := repository.NewGitWebhookRepositoryImpl(db) gitWebhookServiceImpl := git.NewGitWebhookServiceImpl(sugaredLogger, ciHandlerImpl, gitWebhookRepositoryImpl) gitWebhookRestHandlerImpl := restHandler.NewGitWebhookRestHandlerImpl(sugaredLogger, gitWebhookServiceImpl) - webhookServiceImpl := pipeline.NewWebhookServiceImpl(ciArtifactRepositoryImpl, sugaredLogger, ciPipelineRepositoryImpl, appServiceImpl, eventRESTClientImpl, eventSimpleFactoryImpl, ciWorkflowRepositoryImpl, workflowDagExecutorImpl, ciHandlerImpl) + webhookServiceImpl := pipeline.NewWebhookServiceImpl(ciArtifactRepositoryImpl, sugaredLogger, ciPipelineRepositoryImpl, appServiceImpl, eventRESTClientImpl, eventSimpleFactoryImpl, ciWorkflowRepositoryImpl, workflowDagExecutorImpl, ciHandlerImpl, pipelineStageRepositoryImpl, globalPluginRepositoryImpl) ciEventConfig, err := pubsub.GetCiEventConfig() if err != nil { return nil, err From 46f76d6cc6fde684eeaee0f18c447c080ae64497 Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Fri, 20 Oct 2023 15:01:02 +0530 Subject: [PATCH 06/14] image scanning plugin check --- pkg/pipeline/WebhookService.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/pipeline/WebhookService.go b/pkg/pipeline/WebhookService.go index 11c07b3e483..19b72bc901c 100644 --- a/pkg/pipeline/WebhookService.go +++ b/pkg/pipeline/WebhookService.go @@ -216,6 +216,7 @@ func (impl WebhookServiceImpl) HandleCiSuccessEvent(ciPipelineId int, request *C isScanPluginConfigured := impl.pipelineStageRepository.CheckPluginExistsInCiPipeline(pipeline.Id, string(repository2.PIPELINE_STAGE_TYPE_POST_CI), plugin[0].Id) if pipeline.ScanEnabled || isScanPluginConfigured { artifact.Scanned = true + artifact.ScanEnabled = true } if err = impl.ciArtifactRepository.Save(artifact); err != nil { impl.logger.Errorw("error in saving material", "err", err) From 6211df2bf85f60e29fef48c85a8d69482db990b2 Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Fri, 20 Oct 2023 15:08:09 +0530 Subject: [PATCH 07/14] check for err --- pkg/pipeline/WebhookService.go | 6 +++++- pkg/pipeline/repository/PipelineStageRepository.go | 8 ++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/pkg/pipeline/WebhookService.go b/pkg/pipeline/WebhookService.go index 19b72bc901c..df07a567c8a 100644 --- a/pkg/pipeline/WebhookService.go +++ b/pkg/pipeline/WebhookService.go @@ -213,7 +213,11 @@ func (impl WebhookServiceImpl) HandleCiSuccessEvent(ciPipelineId int, request *C impl.logger.Errorw("error in getting image scanning plugin", "err", err) return 0, err } - isScanPluginConfigured := impl.pipelineStageRepository.CheckPluginExistsInCiPipeline(pipeline.Id, string(repository2.PIPELINE_STAGE_TYPE_POST_CI), plugin[0].Id) + isScanPluginConfigured, err := impl.pipelineStageRepository.CheckPluginExistsInCiPipeline(pipeline.Id, string(repository2.PIPELINE_STAGE_TYPE_POST_CI), plugin[0].Id) + if err != nil { + impl.logger.Errorw("error in getting ci pipeline plugin", "err", err) + return 0, err + } if pipeline.ScanEnabled || isScanPluginConfigured { artifact.Scanned = true artifact.ScanEnabled = true diff --git a/pkg/pipeline/repository/PipelineStageRepository.go b/pkg/pipeline/repository/PipelineStageRepository.go index 8aaf09b253b..983d7b6d2d9 100644 --- a/pkg/pipeline/repository/PipelineStageRepository.go +++ b/pkg/pipeline/repository/PipelineStageRepository.go @@ -154,7 +154,7 @@ type PipelineStageRepository