Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Image-Scanner status for failed request #4513

Merged
merged 10 commits into from
Jan 18, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions pkg/pipeline/CiService.go
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,7 @@ func (impl *CiServiceImpl) TriggerCiPipeline(trigger types.Trigger) (int, error)
} else {
workflowRequest.Type = bean2.CI_WORKFLOW_PIPELINE_TYPE
}

err = impl.executeCiPipeline(workflowRequest)
if err != nil {
impl.Logger.Errorw("workflow error", "err", err)
Expand Down Expand Up @@ -658,6 +659,8 @@ func (impl *CiServiceImpl) buildWfRequestForCiPipeline(pipeline *pipelineConfig.
RegistryDestinationImageMap: registryDestinationImageMap,
RegistryCredentialMap: registryCredentialMap,
PluginArtifactStage: pluginArtifactStage,
ImageScanMaxRetries: impl.config.ImageScanMaxRetries,
ImageScanRetryDelay: impl.config.ImageScanRetryDelay,
}

if dockerRegistry != nil {
Expand Down
2 changes: 2 additions & 0 deletions pkg/pipeline/types/CiCdConfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ type CiCdConfig struct {
SkipCreatingEcrRepo bool `env:"SKIP_CREATING_ECR_REPO" envDefault:"false"`
MaxCiWorkflowRetries int `env:"MAX_CI_WORKFLOW_RETRIES" envDefault:"0"`
NatsServerHost string `env:"NATS_SERVER_HOST" envDefault:"nats://devtron-nats.devtroncd:4222"`
ImageScanMaxRetries int `env:"IMAGE_SCAN_MAX_RETRIES" envDefault:"3"`
ImageScanRetryDelay int `env:"IMAGE_SCAN_RETRY_DELAY" envDefault:"5"`
// from CdConfig
CdLimitCpu string `env:"CD_LIMIT_CI_CPU" envDefault:"0.5"`
CdLimitMem string `env:"CD_LIMIT_CI_MEM" envDefault:"3G"`
Expand Down
2 changes: 2 additions & 0 deletions pkg/pipeline/types/Workflow.go
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,8 @@ type WorkflowRequest struct {
RegistryCredentialMap map[string]plugin.RegistryCredentials `json:"registryCredentialMap"`
PluginArtifactStage string `json:"pluginArtifactStage"`
PushImageBeforePostCI bool `json:"pushImageBeforePostCI"`
ImageScanMaxRetries int `json:"imageScanMaxRetries,omitempty"`
ImageScanRetryDelay int `json:"imageScanRetryDelay,omitempty"`
Type bean.WorkflowPipelineType
Pipeline *pipelineConfig.Pipeline
Env *repository.Environment
Expand Down
Empty file.
27 changes: 27 additions & 0 deletions scripts/sql/211_image_scan_plugin_update.up.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
INSERT INTO "plugin_step_variable" ("id", "plugin_step_id", "name", "format", "description", "is_exposed", "allow_empty_value", "default_value","variable_type", "value_type", "variable_step_index",reference_variable_name, "deleted", "created_on", "created_by", "updated_on", "updated_by") VALUES
(nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Vulnerability Scanning' and ps."index"=1 and ps.deleted=false), 'IMAGE_SCAN_MAX_RETRIES','STRING','image scan max retry count',true,true,'3','INPUT','GLOBAL',1 ,'IMAGE_SCAN_MAX_RETRIES','f','now()', 1, 'now()', 1),
(nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Vulnerability Scanning' and ps."index"=1 and ps.deleted=false), 'IMAGE_SCAN_RETRY_DELAY','STRING','image scan retry delay (in seconds)',true,true,'5','INPUT','GLOBAL',1 ,'IMAGE_SCAN_RETRY_DELAY','f','now()', 1, 'now()', 1);

UPDATE plugin_pipeline_script SET script = '#!/bin/sh
echo "IMAGE SCAN"

perform_curl_request() {
local attempt=1
while [ "$attempt" -le "$IMAGE_SCAN_MAX_RETRIES" ]; do
response=$(curl -s -w "\n%{http_code}" -X POST $IMAGE_SCANNER_ENDPOINT/scanner/image -H "Content-Type: application/json" -d "{\"image\": \"$DEST\", \"imageDigest\": \"$DIGEST\", \"pipelineId\" : $PIPELINE_ID, \"userId\": $TRIGGERED_BY, \"dockerRegistryId\": \"$DOCKER_REGISTRY_ID\" }")
http_status=$(echo "$response" | tail -n1)
if [ "$http_status" = "200" ]; then
echo "Vulnerability Scanning request successful."
return 0
else
echo "Attempt $attempt: Vulnerability Scanning request failed with HTTP status code $http_status"
echo "Response Body: $response"
attempt=$((attempt + 1))
sleep "$IMAGE_SCAN_RETRY_DELAY"
fi
done
echo -e "\033[1m======== Maximum retries reached. Vulnerability Scanning request failed ========"
exit 1
}
perform_curl_request'
WHERE id = (SELECT id FROM plugin_metadata WHERE name = 'Vulnerability Scanning');
Loading