Merge pull request #3025 from uselagoon/hotfix-configmap-size

uselagoon · Feb 15, 2022 · 0c64771 · 0c64771
2 parents 1adc1a7 + 862cf2d
commit 0c64771
Showing 1 changed file with 23 additions and 25 deletions.
diff --git a/images/kubectl-build-deploy-dind/scripts/exec-generate-sbom-configmap.sh b/images/kubectl-build-deploy-dind/scripts/exec-generate-sbom-configmap.sh
@@ -3,20 +3,26 @@
 # SBOM config
 TMP_DIR="${TMP_DIR:-/tmp}"
 SBOM_OUTPUT="cyclonedx-json"
-SBOM_OUTPUT_FILE="${TMP_DIR}/${IMAGE_NAME}.cyclonedx.json"
+SBOM_OUTPUT_FILE="${TMP_DIR}/${IMAGE_NAME}.cyclonedx.json.gz"
+SBOM_CONFIGMAP="lagoon-sbom-${IMAGE_NAME}"
 
 set -x
 # Run sbom and dump to file
 echo "Running sbom scan using syft"
 echo "Image being scanned: ${IMAGE_FULL}"
 set +x
 
-DOCKER_HOST=docker-host.lagoon.svc docker run --rm -v /var/run/docker.sock:/var/run/docker.sock imagecache.amazeeio.cloud/anchore/syft packages ${IMAGE_FULL} -o ${SBOM_OUTPUT} > ${SBOM_OUTPUT_FILE}
+DOCKER_HOST=docker-host.lagoon.svc docker run --rm -v /var/run/docker.sock:/var/run/docker.sock imagecache.amazeeio.cloud/anchore/syft packages ${IMAGE_FULL} -o ${SBOM_OUTPUT} | gzip > ${SBOM_OUTPUT_FILE}
 
-if [ -f "${SBOM_OUTPUT_FILE}" ]; then
-    echo "Successfully generated SBOM for ${IMAGE_FULL}"
+FILESIZE=$(stat -c%s "$SBOM_OUTPUT_FILE")
+echo "Size of ${SBOM_OUTPUT_FILE} = $FILESIZE bytes."
 
-    SBOM_CONFIGMAP=lagoon-sbom-${IMAGE_NAME}
+processSbom() {
+  if (( $FILESIZE > 950000 )); then
+    echo "$SBOM_OUTPUT_FILE is too large, skipping pushing to configmap"
+    return
+  else
+    echo "Successfully generated SBOM for ${IMAGE_FULL}"
 
     set -x
     # If sbom configmap already exists then we need to update, else create new
@@ -27,31 +33,23 @@ if [ -f "${SBOM_OUTPUT_FILE}" ]; then
             --from-file=${SBOM_OUTPUT_FILE} \
             -o json \
             --dry-run=client | kubectl replace -f -
-        kubectl --insecure-skip-tls-verify \
-            -n ${NAMESPACE} \
-            label configmap ${SBOM_CONFIGMAP} \
-            lagoon.sh/insightsType=sbom \
-            lagoon.sh/buildName=${LAGOON_BUILD_NAME} \
-            lagoon.sh/project=${PROJECT} \
-            lagoon.sh/environment=${ENVIRONMENT} \
-            lagoon.sh/service=${IMAGE_NAME}
-
     else
         # Create configmap and add label (#have to add label separately: https://github.com/kubernetes/kubernetes/issues/60295)
         kubectl --insecure-skip-tls-verify \
             -n ${NAMESPACE} \
             create configmap ${SBOM_CONFIGMAP} \
             --from-file=${SBOM_OUTPUT_FILE}
-        kubectl --insecure-skip-tls-verify \
-            -n ${NAMESPACE} \
-            label configmap ${SBOM_CONFIGMAP} \
-            lagoon.sh/insightsType=sbom \
-            lagoon.sh/buildName=${LAGOON_BUILD_NAME} \
-            lagoon.sh/project=${PROJECT} \
-            lagoon.sh/environment=${ENVIRONMENT} \
-            lagoon.sh/service=${IMAGE_NAME}
     fi
+    kubectl --insecure-skip-tls-verify \
+        -n ${NAMESPACE} \
+        label configmap ${SBOM_CONFIGMAP} \
+        lagoon.sh/insightsType=sbom-gz \
+        lagoon.sh/buildName=${LAGOON_BUILD_NAME} \
+        lagoon.sh/project=${PROJECT} \
+        lagoon.sh/environment=${ENVIRONMENT} \
+        lagoon.sh/service=${IMAGE_NAME}
     set +x
-else
-    echo "Failed to generate SBOM for ${IMAGE_FULL}"
-fi
+  fi
+}
+
+processSbom