interface { MarkPipelineStageStepsDeletedByStageId(stageId int, updatedBy int32, tx *pg.Tx) error GetAllStepsByStageId(stageId int) ([]*PipelineStageStep, error) GetAllCiPipelineIdsByPluginIdAndStageType(pluginId int, stageType string) ([]int, error) - CheckPluginExistsInCiPipeline(pipelineId int, stageType string, pluginId int) bool + CheckPluginExistsInCiPipeline(pipelineId int, stageType string, pluginId int) (bool, error) GetStepById(stepId int) (*PipelineStageStep, error) MarkStepsDeletedByStageId(stageId int) error MarkStepsDeletedExcludingActiveStepsInUpdateReq(activeStepIdsPresentInReq []int, stageId int) error @@ -395,7 +395,7 @@ func (impl *PipelineStageRepositoryImpl) GetAllCiPipelineIdsByPluginIdAndStageTy return ciPipelineIds, nil } -func (impl *PipelineStageRepositoryImpl) CheckPluginExistsInCiPipeline(pipelineId int, stageType string, pluginId int) bool { +func (impl *PipelineStageRepositoryImpl) CheckPluginExistsInCiPipeline(pipelineId int, stageType string, pluginId int) (bool, error) { var step PipelineStageStep query := "Select * from pipeline_stage_step pss " + "INNER JOIN pipeline_stage ps ON ps.id = pss.pipeline_stage_id " + @@ -403,9 +403,9 @@ func (impl *PipelineStageRepositoryImpl) CheckPluginExistsInCiPipeline(pipelineI _, err := impl.dbConnection.Query(&step, query, pluginId, stageType, pipelineId) if err != nil { impl.logger.Errorw("err in getting pipelineStageStep", "err", err, "pluginId", pluginId, "pipelineId", pipelineId, "stageType", stageType) - return false + return false, err } - return step.Id != 0 + return step.Id != 0, nil } func (impl *PipelineStageRepositoryImpl) MarkStepsDeletedByStageId(stageId int) error { From 84bc2c71690b658224b966b2f2306430d15c80ff Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Mon, 23 Oct 2023 10:01:27 +0530 Subject: [PATCH 08/14] abort print response --- scripts/sql/179_image_scan_plugin.up.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sql/179_image_scan_plugin.up.sql b/scripts/sql/179_image_scan_plugin.up.sql index 6db380ee65b..904ce09c5b1 100644 --- a/scripts/sql/179_image_scan_plugin.up.sql +++ b/scripts/sql/179_image_scan_plugin.up.sql @@ -9,7 +9,7 @@ VALUES (nextval('id_seq_plugin_pipeline_script'), '#!/bin/sh echo "IMAGE SCAN" curl -X POST $IMAGE_SCANNER_ENDPOINT/scanner/image -H "Content-Type: application/json" -d "{\"image\": \"$DEST\", \"imageDigest\": \"$DIGEST\", \"pipelineId\" : $PIPELINE_ID, \"userId\": - $TRIGGERED_BY, \"dockerRegistryId\": \"$DOCKER_REGISTRY_ID\" }" + $TRIGGERED_BY, \"dockerRegistryId\": \"$DOCKER_REGISTRY_ID\" }" >/dev/null 2>&1 if [ $? != 0 ] then echo -e "\033[1m======== Image scanning request failed ========" From 628a7ed3405734fbdb3cddae0ec8e30c53717b1c Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Wed, 25 Oct 2023 19:18:41 +0530 Subject: [PATCH 09/14] add dockerregistryId --- pkg/pipeline/WorkflowDagExecutor.