diff --git a/chart-sync/go.mod b/chart-sync/go.mod index 1c09eb8a1..5c1c7f7bd 100644 --- a/chart-sync/go.mod +++ b/chart-sync/go.mod @@ -5,7 +5,7 @@ go 1.22.4 toolchain go1.22.6 replace ( - github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b + github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 helm.sh/helm/v3 v3.14.3 => github.com/devtron-labs/helm/v3 v3.14.1-0.20240401080259-90238cf69e42 ) diff --git a/chart-sync/go.sum b/chart-sync/go.sum index 32b382ad5..7eb7ef9d1 100644 --- a/chart-sync/go.sum +++ b/chart-sync/go.sum @@ -54,8 +54,8 @@ github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b h1:0Mua8RfGFNDbaAprezc6NM5TnQdNbqo+qMVtbERx6Yg= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 h1:0nYnqC8SuDbXJY9vfC6Wg4xMgsmCi2s+d57SpoRfJ84= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= github.com/devtron-labs/helm/v3 v3.14.1-0.20240401080259-90238cf69e42 h1:pJmK44QaSztOiZe0iQHNf0sdy5KwkAeceydyhOG4RaY= github.com/devtron-labs/helm/v3 v3.14.1-0.20240401080259-90238cf69e42/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= diff --git a/chart-sync/vendor/modules.txt b/chart-sync/vendor/modules.txt index ee76b6de3..9d02e7e0d 100644 --- a/chart-sync/vendor/modules.txt +++ b/chart-sync/vendor/modules.txt @@ -93,7 +93,7 @@ github.com/containerd/platforms # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/devtron-labs/common-lib v0.0.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib v0.0.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 ## explicit; go 1.21 github.com/devtron-labs/common-lib/helmLib/registry github.com/devtron-labs/common-lib/utils/http @@ -785,4 +785,4 @@ sigs.k8s.io/structured-merge-diff/v4/value # sigs.k8s.io/yaml v1.3.0 ## explicit; go 1.12 sigs.k8s.io/yaml -# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 diff --git a/ci-runner/executor/adaptor/ImageScanAdaptor.go b/ci-runner/executor/adaptor/ImageScanAdaptor.go new file mode 100644 index 000000000..e363e9ef9 --- /dev/null +++ b/ci-runner/executor/adaptor/ImageScanAdaptor.go @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2024. Devtron Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package adaptor + +import ( + "github.com/devtron-labs/ci-runner/helper" + "github.com/devtron-labs/common-lib/constants" + "github.com/devtron-labs/common-lib/imageScan/bean" +) + +func GetImageScanEvent(dest, digest string, commonWorkflowRequest *helper.CommonWorkflowRequest) *helper.ScanEvent { + if commonWorkflowRequest == nil { + return &helper.ScanEvent{} + } + return &helper.ScanEvent{ + ImageScanEvent: bean.ImageScanEvent{ + Image: dest, + ImageDigest: digest, + PipelineId: commonWorkflowRequest.PipelineId, + UserId: commonWorkflowRequest.TriggeredBy, + DockerRegistryId: commonWorkflowRequest.DockerRegistryId, + DockerConnection: commonWorkflowRequest.DockerConnection, + DockerCert: commonWorkflowRequest.DockerCert, + SourceType: constants.SourceTypeImage, + SourceSubType: constants.SourceSubTypeCi, + }, + ImageScanMaxRetries: commonWorkflowRequest.ImageScanMaxRetries, + ImageScanRetryDelay: commonWorkflowRequest.ImageScanRetryDelay, + } +} diff --git a/ci-runner/executor/stage/bean/bean.go b/ci-runner/executor/stage/bean/bean.go new file mode 100644 index 000000000..f66364d82 --- /dev/null +++ b/ci-runner/executor/stage/bean/bean.go @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2024. Devtron Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package bean + +const ( + ExternalCiArtifact = "externalCiArtifact" + ImageDigest = "imageDigest" + UseAppDockerConfig = "useAppDockerConfig" + CiProjectDetails = "ciProjectDetails" +) diff --git a/ci-runner/executor/stage/ciStages.go b/ci-runner/executor/stage/ciStages.go index 1b6568512..6cd2d282e 100644 --- a/ci-runner/executor/stage/ciStages.go +++ b/ci-runner/executor/stage/ciStages.go @@ -22,7 +22,9 @@ import ( "errors" "fmt" "github.com/devtron-labs/ci-runner/executor" + adaptor2 "github.com/devtron-labs/ci-runner/executor/adaptor" cicxt "github.com/devtron-labs/ci-runner/executor/context" + bean2 "github.com/devtron-labs/ci-runner/executor/stage/bean" util2 "github.com/devtron-labs/ci-runner/executor/util" "github.com/devtron-labs/ci-runner/helper" "github.com/devtron-labs/ci-runner/helper/adaptor" @@ -144,6 +146,7 @@ func (impl *CiStage) HandleCIEvent(ciCdRequest *helper.CiCdTriggerEvent, exitCod return } +// TODO: take as tech debt and break this function into parts for better code readability func (impl *CiStage) runCIStages(ciContext cicxt.CiContext, ciCdRequest *helper.CiCdTriggerEvent) (artifactUploaded bool, err error) { metrics := &helper.CIMetrics{} @@ -281,6 +284,18 @@ func (impl *CiStage) runCIStages(ciContext cicxt.CiContext, ciCdRequest *helper. if err != nil { return artifactUploaded, err } + if scriptEnvs.RuntimeEnv[bean2.ExternalCiArtifact] != "" { + runtimeImage, runtimeDigest, err := impl.handleRuntimeParametersForCiJob(scriptEnvs.RuntimeEnv, ciCdRequest) + if err != nil { + log.Println(util.DEVTRON, "error in handling runtime parameters for ci job and getting runtime image and digest") + return artifactUploaded, err + } + if len(runtimeImage) > 0 { + dest = runtimeImage + digest = runtimeDigest + } + } + // scan only if ci scan enabled if helper.IsEventTypeEligibleToScanImage(ciCdRequest.Type) && ciCdRequest.CommonWorkflowRequest.ScanEnabled { @@ -292,51 +307,7 @@ func (impl *CiStage) runCIStages(ciContext cicxt.CiContext, ciCdRequest *helper. log.Println(util.DEVTRON, " event") metrics.TotalDuration = time.Since(metrics.TotalStartTime).Seconds() - // When externalCiArtifact is provided (run time Env at time of build) then this image will be used further in the pipeline - // imageDigest and ciProjectDetails are optional fields - if scriptEnvs.RuntimeEnv["externalCiArtifact"] != "" { - log.Println(util.DEVTRON, "external ci artifact found! exiting now with success event") - dest = scriptEnvs.RuntimeEnv["externalCiArtifact"] - digest = scriptEnvs.RuntimeEnv["imageDigest"] - if len(digest) == 0 { - var useAppDockerConfigForPrivateRegistries bool - var err error - useAppDockerConfig, ok := ciCdRequest.CommonWorkflowRequest.RuntimeEnvironmentVariables["useAppDockerConfig"] - if ok && len(useAppDockerConfig) > 0 { - useAppDockerConfigForPrivateRegistries, err = strconv.ParseBool(useAppDockerConfig) - if err != nil { - fmt.Println(fmt.Sprintf("Error in parsing useAppDockerConfig runtime param to bool from string useAppDockerConfigForPrivateRegistries:- %s, err:", useAppDockerConfig), err) - } - } - var dockerAuthConfig *bean.DockerAuthConfig - if useAppDockerConfigForPrivateRegistries { - dockerAuthConfig = impl.dockerHelper.GetDockerAuthConfigForPrivateRegistries(ciCdRequest.CommonWorkflowRequest) - } - startTime := time.Now() - //user has not provided imageDigest in that case fetch from docker. - imgDigest, err := impl.dockerHelper.ExtractDigestFromImage(dest, ciCdRequest.CommonWorkflowRequest.UseDockerApiToGetDigest, dockerAuthConfig) - if err != nil { - fmt.Println(fmt.Sprintf("Error in extracting digest from image %s, err:", dest), err) - return artifactUploaded, err - } - log.Println(fmt.Sprintf("time since extract digest from image process:- %s", time.Since(startTime).String())) - digest = imgDigest - } - var tempDetails []*helper.CiProjectDetailsMin - err := json.Unmarshal([]byte(scriptEnvs.RuntimeEnv["ciProjectDetails"]), &tempDetails) - if err != nil { - fmt.Println("Error unmarshalling ciProjectDetails JSON:", err) - fmt.Println("ignoring the error and continuing without saving ciProjectDetails") - } - if len(tempDetails) > 0 && len(ciCdRequest.CommonWorkflowRequest.CiProjectDetails) > 0 { - detail := tempDetails[0] - ciCdRequest.CommonWorkflowRequest.CiProjectDetails[0].CommitHash = detail.CommitHash - ciCdRequest.CommonWorkflowRequest.CiProjectDetails[0].Message = detail.Message - ciCdRequest.CommonWorkflowRequest.CiProjectDetails[0].Author = detail.Author - ciCdRequest.CommonWorkflowRequest.CiProjectDetails[0].CommitTime = detail.CommitTime - } - } event := adaptor.NewCiCompleteEvent(ciCdRequest.CommonWorkflowRequest).WithMetrics(*metrics). WithDockerImage(dest).WithDigest(digest).WithIsArtifactUploaded(artifactUploaded). WithImageDetailsFromCR(resultsFromPlugin).WithPluginArtifacts(pluginArtifacts) @@ -467,18 +438,8 @@ func (impl *CiStage) runPostCiSteps(ciCdRequest *helper.CiCdTriggerEvent, script func runImageScanning(dest string, digest string, ciCdRequest *helper.CiCdTriggerEvent, metrics *helper.CIMetrics, artifactUploaded bool) error { imageScanningStage := func() error { log.Println("Image Scanning Started for digest", digest) - scanEvent := &helper.ScanEvent{ - Image: dest, - ImageDigest: digest, - PipelineId: ciCdRequest.CommonWorkflowRequest.PipelineId, - UserId: ciCdRequest.CommonWorkflowRequest.TriggeredBy, - DockerRegistryId: ciCdRequest.CommonWorkflowRequest.DockerRegistryId, - DockerConnection: ciCdRequest.CommonWorkflowRequest.DockerConnection, - DockerCert: ciCdRequest.CommonWorkflowRequest.DockerCert, - ImageScanMaxRetries: ciCdRequest.CommonWorkflowRequest.ImageScanMaxRetries, - ImageScanRetryDelay: ciCdRequest.CommonWorkflowRequest.ImageScanRetryDelay, - } - err := helper.SendEventToClairUtility(scanEvent) + scanEvent := adaptor2.GetImageScanEvent(dest, digest, ciCdRequest.CommonWorkflowRequest) + err := helper.ExecuteImageScanningViaRest(scanEvent) if err != nil { log.Println("error in running Image Scan", "err", err) return helper.NewCiStageError(err). @@ -639,3 +600,59 @@ func (impl *CiStage) AddExtraEnvVariableFromRuntimeParamsToCiCdEvent(ciRequest * } return ciRequest.RuntimeEnvironmentVariables, nil } + +// When externalCiArtifact is provided (run time Env at time of build) then this image will be used further in the pipeline +// imageDigest and ciProjectDetails are optional fields +func (impl *CiStage) handleRuntimeParametersForCiJob(runtimeEnv map[string]string, ciCdRequest *helper.CiCdTriggerEvent) (string, string, error) { + log.Println(util.DEVTRON, "external ci artifact found! exiting now with success event") + dest := runtimeEnv[bean2.ExternalCiArtifact] + digest := runtimeEnv[bean2.ImageDigest] + var err error + if len(digest) == 0 { + digest, err = impl.extractDigestForCiJob(ciCdRequest.CommonWorkflowRequest, dest) + if err != nil { + log.Println(util.DEVTRON, " extract digest for ci job error", "dest", dest, "err", err) + return dest, digest, err + } + } + var tempDetails []*helper.CiProjectDetailsMin + err = json.Unmarshal([]byte(runtimeEnv[bean2.CiProjectDetails]), &tempDetails) + if err != nil { + fmt.Println("Error unmarshalling ciProjectDetails JSON:", err) + fmt.Println("ignoring the error and continuing without saving ciProjectDetails") + } + if len(tempDetails) > 0 && len(ciCdRequest.CommonWorkflowRequest.CiProjectDetails) > 0 { + detail := tempDetails[0] + ciCdRequest.CommonWorkflowRequest.CiProjectDetails[0].CommitHash = detail.CommitHash + ciCdRequest.CommonWorkflowRequest.CiProjectDetails[0].Message = detail.Message + ciCdRequest.CommonWorkflowRequest.CiProjectDetails[0].Author = detail.Author + ciCdRequest.CommonWorkflowRequest.CiProjectDetails[0].CommitTime = detail.CommitTime + } + return dest, digest, nil +} + +func (impl *CiStage) extractDigestForCiJob(workflowRequest *helper.CommonWorkflowRequest, image string) (string, error) { + var useAppDockerConfigForPrivateRegistries bool + var err error + useAppDockerConfig, ok := workflowRequest.RuntimeEnvironmentVariables[bean2.UseAppDockerConfig] + if ok && len(useAppDockerConfig) > 0 { + useAppDockerConfigForPrivateRegistries, err = strconv.ParseBool(useAppDockerConfig) + if err != nil { + fmt.Println(fmt.Sprintf("Error in parsing useAppDockerConfig runtime param to bool from string useAppDockerConfigForPrivateRegistries:- %s, err:", useAppDockerConfig), err) + // would use default val of useAppDockerConfigForPrivateRegistries i.e false in case error arises + } + } + var dockerAuthConfig *bean.DockerAuthConfig + if useAppDockerConfigForPrivateRegistries { + dockerAuthConfig = impl.dockerHelper.GetDockerAuthConfigForPrivateRegistries(workflowRequest) + } + startTime := time.Now() + //user has not provided imageDigest in that case fetch from docker. + imgDigest, err := impl.dockerHelper.ExtractDigestFromImage(image, workflowRequest.UseDockerApiToGetDigest, dockerAuthConfig) + if err != nil { + fmt.Println(fmt.Sprintf("Error in extracting digest from image %s, err:", image), err) + return "", err + } + log.Println(fmt.Sprintf("time since extract digest from image process:- %s", time.Since(startTime).String())) + return imgDigest, nil +} diff --git a/ci-runner/go.mod b/ci-runner/go.mod index ef17df6fa..6d8601632 100644 --- a/ci-runner/go.mod +++ b/ci-runner/go.mod @@ -4,7 +4,7 @@ go 1.21 toolchain go1.21.8 -replace github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +replace github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 require ( github.com/Knetic/govaluate v3.0.0+incompatible diff --git a/ci-runner/go.sum b/ci-runner/go.sum index 620054814..df91c6125 100644 --- a/ci-runner/go.sum +++ b/ci-runner/go.sum @@ -57,8 +57,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b h1:0Mua8RfGFNDbaAprezc6NM5TnQdNbqo+qMVtbERx6Yg= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 h1:0nYnqC8SuDbXJY9vfC6Wg4xMgsmCi2s+d57SpoRfJ84= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/docker/cli v24.0.6+incompatible h1:fF+XCQCgJjjQNIMjzaSmiKJSCcfcXb3TWTcc7GAneOY= diff --git a/ci-runner/helper/EventHelper.go b/ci-runner/helper/EventHelper.go index d492a100b..06c8ebfea 100644 --- a/ci-runner/helper/EventHelper.go +++ b/ci-runner/helper/EventHelper.go @@ -20,6 +20,7 @@ import ( "crypto/tls" "encoding/json" "fmt" + bean2 "github.com/devtron-labs/common-lib/imageScan/bean" "github.com/devtron-labs/common-lib/utils/remoteConnection/bean" "log" "net/http" @@ -597,7 +598,7 @@ func PublishEventsOnRest(jsonBody []byte, topic string, cdRequest *ExtEnvRequest return nil } -func SendEventToClairUtility(event *ScanEvent) error { +func ExecuteImageScanningViaRest(event *ScanEvent) error { jsonBody, err := json.Marshal(event) if err != nil { log.Println(util.DEVTRON, "err", err) @@ -642,22 +643,9 @@ func SendEventToClairUtility(event *ScanEvent) error { } type ScanEvent struct { - Image string `json:"image"` - ImageDigest string `json:"imageDigest"` - AppId int `json:"appId"` - EnvId int `json:"envId"` - PipelineId int `json:"pipelineId"` - CiArtifactId int `json:"ciArtifactId"` - UserId int `json:"userId"` - AccessKey string `json:"accessKey"` - SecretKey string `json:"secretKey"` - Token string `json:"token"` - AwsRegion string `json:"awsRegion"` - DockerRegistryId string `json:"dockerRegistryId"` - DockerConnection string `json:"dockerConnection"` - DockerCert string `json:"dockerCert"` - ImageScanMaxRetries int `json:"imageScanMaxRetries,omitempty"` - ImageScanRetryDelay int `json:"imageScanRetryDelay,omitempty"` + bean2.ImageScanEvent + ImageScanMaxRetries int `json:"imageScanMaxRetries,omitempty"` + ImageScanRetryDelay int `json:"imageScanRetryDelay,omitempty"` } func (dockerBuildConfig *DockerBuildConfig) GetProvenanceFlag() string { diff --git a/ci-runner/vendor/github.com/devtron-labs/common-lib/constants/constants.go b/ci-runner/vendor/github.com/devtron-labs/common-lib/constants/constants.go index 2b34bf833..26f918e23 100644 --- a/ci-runner/vendor/github.com/devtron-labs/common-lib/constants/constants.go +++ b/ci-runner/vendor/github.com/devtron-labs/common-lib/constants/constants.go @@ -57,3 +57,19 @@ const ( TOPIC = "topic" STATUS = "status" ) + +// multiple history rows for one source event +type SourceType int + +const ( + SourceTypeImage SourceType = 1 + SourceTypeCode SourceType = 2 + SourceTypeSbom SourceType = 3 // can be used in future for direct sbom scanning +) + +type SourceSubType int + +const ( + SourceSubTypeCi SourceSubType = 1 // relevant for ci code(2,1) or ci built image(1,1) + SourceSubTypeManifest SourceSubType = 2 // relevant for devtron app deployment manifest/helm app manifest(2,2) or images retrieved from manifest(1,2)) +) diff --git a/ci-runner/vendor/github.com/devtron-labs/common-lib/imageScan/bean/bean.go b/ci-runner/vendor/github.com/devtron-labs/common-lib/imageScan/bean/bean.go new file mode 100644 index 000000000..b18d694ea --- /dev/null +++ b/ci-runner/vendor/github.com/devtron-labs/common-lib/imageScan/bean/bean.go @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2024. Devtron Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package bean + +import ( + "github.com/devtron-labs/common-lib/constants" + git "github.com/devtron-labs/common-lib/git-manager" +) + +type ManifestData struct { + ChartData []byte `json:"chartData"` + ValuesYaml []byte `json:"valuesYaml"` +} + +type ImageScanEvent struct { + Image string `json:"image"` + ImageDigest string `json:"imageDigest"` + AppId int `json:"appId"` + EnvId int `json:"envId"` + PipelineId int `json:"pipelineId"` + CiArtifactId int `json:"ciArtifactId"` + UserId int `json:"userId"` + AccessKey string `json:"accessKey"` + SecretKey string `json:"secretKey"` + Token string `json:"token"` + AwsRegion string `json:"awsRegion"` + DockerRegistryId string `json:"dockerRegistryId"` + DockerConnection string `json:"dockerConnection"` + DockerCert string `json:"dockerCert"` + CiProjectDetails []git.CiProjectDetails `json:"ciProjectDetails"` + SourceType constants.SourceType `json:"sourceType"` + SourceSubType constants.SourceSubType `json:"sourceSubType"` + CiWorkflowId int `json:"ciWorkflowId"` + CdWorkflowId int `json:"cdWorkflowId"` + ChartHistoryId int `json:"chartHistoryId"` + ManifestData *ManifestData `json:"manifestData"` + ReScan bool `json:"reScan"` +} + +func (r *ImageScanEvent) IsManifest() bool { + return r.SourceType == constants.SourceTypeCode && r.SourceSubType == constants.SourceSubTypeManifest +} + +func (r *ImageScanEvent) IsImageFromManifest() bool { + return r.SourceType == constants.SourceTypeImage && r.SourceSubType == constants.SourceSubTypeManifest +} + +func (r *ImageScanEvent) IsBuiltImage() bool { + return r.SourceType == constants.SourceTypeImage && r.SourceSubType == constants.SourceSubTypeCi +} diff --git a/ci-runner/vendor/modules.txt b/ci-runner/vendor/modules.txt index 672826f88..b77824ab2 100644 --- a/ci-runner/vendor/modules.txt +++ b/ci-runner/vendor/modules.txt @@ -118,12 +118,13 @@ github.com/cespare/xxhash/v2 # github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc ## explicit github.com/davecgh/go-spew/spew -# github.com/devtron-labs/common-lib v0.19.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib v0.19.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 ## explicit; go 1.21 github.com/devtron-labs/common-lib/blob-storage github.com/devtron-labs/common-lib/constants github.com/devtron-labs/common-lib/git-manager github.com/devtron-labs/common-lib/git-manager/util +github.com/devtron-labs/common-lib/imageScan/bean github.com/devtron-labs/common-lib/pubsub-lib github.com/devtron-labs/common-lib/pubsub-lib/metrics github.com/devtron-labs/common-lib/pubsub-lib/model @@ -842,4 +843,4 @@ sigs.k8s.io/structured-merge-diff/v4/value # sigs.k8s.io/yaml v1.3.0 ## explicit; go 1.12 sigs.k8s.io/yaml -# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 diff --git a/common-lib/constants/constants.go b/common-lib/constants/constants.go index 2b34bf833..26f918e23 100644 --- a/common-lib/constants/constants.go +++ b/common-lib/constants/constants.go @@ -57,3 +57,19 @@ const ( TOPIC = "topic" STATUS = "status" ) + +// multiple history rows for one source event +type SourceType int + +const ( + SourceTypeImage SourceType = 1 + SourceTypeCode SourceType = 2 + SourceTypeSbom SourceType = 3 // can be used in future for direct sbom scanning +) + +type SourceSubType int + +const ( + SourceSubTypeCi SourceSubType = 1 // relevant for ci code(2,1) or ci built image(1,1) + SourceSubTypeManifest SourceSubType = 2 // relevant for devtron app deployment manifest/helm app manifest(2,2) or images retrieved from manifest(1,2)) +) diff --git a/common-lib/imageScan/bean/bean.go b/common-lib/imageScan/bean/bean.go new file mode 100644 index 000000000..b18d694ea --- /dev/null +++ b/common-lib/imageScan/bean/bean.go @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2024. Devtron Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package bean + +import ( + "github.com/devtron-labs/common-lib/constants" + git "github.com/devtron-labs/common-lib/git-manager" +) + +type ManifestData struct { + ChartData []byte `json:"chartData"` + ValuesYaml []byte `json:"valuesYaml"` +} + +type ImageScanEvent struct { + Image string `json:"image"` + ImageDigest string `json:"imageDigest"` + AppId int `json:"appId"` + EnvId int `json:"envId"` + PipelineId int `json:"pipelineId"` + CiArtifactId int `json:"ciArtifactId"` + UserId int `json:"userId"` + AccessKey string `json:"accessKey"` + SecretKey string `json:"secretKey"` + Token string `json:"token"` + AwsRegion string `json:"awsRegion"` + DockerRegistryId string `json:"dockerRegistryId"` + DockerConnection string `json:"dockerConnection"` + DockerCert string `json:"dockerCert"` + CiProjectDetails []git.CiProjectDetails `json:"ciProjectDetails"` + SourceType constants.SourceType `json:"sourceType"` + SourceSubType constants.SourceSubType `json:"sourceSubType"` + CiWorkflowId int `json:"ciWorkflowId"` + CdWorkflowId int `json:"cdWorkflowId"` + ChartHistoryId int `json:"chartHistoryId"` + ManifestData *ManifestData `json:"manifestData"` + ReScan bool `json:"reScan"` +} + +func (r *ImageScanEvent) IsManifest() bool { + return r.SourceType == constants.SourceTypeCode && r.SourceSubType == constants.SourceSubTypeManifest +} + +func (r *ImageScanEvent) IsImageFromManifest() bool { + return r.SourceType == constants.SourceTypeImage && r.SourceSubType == constants.SourceSubTypeManifest +} + +func (r *ImageScanEvent) IsBuiltImage() bool { + return r.SourceType == constants.SourceTypeImage && r.SourceSubType == constants.SourceSubTypeCi +} diff --git a/git-sensor/go.mod b/git-sensor/go.mod index 903efcf4a..344f369f9 100644 --- a/git-sensor/go.mod +++ b/git-sensor/go.mod @@ -4,7 +4,7 @@ go 1.21 toolchain go1.22.4 -replace github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +replace github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 require ( github.com/caarlos0/env v3.5.0+incompatible diff --git a/git-sensor/go.sum b/git-sensor/go.sum index 50eac616b..3be6efb0e 100644 --- a/git-sensor/go.sum +++ b/git-sensor/go.sum @@ -29,8 +29,8 @@ github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b h1:0Mua8RfGFNDbaAprezc6NM5TnQdNbqo+qMVtbERx6Yg= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 h1:0nYnqC8SuDbXJY9vfC6Wg4xMgsmCi2s+d57SpoRfJ84= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= github.com/devtron-labs/protos v0.0.3-0.20240809072909-83171af34169 h1:9OMZv0/fOWKK9s9BLTofFL/BO79TdyvC1Sc1HsC4esQ= github.com/devtron-labs/protos v0.0.3-0.20240809072909-83171af34169/go.mod h1:1TqULGlTey+VNhAu/ag7NJuUvByJemkqodsc9L5PHJk= github.com/docker/cli v24.0.6+incompatible h1:fF+XCQCgJjjQNIMjzaSmiKJSCcfcXb3TWTcc7GAneOY= diff --git a/git-sensor/vendor/github.com/devtron-labs/common-lib/constants/constants.go b/git-sensor/vendor/github.com/devtron-labs/common-lib/constants/constants.go index 2b34bf833..26f918e23 100644 --- a/git-sensor/vendor/github.com/devtron-labs/common-lib/constants/constants.go +++ b/git-sensor/vendor/github.com/devtron-labs/common-lib/constants/constants.go @@ -57,3 +57,19 @@ const ( TOPIC = "topic" STATUS = "status" ) + +// multiple history rows for one source event +type SourceType int + +const ( + SourceTypeImage SourceType = 1 + SourceTypeCode SourceType = 2 + SourceTypeSbom SourceType = 3 // can be used in future for direct sbom scanning +) + +type SourceSubType int + +const ( + SourceSubTypeCi SourceSubType = 1 // relevant for ci code(2,1) or ci built image(1,1) + SourceSubTypeManifest SourceSubType = 2 // relevant for devtron app deployment manifest/helm app manifest(2,2) or images retrieved from manifest(1,2)) +) diff --git a/git-sensor/vendor/modules.txt b/git-sensor/vendor/modules.txt index bfe7bcd67..8b600f62d 100644 --- a/git-sensor/vendor/modules.txt +++ b/git-sensor/vendor/modules.txt @@ -62,7 +62,7 @@ github.com/cyphar/filepath-securejoin # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/devtron-labs/common-lib v0.0.