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/pipeline/WorkflowDagExecutor.go b/pkg/pipeline/WorkflowDagExecutor.go index 1a66caafe50..330f4d3a745 100644 --- a/pkg/pipeline/WorkflowDagExecutor.go +++ b/pkg/pipeline/WorkflowDagExecutor.go @@ -1244,6 +1244,7 @@ func (impl *WorkflowDagExecutorImpl) buildWFRequest(runner *pipelineConfig.CdWor cdStageWorkflowRequest.SecretKey = ciPipeline.CiTemplate.DockerRegistry.AWSSecretAccessKey cdStageWorkflowRequest.DockerRegistryType = string(ciPipeline.CiTemplate.DockerRegistry.RegistryType) cdStageWorkflowRequest.DockerRegistryURL = ciPipeline.CiTemplate.DockerRegistry.RegistryURL + cdStageWorkflowRequest.DockerRegistryId = ciPipeline.CiTemplate.DockerRegistry.Id } else if cdPipeline.AppId > 0 { ciTemplate, err := impl.CiTemplateRepository.FindByAppId(cdPipeline.AppId) if err != nil { @@ -1260,6 +1261,7 @@ func (impl *WorkflowDagExecutorImpl) buildWFRequest(runner *pipelineConfig.CdWor cdStageWorkflowRequest.DockerRegistryType = string(ciTemplate.DockerRegistry.RegistryType) cdStageWorkflowRequest.DockerRegistryURL = ciTemplate.DockerRegistry.RegistryURL appLabels, err := impl.appLabelRepository.FindAllByAppId(cdPipeline.AppId) + cdStageWorkflowRequest.DockerRegistryId = ciPipeline.CiTemplate.DockerRegistry.Id if err != nil && err != pg.ErrNoRows { impl.logger.Errorw("error in getting labels by appId", "err", err, "appId", cdPipeline.AppId) return nil, err From aefbaea96b94ff99ca0eb20a02f376b1af0f3f7a Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Wed, 25 Oct 2023 21:45:57 +0530 Subject: [PATCH 10/14] script number update --- ...own.sql => 182_image_scan_plugin.down.sql} | 10 +++++----- ...in.up.sql => 182_image_scan_plugin.up.sql} | 20 +++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) rename scripts/sql/{179_image_scan_plugin.down.sql => 182_image_scan_plugin.down.sql} (52%) rename scripts/sql/{179_image_scan_plugin.up.sql => 182_image_scan_plugin.up.sql} (55%) diff --git a/scripts/sql/179_image_scan_plugin.down.sql b/scripts/sql/182_image_scan_plugin.down.sql similarity index 52% rename from scripts/sql/179_image_scan_plugin.down.sql rename to scripts/sql/182_image_scan_plugin.down.sql index ae8f5e5c235..9054c375fcb 100644 --- a/scripts/sql/179_image_scan_plugin.down.sql +++ b/scripts/sql/182_image_scan_plugin.down.sql @@ -1,5 +1,5 @@ -DELETE FROM plugin_step_variable WHERE plugin_step_id =(SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false); -DELETE FROM plugin_stage_mapping WHERE plugin_id =(SELECT id FROM plugin_metadata WHERE name='Image Scanning'); -DELETE FROM pipeline_stage_step_variable WHERE pipeline_stage_step_id in (SELECT id FROM pipeline_stage_step where ref_plugin_id =(SELECT id from plugin_metadata WHERE name ='Image Scanning')); -DELETE FROM pipeline_stage_step where ref_plugin_id in (SELECT id from plugin_metadata WHERE name ='Image Scanning'); -DELETE FROM plugin_metadata WHERE name ='Image Scanning'; +DELETE FROM plugin_step_variable WHERE plugin_step_id =(SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Vulnerability Scanning' and ps."index"=1 and ps.deleted=false); +DELETE FROM plugin_stage_mapping WHERE plugin_id =(SELECT id FROM plugin_metadata WHERE name='Vulnerability Scanning'); +DELETE FROM pipeline_stage_step_variable WHERE pipeline_stage_step_id in (SELECT id FROM pipeline_stage_step where ref_plugin_id =(SELECT id from plugin_metadata WHERE name ='Vulnerability Scanning')); +DELETE FROM pipeline_stage_step where ref_plugin_id in (SELECT id from plugin_metadata WHERE name ='Vulnerability Scanning'); +DELETE FROM plugin_metadata WHERE name ='Vulnerability Scanning'; diff --git a/scripts/sql/179_image_scan_plugin.up.sql b/scripts/sql/182_image_scan_plugin.up.sql similarity index 55% rename from scripts/sql/179_image_scan_plugin.up.sql rename to scripts/sql/182_image_scan_plugin.up.sql index 904ce09c5b1..e0413b117d7 100644 --- a/scripts/sql/179_image_scan_plugin.up.sql +++ b/scripts/sql/182_image_scan_plugin.up.sql @@ -1,8 +1,8 @@ INSERT INTO "plugin_metadata" ("id", "name", "description","type","icon","deleted", "created_on", "created_by", "updated_on", "updated_by") -VALUES (nextval('id_seq_plugin_metadata'), 'Image Scanning','Scan a image','PRESET','https://raw.githubusercontent.com/devtron-labs/devtron/main/assets/ic-plugin-vulnerability-scan.png','f', 'now()', 1, 'now()', 1); +VALUES (nextval('id_seq_plugin_metadata'), 'Vulnerability Scanning','Scan a image','PRESET','https://raw.githubusercontent.com/devtron-labs/devtron/main/assets/ic-plugin-vulnerability-scan.png','f', 'now()', 1, 'now()', 1); INSERT INTO "plugin_stage_mapping" ("plugin_id","stage_type","created_on", "created_by", "updated_on", "updated_by") -VALUES ((SELECT id FROM plugin_metadata WHERE name='Image Scanning'),0,'now()', 1, 'now()', 1); +VALUES ((SELECT id FROM plugin_metadata WHERE name='Vulnerability Scanning'),0,'now()', 1, 'now()', 1); INSERT INTO "plugin_pipeline_script" ("id", "script", "type","deleted","created_on", "created_by", "updated_on", "updated_by") VALUES (nextval('id_seq_plugin_pipeline_script'), @@ -12,7 +12,7 @@ VALUES (nextval('id_seq_plugin_pipeline_script'), $TRIGGERED_BY, \"dockerRegistryId\": \"$DOCKER_REGISTRY_ID\" }" >/dev/null 2>&1 if [ $? != 0 ] then - echo -e "\033[1m======== Image scanning request failed ========" + echo -e "\033[1m======== Vulnerability Scanning request failed ========" exit 1 fi', 'SHELL', @@ -26,14 +26,14 @@ VALUES (nextval('id_seq_plugin_pipeline_script'), INSERT INTO "plugin_step" ("id", "plugin_id","name","description","index","step_type","script_id","deleted", "created_on", "created_by", "updated_on", "updated_by") -VALUES (nextval('id_seq_plugin_step'), (SELECT id FROM plugin_metadata WHERE name='Image Scanning'),'Step 1','Step 1 - Image Scanning','1','INLINE',(SELECT last_value FROM id_seq_plugin_pipeline_script),'f','now()', 1, 'now()', 1); +VALUES (nextval('id_seq_plugin_step'), (SELECT id FROM plugin_metadata WHERE name='Vulnerability Scanning'),'Step 1','Step 1 - Vulnerability Scanning','1','INLINE',(SELECT last_value FROM id_seq_plugin_pipeline_script),'f','now()', 1, 'now()', 1); INSERT INTO "plugin_step_variable" ("id", "plugin_step_id", "name", "format", "description", "is_exposed", "allow_empty_value","variable_type", "value_type", "variable_step_index",reference_variable_name, "deleted", "created_on", "created_by", "updated_on", "updated_by") VALUES - (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false), 'DEST','STRING','image dest',false,true,'INPUT','GLOBAL',1 ,'DEST','f','now()', 1, 'now()', 1), - (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false), 'DIGEST','STRING','Image Digest',false,true,'INPUT','GLOBAL',1 ,'DIGEST','f','now()', 1, 'now()', 1), - (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false), 'PIPELINE_ID','STRING','Pipeline id',false,true,'INPUT','GLOBAL',1 ,'PIPELINE_ID','f','now()', 1, 'now()', 1), - (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false), 'TRIGGERED_BY','STRING','triggered by user',false,true,'INPUT','GLOBAL',1 ,'TRIGGERED_BY','f','now()', 1, 'now()', 1), - (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false), 'DOCKER_REGISTRY_ID','STRING','docker registry id',false,true,'INPUT','GLOBAL',1 ,'DOCKER_REGISTRY_ID','f','now()', 1, 'now()', 1), - (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Image Scanning' and ps."index"=1 and ps.deleted=false), 'IMAGE_SCANNER_ENDPOINT','STRING','image scanner endpoint',false,true,'INPUT','GLOBAL',1 ,'IMAGE_SCANNER_ENDPOINT','f','now()', 1, 'now()', 1); + (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Vulnerability Scanning' and ps."index"=1 and ps.deleted=false), 'DEST','STRING','image dest',false,true,'INPUT','GLOBAL',1 ,'DEST','f','now()', 1, 'now()', 1), + (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Vulnerability Scanning' and ps."index"=1 and ps.deleted=false), 'DIGEST','STRING','Image Digest',false,true,'INPUT','GLOBAL',1 ,'DIGEST','f','now()', 1, 'now()', 1), + (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Vulnerability Scanning' and ps."index"=1 and ps.deleted=false), 'PIPELINE_ID','STRING','Pipeline id',false,true,'INPUT','GLOBAL',1 ,'PIPELINE_ID','f','now()', 1, 'now()', 1), + (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Vulnerability Scanning' and ps."index"=1 and ps.deleted=false), 'TRIGGERED_BY','STRING','triggered by user',false,true,'INPUT','GLOBAL',1 ,'TRIGGERED_BY','f','now()', 1, 'now()', 1), + (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Vulnerability Scanning' and ps."index"=1 and ps.deleted=false), 'DOCKER_REGISTRY_ID','STRING','docker registry id',false,true,'INPUT','GLOBAL',1 ,'DOCKER_REGISTRY_ID','f','now()', 1, 'now()', 1), + (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Vulnerability Scanning' and ps."index"=1 and ps.deleted=false), 'IMAGE_SCANNER_ENDPOINT','STRING','image scanner endpoint',false,true,'INPUT','GLOBAL',1 ,'IMAGE_SCANNER_ENDPOINT','f','now()', 1, 'now()', 1); From f759a91657f3e5f2a411de286058c2b382ce7f5e Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Wed, 25 Oct 2023 22:32:49 +0530 Subject: [PATCH 11/14] image scanning plugin name --- pkg/pipeline/bean/pipelineStage.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/pipeline/bean/pipelineStage.go b/pkg/pipeline/bean/pipelineStage.go index e559727647c..e77ba45a1f6 100644 --- a/pkg/pipeline/bean/pipelineStage.go +++ b/pkg/pipeline/bean/pipelineStage.go @@ -94,5 +94,5 @@ type PortMap struct { } const ( - IMAGE_SCANNING_PLUGIN string = "Image Scanning" + IMAGE_SCANNING_PLUGIN string = "Vulnerability Scanning" ) From 17b7f232d4a1417ce1802469c300955d562267e4 Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Wed, 25 Oct 2023 23:36:09 +0530 Subject: [PATCH 12/14] Image scanner endpoint for both CiCd --- pkg/pipeline/WorkflowUtils.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/pkg/pipeline/WorkflowUtils.go b/pkg/pipeline/WorkflowUtils.go index c020464564d..70bf7301c6c 100644 --- a/pkg/pipeline/WorkflowUtils.go +++ b/pkg/pipeline/WorkflowUtils.go @@ -467,10 +467,8 @@ func (workflowRequest *WorkflowRequest) GetWorkflowTypeForWorkflowRequest() stri } func (workflowRequest *WorkflowRequest) getContainerEnvVariables(config *CiCdConfig, workflowJson []byte) (containerEnvVariables []v12.EnvVar) { - if workflowRequest.Type == bean.CI_WORKFLOW_PIPELINE_TYPE || - workflowRequest.Type == bean.JOB_WORKFLOW_PIPELINE_TYPE { - containerEnvVariables = []v12.EnvVar{{Name: "IMAGE_SCANNER_ENDPOINT", Value: config.ImageScannerEndpoint}} - } + containerEnvVariables = []v12.EnvVar{{Name: "IMAGE_SCANNER_ENDPOINT", Value: config.ImageScannerEndpoint}} + if config.CloudProvider == BLOB_STORAGE_S3 && config.BlobStorageS3AccessKey != "" { miniCred := []v12.EnvVar{{Name: "AWS_ACCESS_KEY_ID", Value: config.BlobStorageS3AccessKey}, {Name: "AWS_SECRET_ACCESS_KEY", Value: config.BlobStorageS3SecretKey}} containerEnvVariables = append(containerEnvVariables, miniCred...) From 88ecb8f9197a671a59ea35043c567d428c586790 Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Fri, 27 Oct 2023 10:53:50 +0530 Subject: [PATCH 13/14] revert postgres port --- pkg/sql/connection.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/sql/connection.go b/pkg/sql/connection.go index 36dfac3ca60..fe9dc52aaa6 100644 --- a/pkg/sql/connection.go +++ b/pkg/sql/connection.go @@ -29,7 +29,7 @@ import ( type Config struct { Addr string `env:"PG_ADDR" envDefault:"127.0.0.1"` - Port string `env:"PG_PORT" envDefault:"5431"` + Port string `env:"PG_PORT" envDefault:"5432"` User string `env:"PG_USER" envDefault:""` Password string `env:"PG_PASSWORD" envDefault:"" secretData:"-"` Database string `env:"PG_DATABASE" envDefault:"orchestrator"` From b49cd8e64bdfd1f4bd43dbc3f427c4f565e6f912 Mon Sep 17 00:00:00 2001 From: Ashish-devtron Date: Thu, 2 Nov 2023 17:59:22 +0530 Subject: [PATCH 14/14] Code review changes --- pkg/pipeline/WebhookService.go | 4 ++-- pkg/pipeline/bean/pipelineStage.go | 2 +- pkg/pipeline/bean/workFlowRequestBean.go | 1 + pkg/pipeline/repository/PipelineStageRepository.go | 6 +++--- pkg/pipeline/types/Workflow.go | 2 +- scripts/sql/184_image_scan_plugin.down.sql | 1 + 6 files changed, 9 insertions(+), 7 deletions(-) diff --git a/pkg/pipeline/WebhookService.go b/pkg/pipeline/WebhookService.go index 275ae4b9077..edd1de40eda 100644 --- a/pkg/pipeline/WebhookService.go +++ b/pkg/pipeline/WebhookService.go @@ -221,14 +221,14 @@ func (impl WebhookServiceImpl) HandleCiSuccessEvent(ciPipelineId int, request *C IsArtifactUploaded: request.IsArtifactUploaded, AuditLog: sql.AuditLog{CreatedBy: request.UserId, UpdatedBy: request.UserId, CreatedOn: createdOn, UpdatedOn: updatedOn}, } - plugin, err := impl.globalPluginRepository.GetPluginByName(bean.IMAGE_SCANNING_PLUGIN) + plugin, err := impl.globalPluginRepository.GetPluginByName(bean.VULNERABILITY_SCANNING_PLUGIN) if err != nil || len(plugin) == 0 { impl.logger.Errorw("error in getting image scanning plugin", "err", err) return 0, err } isScanPluginConfigured, err := impl.pipelineStageRepository.CheckPluginExistsInCiPipeline(pipeline.Id, string(repository2.PIPELINE_STAGE_TYPE_POST_CI), plugin[0].Id) if err != nil { - impl.logger.Errorw("error in getting ci pipeline plugin", "err", err) + impl.logger.Errorw("error in getting ci pipeline plugin", "err", err, "pipelineId", pipeline.Id, "pluginId", plugin[0].Id) return 0, err } if pipeline.ScanEnabled || isScanPluginConfigured { diff --git a/pkg/pipeline/bean/pipelineStage.go b/pkg/pipeline/bean/pipelineStage.go index e77ba45a1f6..f2a1ae2d663 100644 --- a/pkg/pipeline/bean/pipelineStage.go +++ b/pkg/pipeline/bean/pipelineStage.go @@ -94,5 +94,5 @@ type PortMap struct { } const ( - IMAGE_SCANNING_PLUGIN string = "Vulnerability Scanning" + VULNERABILITY_SCANNING_PLUGIN string = "Vulnerability Scanning" ) diff --git a/pkg/pipeline/bean/workFlowRequestBean.go b/pkg/pipeline/bean/workFlowRequestBean.go index a510f2e88aa..644239de642 100644 --- a/pkg/pipeline/bean/workFlowRequestBean.go +++ b/pkg/pipeline/bean/workFlowRequestBean.go @@ -13,6 +13,7 @@ const ( VARIABLE_TYPE_REF_POST_CI = "REF_POST_CI" VARIABLE_TYPE_REF_GLOBAL = "REF_GLOBAL" VARIABLE_TYPE_REF_PLUGIN = "REF_PLUGIN" + IMAGE_SCANNER_ENDPOINT = "IMAGE_SCANNER_ENDPOINT" ) const CI_JOB string = "CI_JOB" diff --git a/pkg/pipeline/repository/PipelineStageRepository.go b/pkg/pipeline/repository/PipelineStageRepository.go index 2a516fc744b..1c12e072e55 100644 --- a/pkg/pipeline/repository/PipelineStageRepository.go +++ b/pkg/pipeline/repository/PipelineStageRepository.go @@ -397,9 +397,9 @@ func (impl *PipelineStageRepositoryImpl) GetAllCiPipelineIdsByPluginIdAndStageTy func (impl *PipelineStageRepositoryImpl) CheckPluginExistsInCiPipeline(pipelineId int, stageType string, pluginId int) (bool, error) { var step PipelineStageStep - query := "Select * from pipeline_stage_step pss " + - "INNER JOIN pipeline_stage ps ON ps.id = pss.pipeline_stage_id " + - "where pss.ref_plugin_id = ? and ps.type = ? and pss.deleted = false and ps.deleted = false and ps.ci_pipeline_id= ?" + query := `Select * from pipeline_stage_step pss + INNER JOIN pipeline_stage ps ON ps.id = pss.pipeline_stage_id + where pss.ref_plugin_id = ? and ps.type = ? and pss.deleted = false and ps.deleted = false and ps.ci_pipeline_id= ?;` _, err := impl.dbConnection.Query(&step, query, pluginId, stageType, pipelineId) if err != nil { impl.logger.Errorw("err in getting pipelineStageStep", "err", err, "pluginId", pluginId, "pipelineId", pipelineId, "stageType", stageType) diff --git a/pkg/pipeline/types/Workflow.go b/pkg/pipeline/types/Workflow.go index 945b8288060..9656dfd1957 100644 --- a/pkg/pipeline/types/Workflow.go +++ b/pkg/pipeline/types/Workflow.go @@ -223,7 +223,7 @@ func (workflowRequest *WorkflowRequest) GetWorkflowTypeForWorkflowRequest() stri } func (workflowRequest *WorkflowRequest) getContainerEnvVariables(config *CiCdConfig, workflowJson []byte) (containerEnvVariables []v1.EnvVar) { - containerEnvVariables = []v1.EnvVar{{Name: "IMAGE_SCANNER_ENDPOINT", Value: config.ImageScannerEndpoint}} + containerEnvVariables = []v1.EnvVar{{Name: bean.IMAGE_SCANNER_ENDPOINT, Value: config.ImageScannerEndpoint}} eventEnv := v1.EnvVar{Name: "CI_CD_EVENT", Value: string(workflowJson)} inAppLoggingEnv := v1.EnvVar{Name: "IN_APP_LOGGING", Value: strconv.FormatBool(workflowRequest.InAppLoggingEnabled)} containerEnvVariables = append(containerEnvVariables, eventEnv, inAppLoggingEnv) diff --git a/scripts/sql/184_image_scan_plugin.down.sql b/scripts/sql/184_image_scan_plugin.down.sql index 9054c375fcb..195814157ac 100644 --- a/scripts/sql/184_image_scan_plugin.down.sql +++ b/scripts/sql/184_image_scan_plugin.down.sql @@ -1,4 +1,5 @@ DELETE FROM plugin_step_variable WHERE plugin_step_id =(SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Vulnerability Scanning' and ps."index"=1 and ps.deleted=false); +DELETE FROM plugin_step WHERE plugin_id=(SELECT id FROM plugin_metadata WHERE name='Vulnerability Scanning'); DELETE FROM plugin_stage_mapping WHERE plugin_id =(SELECT id FROM plugin_metadata WHERE name='Vulnerability Scanning'); DELETE FROM pipeline_stage_step_variable WHERE pipeline_stage_step_id in (SELECT id FROM pipeline_stage_step where ref_plugin_id =(SELECT id from plugin_metadata WHERE name ='Vulnerability Scanning')); DELETE FROM pipeline_stage_step where ref_plugin_id in (SELECT id from plugin_metadata WHERE name ='Vulnerability Scanning');