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib v0.0.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 ## explicit; go 1.21 github.com/devtron-labs/common-lib/constants github.com/devtron-labs/common-lib/git-manager @@ -487,4 +487,4 @@ gopkg.in/yaml.v3 # mellium.im/sasl v0.3.1 ## explicit; go 1.18 mellium.im/sasl -# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 diff --git a/image-scanner/api/RestHandler.go b/image-scanner/api/RestHandler.go index 574cba384..045dd3e76 100644 --- a/image-scanner/api/RestHandler.go +++ b/image-scanner/api/RestHandler.go @@ -18,6 +18,7 @@ package api import ( "encoding/json" + bean2 "github.com/devtron-labs/common-lib/imageScan/bean" "github.com/devtron-labs/image-scanner/common" "github.com/devtron-labs/image-scanner/pkg/clairService" "github.com/devtron-labs/image-scanner/pkg/grafeasService" @@ -34,7 +35,7 @@ import ( type RestHandler interface { ScanForVulnerability(w http.ResponseWriter, r *http.Request) - ScanForVulnerabilityEvent(scanConfig *common.ImageScanEvent) (*common.ScanEventResponse, error) + ScanForVulnerabilityEvent(scanConfig *bean2.ImageScanEvent) (*common.ScanEventResponse, error) } func NewRestHandlerImpl(logger *zap.SugaredLogger, @@ -84,7 +85,7 @@ type ResetRequest struct { func (impl *RestHandlerImpl) ScanForVulnerability(w http.ResponseWriter, r *http.Request) { decoder := json.NewDecoder(r.Body) - var scanConfig common.ImageScanEvent + var scanConfig bean2.ImageScanEvent err := decoder.Decode(&scanConfig) if err != nil { impl.Logger.Errorw("error in decode request", "error", err) @@ -101,7 +102,7 @@ func (impl *RestHandlerImpl) ScanForVulnerability(w http.ResponseWriter, r *http WriteJsonResp(w, err, result, http.StatusOK) } -func (impl *RestHandlerImpl) ScanForVulnerabilityEvent(scanConfig *common.ImageScanEvent) (*common.ScanEventResponse, error) { +func (impl *RestHandlerImpl) ScanForVulnerabilityEvent(scanConfig *bean2.ImageScanEvent) (*common.ScanEventResponse, error) { if scanConfig.UserId == 0 { scanConfig.UserId = 1 //setting user as system user in case of empty user data } @@ -144,7 +145,7 @@ func (impl *RestHandlerImpl) ScanForVulnerabilityEvent(scanConfig *common.ImageS return result, nil } -func (impl *RestHandlerImpl) ScanImageAsPerTool(scanConfig *common.ImageScanEvent, tool *repository.ScanToolMetadata, +func (impl *RestHandlerImpl) ScanImageAsPerTool(scanConfig *bean2.ImageScanEvent, tool *repository.ScanToolMetadata, executionHistory *repository.ImageScanExecutionHistory, executionHistoryDirPath string) (*common.ScanEventResponse, error) { var result = &common.ScanEventResponse{} imageToBeScanned, err := impl.ImageScanService.GetImageToBeScannedAndFetchCliEnv(scanConfig) diff --git a/image-scanner/common/bean.go b/image-scanner/common/bean.go index 31f5bfb74..b775c75f0 100644 --- a/image-scanner/common/bean.go +++ b/image-scanner/common/bean.go @@ -17,7 +17,7 @@ package common import ( - git "github.com/devtron-labs/common-lib/git-manager" + bean2 "github.com/devtron-labs/common-lib/imageScan/bean" "github.com/optiopay/klar/clair" "github.com/quay/claircore" "strings" @@ -67,37 +67,8 @@ type ImageScanRenderDto struct { DockerConnection string `json:"-"` } -type ImageScanEvent struct { - Image string `json:"image"` - ImageDigest string `json:"imageDigest"` - AppId int `json:"appId"` - EnvId int `json:"envId"` - PipelineId int `json:"pipelineId"` - CiArtifactId int `json:"ciArtifactId"` - UserId int `json:"userId"` - AccessKey string `json:"accessKey"` - SecretKey string `json:"secretKey"` - Token string `json:"token"` - AwsRegion string `json:"awsRegion"` - DockerRegistryId string `json:"dockerRegistryId"` - DockerConnection string `json:"dockerConnection"` - DockerCert string `json:"dockerCert"` - CiProjectDetails []git.CiProjectDetails `json:"ciProjectDetails"` - SourceType SourceType `json:"sourceType"` - SourceSubType SourceSubType `json:"sourceSubType"` - CiWorkflowId int `json:"ciWorkflowId"` - CdWorkflowId int `json:"cdWorkflowId"` - ChartHistoryId int `json:"chartHistoryId"` - ManifestData *ManifestData `json:"manifestData"` - ReScan bool `json:"reScan"` -} - -func (r *ImageScanEvent) IsManifest() bool { - return r.SourceType == SourceTypeCode && r.SourceSubType == SourceSubTypeManifest -} - type ScanEventResponse struct { - RequestData *ImageScanEvent `json:"requestData"` + RequestData *bean2.ImageScanEvent `json:"requestData"` ResponseDataClairV4 []*claircore.Vulnerability `json:"responseDataClairV4"` ResponseDataClairV2 []*clair.Vulnerability `json:"ResponseDataClairV2"` CodeScanRes interface{} `json:"codeScanResponse"` @@ -178,24 +149,3 @@ func RemoveTrailingComma(jsonString string) string { } return jsonString } - -// multiple history rows for one source event -type SourceType int - -const ( - SourceTypeImage SourceType = 1 - SourceTypeCode SourceType = 2 - SourceTypeSbom SourceType = 3 // can be used in future for direct sbom scanning -) - -type SourceSubType int - -const ( - SourceSubTypeCi SourceSubType = 1 // relevant for ci code(2,1) or ci built image(1,1) - SourceSubTypeManifest SourceSubType = 2 // relevant for devtron app deployment manifest/helm app manifest(2,2) or images retrieved from manifest(1,2)) -) - -type ManifestData struct { - ChartData []byte `json:"chartData"` - ValuesYaml []byte `json:"valuesYaml"` -} diff --git a/image-scanner/go.mod b/image-scanner/go.mod index 342ab4fe0..358d18130 100644 --- a/image-scanner/go.mod +++ b/image-scanner/go.mod @@ -74,4 +74,4 @@ require ( mellium.im/sasl v0.3.1 // indirect ) -replace github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +replace github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 diff --git a/image-scanner/go.sum b/image-scanner/go.sum index 587db5067..17badcf61 100644 --- a/image-scanner/go.sum +++ b/image-scanner/go.sum @@ -280,8 +280,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b h1:0Mua8RfGFNDbaAprezc6NM5TnQdNbqo+qMVtbERx6Yg= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 h1:0nYnqC8SuDbXJY9vfC6Wg4xMgsmCi2s+d57SpoRfJ84= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= diff --git a/image-scanner/pkg/clairService/ClairService.go b/image-scanner/pkg/clairService/ClairService.go index 4246f75b4..545f845c7 100644 --- a/image-scanner/pkg/clairService/ClairService.go +++ b/image-scanner/pkg/clairService/ClairService.go @@ -22,11 +22,11 @@ import ( "errors" "fmt" "github.com/caarlos0/env/v6" + "github.com/devtron-labs/common-lib/imageScan/bean" "github.com/devtron-labs/image-scanner/common" "github.com/devtron-labs/image-scanner/pkg/roundTripper" "github.com/devtron-labs/image-scanner/pkg/security" "github.com/devtron-labs/image-scanner/pkg/sql/repository" - "github.com/go-pg/pg" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/google/go-containerregistry/pkg/v1/remote" @@ -49,7 +49,7 @@ const ( ) type ClairService interface { - ScanImage(scanEvent *common.ImageScanEvent, tool *repository.ScanToolMetadata, executionHistory *repository.ImageScanExecutionHistory) (*common.ScanEventResponse, error) + ScanImage(scanEvent *bean.ImageScanEvent, tool *repository.ScanToolMetadata, executionHistory *repository.ImageScanExecutionHistory) (*common.ScanEventResponse, error) CheckIfIndexReportExistsForManifestHash(manifestHash claircore.Digest) (bool, error) CreateIndexReportFromManifest(manifest *claircore.Manifest) error GetVulnerabilityReportFromManifestHash(manifestHash claircore.Digest) (*claircore.VulnerabilityReport, error) @@ -100,13 +100,13 @@ func GetClairConfig() (*ClairConfig, error) { return cfg, err } -func (impl *ClairServiceImpl) ScanImage(scanEvent *common.ImageScanEvent, tool *repository.ScanToolMetadata, executionHistory *repository.ImageScanExecutionHistory) (*common.ScanEventResponse, error) { +func (impl *ClairServiceImpl) ScanImage(scanEvent *bean.ImageScanEvent, tool *repository.ScanToolMetadata, executionHistory *repository.ImageScanExecutionHistory) (*common.ScanEventResponse, error) { impl.Logger.Debugw("new request, scan image", "requestPayload", scanEvent) scanEventResponse := &common.ScanEventResponse{ RequestData: scanEvent, } - _, isImageScanned, err := impl.ImageScanService.IsImageScanned(scanEvent.Image, false) - if err != nil && err != pg.ErrNoRows { + _, isImageScanned, err := impl.ImageScanService.IsImageScanned(scanEvent.Image) + if err != nil { impl.Logger.Errorw("error in fetching scan history ", "err", err, "image", scanEvent.Image) return nil, err } @@ -134,7 +134,7 @@ func (impl *ClairServiceImpl) ScanImage(scanEvent *common.ImageScanEvent, tool * return scanEventResponse, nil } -func (impl *ClairServiceImpl) GetVulnerabilityReportFromClair(scanEvent *common.ImageScanEvent) (*claircore.VulnerabilityReport, error) { +func (impl *ClairServiceImpl) GetVulnerabilityReportFromClair(scanEvent *bean.ImageScanEvent) (*claircore.VulnerabilityReport, error) { //get manifest from image manifest, err := impl.CreateClairManifest(scanEvent) if err != nil { @@ -180,7 +180,7 @@ func (impl *ClairServiceImpl) GetVulnerabilityReportFromClair(scanEvent *common. return vulnerabilityReport, nil } -func (impl *ClairServiceImpl) CreateClairManifest(scanEvent *common.ImageScanEvent) (*claircore.Manifest, error) { +func (impl *ClairServiceImpl) CreateClairManifest(scanEvent *bean.ImageScanEvent) (*claircore.Manifest, error) { roundTripper, err := impl.RoundTripperService.GetRoundTripper(scanEvent) if err != nil { impl.Logger.Errorw("error in getting round tripper", "err", "image", scanEvent.Image) diff --git a/image-scanner/pkg/grafeasService/grafeasService.go b/image-scanner/pkg/grafeasService/grafeasService.go index 9044e1020..1b6357183 100644 --- a/image-scanner/pkg/grafeasService/grafeasService.go +++ b/image-scanner/pkg/grafeasService/grafeasService.go @@ -20,7 +20,7 @@ import ( "bytes" "encoding/json" "fmt" - "github.com/devtron-labs/image-scanner/common" + "github.com/devtron-labs/common-lib/imageScan/bean" "github.com/devtron-labs/image-scanner/grafeas" "github.com/optiopay/klar/clair" "go.uber.org/zap" @@ -43,8 +43,8 @@ func GetGrafeasClient() *grafeas.APIClient { type GrafeasService interface { GetNotesById(noteID string) (*grafeas.V1beta1Note, error) GetAllNotes() ([]*grafeas.V1beta1Note, error) - CreateNote(vs []*clair.Vulnerability, event *common.ImageScanEvent) (bool, error) - CreateOccurrence(v *clair.Vulnerability, noteName string, event *common.ImageScanEvent) (bool, error) + CreateNote(vs []*clair.Vulnerability, event *bean.ImageScanEvent) (bool, error) + CreateOccurrence(v *clair.Vulnerability, noteName string, event *bean.ImageScanEvent) (bool, error) GetOccurrenceById(noteID string) (*grafeas.V1beta1Occurrence, error) GetAllOccurrence() ([]*grafeas.V1beta1Occurrence, error) } @@ -144,7 +144,7 @@ func (impl *GrafeasServiceImpl) GetAllNotes() ([]*grafeas.V1beta1Note, error) { return noteResponse, nil } -func (impl *GrafeasServiceImpl) CreateNote(vs []*clair.Vulnerability, event *common.ImageScanEvent) (bool, error) { +func (impl *GrafeasServiceImpl) CreateNote(vs []*clair.Vulnerability, event *bean.ImageScanEvent) (bool, error) { for _, item := range vs { var vulnerabilityDetails []grafeas.VulnerabilityDetail vulnerabilityDetails = append(vulnerabilityDetails, grafeas.VulnerabilityDetail{ @@ -195,7 +195,7 @@ func (impl *GrafeasServiceImpl) CreateNote(vs []*clair.Vulnerability, event *com return true, nil } -func (impl *GrafeasServiceImpl) CreateOccurrence(v *clair.Vulnerability, noteName string, event *common.ImageScanEvent) (bool, error) { +func (impl *GrafeasServiceImpl) CreateOccurrence(v *clair.Vulnerability, noteName string, event *bean.ImageScanEvent) (bool, error) { kind := grafeas.VULNERABILITY_V1beta1NoteKind versionKind := grafeas.NORMAL_VersionVersionKind vulnerabilityVulnerability := grafeas.V1beta1vulnerabilityDetails{} diff --git a/image-scanner/pkg/klarService/KlarService.go b/image-scanner/pkg/klarService/KlarService.go index f934198f6..9a00ece73 100644 --- a/image-scanner/pkg/klarService/KlarService.go +++ b/image-scanner/pkg/klarService/KlarService.go @@ -23,11 +23,11 @@ import ( "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/ecr" + bean2 "github.com/devtron-labs/common-lib/imageScan/bean" "github.com/devtron-labs/image-scanner/common" "github.com/devtron-labs/image-scanner/pkg/security" "github.com/devtron-labs/image-scanner/pkg/sql/bean" "github.com/devtron-labs/image-scanner/pkg/sql/repository" - "github.com/go-pg/pg" "strings" "errors" @@ -62,7 +62,7 @@ func GetKlarConfig() (*KlarConfig, error) { } type KlarService interface { - Process(scanEvent *common.ImageScanEvent, executionHistory *repository.ImageScanExecutionHistory) (*common.ScanEventResponse, error) + Process(scanEvent *bean2.ImageScanEvent, executionHistory *repository.ImageScanExecutionHistory) (*common.ScanEventResponse, error) } type KlarServiceImpl struct { @@ -90,7 +90,7 @@ func NewKlarServiceImpl(logger *zap.SugaredLogger, klarConfig *KlarConfig, grafe } } -func (impl *KlarServiceImpl) Process(scanEvent *common.ImageScanEvent, executionHistory *repository.ImageScanExecutionHistory) (*common.ScanEventResponse, error) { +func (impl *KlarServiceImpl) Process(scanEvent *bean2.ImageScanEvent, executionHistory *repository.ImageScanExecutionHistory) (*common.ScanEventResponse, error) { scanEventResponse := &common.ScanEventResponse{ RequestData: scanEvent, } @@ -99,8 +99,8 @@ func (impl *KlarServiceImpl) Process(scanEvent *common.ImageScanEvent, execution impl.logger.Errorw("error in getting docker registry by id", "err", err, "id", scanEvent.DockerRegistryId) return nil, err } - _, scanned, err := impl.imageScanService.IsImageScanned(scanEvent.Image, false) - if err != nil && err != pg.ErrNoRows { + _, scanned, err := impl.imageScanService.IsImageScanned(scanEvent.Image) + if err != nil { impl.logger.Errorw("error in fetching scan history ", "err", err) return nil, err } diff --git a/image-scanner/pkg/roundTripper/RoundTripperService.go b/image-scanner/pkg/roundTripper/RoundTripperService.go index 3a1f3d825..b16ec2aba 100644 --- a/image-scanner/pkg/roundTripper/RoundTripperService.go +++ b/image-scanner/pkg/roundTripper/RoundTripperService.go @@ -23,7 +23,7 @@ import ( "github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/ecr" - "github.com/devtron-labs/image-scanner/common" + "github.com/devtron-labs/common-lib/imageScan/bean" "github.com/devtron-labs/image-scanner/pkg/security" "github.com/devtron-labs/image-scanner/pkg/sql/repository" "github.com/google/go-containerregistry/pkg/authn" @@ -36,7 +36,7 @@ import ( ) type RoundTripperService interface { - GetRoundTripper(scanEvent *common.ImageScanEvent) (http.RoundTripper, error) + GetRoundTripper(scanEvent *bean.ImageScanEvent) (http.RoundTripper, error) } type RoundTripperServiceImpl struct { Logger *zap.SugaredLogger @@ -66,7 +66,7 @@ const ( userAgent = `clairctl/1` ) -func (impl *RoundTripperServiceImpl) GetRoundTripper(scanEvent *common.ImageScanEvent) (http.RoundTripper, error) { +func (impl *RoundTripperServiceImpl) GetRoundTripper(scanEvent *bean.ImageScanEvent) (http.RoundTripper, error) { authenticator, dockerRegistry, err := impl.GetAuthenticatorByDockerRegistryId(scanEvent.DockerRegistryId) if err != nil { impl.Logger.Errorw("error, GetAuthenticatorByDockerRegistryId", "err", err, "dockerRegistryId", scanEvent.DockerRegistryId) diff --git a/image-scanner/pkg/security/ImageScanService.go b/image-scanner/pkg/security/ImageScanService.go index 413ee9da0..bff7f78c7 100644 --- a/image-scanner/pkg/security/ImageScanService.go +++ b/image-scanner/pkg/security/ImageScanService.go @@ -24,6 +24,7 @@ import ( "fmt" "github.com/Knetic/govaluate" "github.com/caarlos0/env" + bean2 "github.com/devtron-labs/common-lib/imageScan/bean" "github.com/devtron-labs/image-scanner/common" cliUtil "github.com/devtron-labs/image-scanner/internals/step-lib/util/cli-util" commonUtil "github.com/devtron-labs/image-scanner/internals/step-lib/util/common-util" @@ -49,18 +50,19 @@ import ( ) type ImageScanService interface { - ScanImage(scanEvent *common.ImageScanEvent, tool *repository.ScanToolMetadata, executionHistory *repository.ImageScanExecutionHistory, executionHistoryDirPath string) error - CreateScanExecutionRegistryForClairV4(vs []*claircore.Vulnerability, event *common.ImageScanEvent, toolId int, executionHistory *repository.ImageScanExecutionHistory) ([]*claircore.Vulnerability, error) - CreateScanExecutionRegistryForClairV2(vs []*clair.Vulnerability, event *common.ImageScanEvent, toolId int, executionHistory *repository.ImageScanExecutionHistory) ([]*clair.Vulnerability, error) - IsImageScanned(image string, hasSource bool) (int, bool, error) - ScanImageForTool(tool *repository.ScanToolMetadata, executionHistoryId int, executionHistoryDirPathCopy string, wg *sync.WaitGroup, userId int32, ctx context.Context, imageScanRenderDto *common.ImageScanRenderDto, isV2 bool) (string, string, error) + ScanImage(scanEvent *bean2.ImageScanEvent, tool *repository.ScanToolMetadata, executionHistory *repository.ImageScanExecutionHistory, executionHistoryDirPath string) error + CreateScanExecutionRegistryForClairV4(vs []*claircore.Vulnerability, event *bean2.ImageScanEvent, toolId int, executionHistory *repository.ImageScanExecutionHistory) ([]*claircore.Vulnerability, error) + CreateScanExecutionRegistryForClairV2(vs []*clair.Vulnerability, event *bean2.ImageScanEvent, toolId int, executionHistory *repository.ImageScanExecutionHistory) ([]*clair.Vulnerability, error) + IsImageScanned(image string) (int, bool, error) + ScanImageForTool(tool *repository.ScanToolMetadata, executionHistoryId int, executionHistoryDirPathCopy string, wg *sync.WaitGroup, userId int32, ctx context.Context, imageScanRenderDto *common.ImageScanRenderDto) (string, string, error) CreateFolderForOutputData(executionHistoryModelId int) string HandleProgressingScans() GetActiveTool() (*repository.ScanToolMetadata, error) RegisterScanExecutionHistoryAndState(executionHistoryModel *repository.ImageScanExecutionHistory, tool *repository.ScanToolMetadata) (*repository.ImageScanExecutionHistory, string, error) - GetImageScanRenderDto(registryId string, scanEvent *common.ImageScanEvent) (*common.ImageScanRenderDto, error) - GetImageToBeScannedAndFetchCliEnv(scanEvent *common.ImageScanEvent) (string, error) - FetchProxyUrl(scanEvent *common.ImageScanEvent) (string, []name.Option, error) + GetImageScanRenderDto(registryId string, scanEvent *bean2.ImageScanEvent) (*common.ImageScanRenderDto, error) + GetImageToBeScannedAndFetchCliEnv(scanEvent *bean2.ImageScanEvent) (string, error) + FetchProxyUrl(scanEvent *bean2.ImageScanEvent) (string, []name.Option, error) + SaveCvesAndImageScanExecutionResults(vulnerabilities []*bean.ImageScanOutputObject, executionHistoryId int, toolId int, userId int32) error } type ImageScanServiceImpl struct { @@ -111,7 +113,7 @@ func NewImageScanServiceImpl(logger *zap.SugaredLogger, scanHistoryRepository re return imageScanService } -func (impl *ImageScanServiceImpl) GetImageToBeScannedAndFetchCliEnv(scanEvent *common.ImageScanEvent) (string, error) { +func (impl *ImageScanServiceImpl) GetImageToBeScannedAndFetchCliEnv(scanEvent *bean2.ImageScanEvent) (string, error) { impl.CliCommandEnv = append(os.Environ(), impl.CliCommandEnv...) return scanEvent.Image, nil } @@ -164,12 +166,12 @@ func (impl *ImageScanServiceImpl) CreateCaCertFile(cert string) (string, error) return caCertFilePath, nil } -func (impl *ImageScanServiceImpl) ScanImage(scanEvent *common.ImageScanEvent, tool *repository.ScanToolMetadata, executionHistory *repository.ImageScanExecutionHistory, executionHistoryDirPath string) error { +func (impl *ImageScanServiceImpl) ScanImage(scanEvent *bean2.ImageScanEvent, tool *repository.ScanToolMetadata, executionHistory *repository.ImageScanExecutionHistory, executionHistoryDirPath string) error { ctx, cancel := context.WithTimeout(context.Background(), time.Duration(impl.ImageScanConfig.ScanImageTimeout)*time.Minute) defer cancel() //checking if image is already scanned or not - _, isImageScanned, err := impl.IsImageScanned(scanEvent.Image, false) - if err != nil && err != pg.ErrNoRows { + _, isImageScanned, err := impl.IsImageScanned(scanEvent.Image) + if err != nil { impl.Logger.Errorw("error in fetching scan history ", "image", scanEvent.Image, "err", err) return err } @@ -195,7 +197,7 @@ func (impl *ImageScanServiceImpl) ScanImage(scanEvent *common.ImageScanEvent, to wg := &sync.WaitGroup{} wg.Add(1) // TODO: if multiple processes are to be done in parallel, then error propagation should have to be done via channels - _, _, err = impl.ScanImageForTool(tool, executionHistory.Id, executionHistoryDirPath, wg, int32(scanEvent.UserId), ctx, imageScanRenderDto, false) + _, _, err = impl.ScanImageForTool(tool, executionHistory.Id, executionHistoryDirPath, wg, int32(scanEvent.UserId), ctx, imageScanRenderDto) if err != nil { impl.Logger.Errorw("err in scanning image", "tool", tool, "executionHistory.Id", executionHistory.Id, "executionHistoryDirPath", executionHistoryDirPath, "scanEvent.UserId", scanEvent.UserId, "err", err) return err @@ -204,7 +206,7 @@ func (impl *ImageScanServiceImpl) ScanImage(scanEvent *common.ImageScanEvent, to return err } -func (impl *ImageScanServiceImpl) GetImageScanRenderDto(registryId string, scanEvent *common.ImageScanEvent) (*common.ImageScanRenderDto, error) { +func (impl *ImageScanServiceImpl) GetImageScanRenderDto(registryId string, scanEvent *bean2.ImageScanEvent) (*common.ImageScanRenderDto, error) { dockerRegistry, err := impl.DockerArtifactStoreRepository.FindById(registryId) if err == pg.ErrNoRows { dockerRegistry = &repository.DockerArtifactStore{} @@ -224,7 +226,7 @@ func (impl *ImageScanServiceImpl) GetImageScanRenderDto(registryId string, scanE } return imageScanRenderDto, nil } -func (impl *ImageScanServiceImpl) ScanImageForTool(tool *repository.ScanToolMetadata, executionHistoryId int, executionHistoryDirPathCopy string, wg *sync.WaitGroup, userId int32, ctx context.Context, imageScanRenderDto *common.ImageScanRenderDto, isV2 bool) (string, string, error) { +func (impl *ImageScanServiceImpl) ScanImageForTool(tool *repository.ScanToolMetadata, executionHistoryId int, executionHistoryDirPathCopy string, wg *sync.WaitGroup, userId int32, ctx context.Context, imageScanRenderDto *common.ImageScanRenderDto) (string, string, error) { toolCopy := *tool var processedState bean.ScanExecutionProcessState err := impl.ProcessScanForTool(toolCopy, executionHistoryDirPathCopy, executionHistoryId, userId, ctx, imageScanRenderDto) @@ -238,11 +240,11 @@ func (impl *ImageScanServiceImpl) ScanImageForTool(tool *repository.ScanToolMeta } updateErr := impl.ScanToolExecutionHistoryMappingRepository.UpdateStateByToolAndExecutionHistoryId(executionHistoryId, toolCopy.Id, processedState, time.Now(), errorMessage) if updateErr != nil { - impl.Logger.Errorw("error in UpdateStateByToolAndExecutionHistoryId", "err", err) - err = updateErr + impl.Logger.Errorw("error in UpdateStateByToolAndExecutionHistoryId", "err", updateErr) + return "", "", updateErr } wg.Done() - return "", "", err + return "", "", nil } func (impl *ImageScanServiceImpl) CreateFolderForOutputData(executionHistoryModelId int) string { executionHistoryModelIdStr := strconv.Itoa(executionHistoryModelId) @@ -453,23 +455,7 @@ func (impl *ImageScanServiceImpl) ProcessScanStep(step repository.ScanToolStep, return output, nil } -func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(stepOutput []byte, executionHistoryId int, tool repository.ScanToolMetadata, step repository.ScanToolStep, userId int32) error { - var vulnerabilities []*bean.ImageScanOutputObject - var err error - if isV1Template(tool.ResultDescriptorTemplate) { // result descriptor template is go template, go with v1 logic - vulnerabilities, err = impl.getImageScanOutputObjectsV1(stepOutput, tool.ResultDescriptorTemplate) - if err != nil { - impl.Logger.Errorw("error, getImageScanOutputObjectsV1", "stepOutput", stepOutput, "resultDescriptorTemplate", tool.ResultDescriptorTemplate, "err", err) - return err - } - } else { //not go template, go with v2 logic - vulnerabilities, err = impl.getImageScanOutputObjectsV2(stepOutput, tool.ResultDescriptorTemplate) - if err != nil { - impl.Logger.Errorw("error, getImageScanOutputObjectsV2", "stepOutput", stepOutput, "resultDescriptorTemplate", tool.ResultDescriptorTemplate, "err", err) - return err - } - } - +func (impl *ImageScanServiceImpl) SaveCvesAndImageScanExecutionResults(vulnerabilities []*bean.ImageScanOutputObject, executionHistoryId int, toolId int, userId int32) error { cvesToBeSaved := make([]*repository.CveStore, 0, len(vulnerabilities)) uniqueVulnerabilityMap := make(map[string]*bean.ImageScanOutputObject) allCvesNames := make([]string, 0, len(vulnerabilities)) @@ -513,7 +499,7 @@ func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(ste imageScanExecutionResults := make([]*repository.ImageScanExecutionResult, 0, len(vulnerabilities)) for _, vul := range vulnerabilities { - imageScanExecutionResult := createImageScanExecutionResultObject(executionHistoryId, vul.Name, vul.Package, vul.PackageVersion, vul.FixedInVersion, vul.Class, vul.Type, vul.TargetName, tool.Id) + imageScanExecutionResult := createImageScanExecutionResultObject(executionHistoryId, vul.Name, vul.Package, vul.PackageVersion, vul.FixedInVersion, vul.Class, vul.Type, vul.TargetName, toolId) imageScanExecutionResults = append(imageScanExecutionResults, imageScanExecutionResult) } tx, err := impl.CveStoreRepository.GetConnection().Begin() @@ -552,6 +538,30 @@ func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(ste return nil } +func (impl *ImageScanServiceImpl) ConvertEndStepOutputAndSaveVulnerabilities(stepOutput []byte, executionHistoryId int, tool repository.ScanToolMetadata, step repository.ScanToolStep, userId int32) error { + var vulnerabilities []*bean.ImageScanOutputObject + var err error + if isV1Template(tool.ResultDescriptorTemplate) { // result descriptor template is go template, go with v1 logic + vulnerabilities, err = impl.getImageScanOutputObjectsV1(stepOutput, tool.ResultDescriptorTemplate) + if err != nil { + impl.Logger.Errorw("error, getImageScanOutputObjectsV1", "stepOutput", stepOutput, "resultDescriptorTemplate", tool.ResultDescriptorTemplate, "err", err) + return err + } + } else { //not go template, go with v2 logic + vulnerabilities, err = impl.getImageScanOutputObjectsV2(stepOutput, tool.ResultDescriptorTemplate) + if err != nil { + impl.Logger.Errorw("error, getImageScanOutputObjectsV2", "stepOutput", stepOutput, "resultDescriptorTemplate", tool.ResultDescriptorTemplate, "err", err) + return err + } + } + err = impl.SaveCvesAndImageScanExecutionResults(vulnerabilities, executionHistoryId, tool.Id, userId) + if err != nil { + impl.Logger.Errorw("error, saveCvesAndImageScanExecutionResults", "executionHistoryId", executionHistoryId, "err", err) + return err + } + return nil +} + func isV1Template(resultDescriptorTemplate string) bool { var mappings []map[string]interface{} err := json.Unmarshal([]byte(resultDescriptorTemplate), &mappings) @@ -720,7 +730,7 @@ func (impl *ImageScanServiceImpl) RenderInputDataForAStep(inputPayloadTmpl strin return buf.Bytes(), nil } -func (impl *ImageScanServiceImpl) CreateScanExecutionRegistryForClairV4(vs []*claircore.Vulnerability, event *common.ImageScanEvent, toolId int, executionHistory *repository.ImageScanExecutionHistory) ([]*claircore.Vulnerability, error) { +func (impl *ImageScanServiceImpl) CreateScanExecutionRegistryForClairV4(vs []*claircore.Vulnerability, event *bean2.ImageScanEvent, toolId int, executionHistory *repository.ImageScanExecutionHistory) ([]*claircore.Vulnerability, error) { imageScanExecutionResultsToBeSaved := make([]*repository.ImageScanExecutionResult, 0, len(vs)) cvesToUpdate := make([]*repository.CveStore, 0, len(vs)) @@ -782,7 +792,7 @@ func (impl *ImageScanServiceImpl) CreateScanExecutionRegistryForClairV4(vs []*cl return vs, nil } -func (impl *ImageScanServiceImpl) CreateScanExecutionRegistryForClairV2(vs []*clair.Vulnerability, event *common.ImageScanEvent, toolId int, executionHistory *repository.ImageScanExecutionHistory) ([]*clair.Vulnerability, error) { +func (impl *ImageScanServiceImpl) CreateScanExecutionRegistryForClairV2(vs []*clair.Vulnerability, event *bean2.ImageScanEvent, toolId int, executionHistory *repository.ImageScanExecutionHistory) ([]*clair.Vulnerability, error) { imageScanExecutionResultsToBeSaved := make([]*repository.ImageScanExecutionResult, 0, len(vs)) cvesToUpdate := make([]*repository.CveStore, 0, len(vs)) @@ -844,24 +854,24 @@ func (impl *ImageScanServiceImpl) CreateScanExecutionRegistryForClairV2(vs []*cl return vs, nil } -func (impl *ImageScanServiceImpl) IsImageScanned(image string, hasSource bool) (int, bool, error) { +func (impl *ImageScanServiceImpl) IsImageScanned(image string) (int, bool, error) { scanned := false scanHistory, err := impl.ScanHistoryRepository.FindByImage(image) - if err != nil && err != pg.ErrNoRows { + if err != nil && !util.IsErrNoRows(err) { impl.Logger.Errorw("error in fetching scan history ", "err", err) - return 0, scanned, err - } - scanHistoryId := 0 - if scanHistory != nil { - scanHistoryId = scanHistory.Id - //scanned = true - } - if scanHistoryId > 0 { - scanHistoryMappings, err := impl.ScanToolExecutionHistoryMappingRepository.GetAllScanHistoriesByExecutionHistoryIdAndStates(scanHistoryId, []bean.ScanExecutionProcessState{bean.ScanExecutionProcessStateRunning, bean.ScanExecutionProcessStateCompleted}) - if err != nil && err != pg.ErrNoRows { - impl.Logger.Errorw("error in getting history mappings", "err", err) - return 0, scanned, err + return 0, false, err + } else if util.IsErrNoRows(err) { + return 0, false, nil + } + if scanHistory.Id > 0 { + scanHistoryMappings, err := impl.ScanToolExecutionHistoryMappingRepository.GetAllScanHistoriesByExecutionHistoryIdAndStates(scanHistory.Id, []bean.ScanExecutionProcessState{bean.ScanExecutionProcessStateRunning, bean.ScanExecutionProcessStateCompleted}) + if err != nil && !util.IsErrNoRows(err) { + impl.Logger.Errorw("error in getting history mappings", "executionScanHistoryId", scanHistory.Id, "err", err) + return 0, false, err + } else if util.IsErrNoRows(err) { + return 0, false, err } + if len(scanHistoryMappings) > 0 { scanned = true } @@ -960,7 +970,7 @@ func (impl *ImageScanServiceImpl) HandleProgressingScans() { //System doing image scanning for all pending scans for _, scanHistory := range scanHistories { - scanEvent := common.ImageScanEvent{} + scanEvent := bean2.ImageScanEvent{} scanEventJson := imageScanExecutionHistoryMap[scanHistory.ImageScanExecutionHistoryId].SourceMetadataJson if len(scanEventJson) == 0 { return @@ -976,7 +986,7 @@ func (impl *ImageScanServiceImpl) HandleProgressingScans() { impl.Logger.Errorw("service error, GetImageScanRenderDto", "dockerRegistryId", scanEvent.DockerRegistryId, "err", err) return } - _, _, err = impl.ScanImageForTool(scanTool, scanHistory.ImageScanExecutionHistoryId, executionHistoryDirPath, wg, 1, context.Background(), imageScanRenderDto, false) + _, _, err = impl.ScanImageForTool(scanTool, scanHistory.ImageScanExecutionHistoryId, executionHistoryDirPath, wg, 1, context.Background(), imageScanRenderDto) if err != nil { impl.Logger.Errorw("error in scanning image", "err", err) return @@ -994,7 +1004,7 @@ func (impl *ImageScanServiceImpl) HandleProgressingScans() { } -func (impl *ImageScanServiceImpl) FetchProxyUrl(scanEvent *common.ImageScanEvent) (string, []name.Option, error) { +func (impl *ImageScanServiceImpl) FetchProxyUrl(scanEvent *bean2.ImageScanEvent) (string, []name.Option, error) { return "", []name.Option{}, nil } diff --git a/image-scanner/pkg/security/bean.go b/image-scanner/pkg/security/bean.go index bf50be010..ca51e588b 100644 --- a/image-scanner/pkg/security/bean.go +++ b/image-scanner/pkg/security/bean.go @@ -1,12 +1,12 @@ package security import ( - "github.com/devtron-labs/image-scanner/common" + "github.com/devtron-labs/common-lib/imageScan/bean" "github.com/devtron-labs/image-scanner/pkg/sql/repository" ) type ScanCodeRequest struct { - ScanEvent *common.ImageScanEvent + ScanEvent *bean.ImageScanEvent Tool *repository.ScanToolMetadata ExecutionHistory *repository.ImageScanExecutionHistory ExecutionHistoryDirPath string diff --git a/image-scanner/pkg/sql/repository/ImageScanHistoryRepository.go b/image-scanner/pkg/sql/repository/ImageScanHistoryRepository.go index 010c6dad7..c29c1925e 100644 --- a/image-scanner/pkg/sql/repository/ImageScanHistoryRepository.go +++ b/image-scanner/pkg/sql/repository/ImageScanHistoryRepository.go @@ -17,28 +17,28 @@ package repository import ( - "github.com/devtron-labs/image-scanner/common" + "github.com/devtron-labs/common-lib/constants" "github.com/go-pg/pg" "go.uber.org/zap" "time" ) type ImageScanExecutionHistory struct { - tableName struct{} `sql:"image_scan_execution_history" pg:",discard_unknown_columns"` - Id int `sql:"id,pk"` - Image string `sql:"image,notnull"` - ImageHash string `sql:"image_hash,notnull"` // TODO Migrate to request metadata - ExecutionTime time.Time `sql:"execution_time"` - ExecutedBy int `sql:"executed_by,notnull"` - SourceMetadataJson string `sql:"source_metadata_json"` // to have relevant info to process a scan for a given source type and subtype - ExecutionHistoryDirectoryPath string `sql:"execution_history_directory_path"` // Deprecated - SourceType common.SourceType `sql:"source_type"` - SourceSubType common.SourceSubType `sql:"source_sub_type"` - ParentId int `sql:"parent_id"` - IsLatest bool `sql:"is_latest"` -} - -func (r *ImageScanExecutionHistory) IsSourceAndSubSourceTypeSame(sourceType common.SourceType, sourceSubType common.SourceSubType) bool { + tableName struct{} `sql:"image_scan_execution_history" pg:",discard_unknown_columns"` + Id int `sql:"id,pk"` + Image string `sql:"image,notnull"` + ImageHash string `sql:"image_hash,notnull"` // TODO Migrate to request metadata + ExecutionTime time.Time `sql:"execution_time"` + ExecutedBy int `sql:"executed_by,notnull"` + SourceMetadataJson string `sql:"source_metadata_json"` // to have relevant info to process a scan for a given source type and subtype + ExecutionHistoryDirectoryPath string `sql:"execution_history_directory_path"` // Deprecated + SourceType constants.SourceType `sql:"source_type"` + SourceSubType constants.SourceSubType `sql:"source_sub_type"` + ParentId int `sql:"parent_id"` + IsLatest bool `sql:"is_latest"` +} + +func (r *ImageScanExecutionHistory) IsSourceAndSubSourceTypeSame(sourceType constants.SourceType, sourceSubType constants.SourceSubType) bool { return r.SourceType == sourceType && r.SourceSubType == sourceSubType } diff --git a/image-scanner/pubsub/NatSubscription.go b/image-scanner/pubsub/NatSubscription.go index 7c135d230..1ce73415b 100644 --- a/image-scanner/pubsub/NatSubscription.go +++ b/image-scanner/pubsub/NatSubscription.go @@ -18,9 +18,9 @@ package pubsub import ( "encoding/json" + "github.com/devtron-labs/common-lib/imageScan/bean" pubsub1 "github.com/devtron-labs/common-lib/pubsub-lib" "github.com/devtron-labs/common-lib/pubsub-lib/model" - "github.com/devtron-labs/image-scanner/common" "github.com/devtron-labs/image-scanner/pkg/clairService" "go.uber.org/zap" ) @@ -64,7 +64,7 @@ func (impl *NatSubscriptionImpl) Subscribe() error { callback := func(msg *model.PubSubMsg) { impl.Logger.Debugw("received msg", "msg", msg) // defer msg.Ack() - scanConfig := &common.ImageScanEvent{} + scanConfig := &bean.ImageScanEvent{} err := json.Unmarshal([]byte(msg.Data), scanConfig) if err != nil { impl.Logger.Errorw("err in reading msg", "err", err, "msg", string(msg.Data)) @@ -82,7 +82,7 @@ func (impl *NatSubscriptionImpl) Subscribe() error { } var loggerFunc pubsub1.LoggerFunc = func(msg model.PubSubMsg) (string, []interface{}) { - deploymentEvent := &common.ImageScanEvent{} + deploymentEvent := &bean.ImageScanEvent{} err := json.Unmarshal([]byte(msg.Data), &deploymentEvent) if err != nil { return "error while unmarshalling deploymentEvent object", []interface{}{"err", err, "msg", msg.Data} diff --git a/image-scanner/vendor/github.com/devtron-labs/common-lib/constants/constants.go b/image-scanner/vendor/github.com/devtron-labs/common-lib/constants/constants.go index 2b34bf833..26f918e23 100644 --- a/image-scanner/vendor/github.com/devtron-labs/common-lib/constants/constants.go +++ b/image-scanner/vendor/github.com/devtron-labs/common-lib/constants/constants.go @@ -57,3 +57,19 @@ const ( TOPIC = "topic" STATUS = "status" ) + +// multiple history rows for one source event +type SourceType int + +const ( + SourceTypeImage SourceType = 1 + SourceTypeCode SourceType = 2 + SourceTypeSbom SourceType = 3 // can be used in future for direct sbom scanning +) + +type SourceSubType int + +const ( + SourceSubTypeCi SourceSubType = 1 // relevant for ci code(2,1) or ci built image(1,1) + SourceSubTypeManifest SourceSubType = 2 // relevant for devtron app deployment manifest/helm app manifest(2,2) or images retrieved from manifest(1,2)) +) diff --git a/image-scanner/vendor/github.com/devtron-labs/common-lib/imageScan/bean/bean.go b/image-scanner/vendor/github.com/devtron-labs/common-lib/imageScan/bean/bean.go new file mode 100644 index 000000000..b18d694ea --- /dev/null +++ b/image-scanner/vendor/github.com/devtron-labs/common-lib/imageScan/bean/bean.go @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2024. Devtron Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package bean + +import ( + "github.com/devtron-labs/common-lib/constants" + git "github.com/devtron-labs/common-lib/git-manager" +) + +type ManifestData struct { + ChartData []byte `json:"chartData"` + ValuesYaml []byte `json:"valuesYaml"` +} + +type ImageScanEvent struct { + Image string `json:"image"` + ImageDigest string `json:"imageDigest"` + AppId int `json:"appId"` + EnvId int `json:"envId"` + PipelineId int `json:"pipelineId"` + CiArtifactId int `json:"ciArtifactId"` + UserId int `json:"userId"` + AccessKey string `json:"accessKey"` + SecretKey string `json:"secretKey"` + Token string `json:"token"` + AwsRegion string `json:"awsRegion"` + DockerRegistryId string `json:"dockerRegistryId"` + DockerConnection string `json:"dockerConnection"` + DockerCert string `json:"dockerCert"` + CiProjectDetails []git.CiProjectDetails `json:"ciProjectDetails"` + SourceType constants.SourceType `json:"sourceType"` + SourceSubType constants.SourceSubType `json:"sourceSubType"` + CiWorkflowId int `json:"ciWorkflowId"` + CdWorkflowId int `json:"cdWorkflowId"` + ChartHistoryId int `json:"chartHistoryId"` + ManifestData *ManifestData `json:"manifestData"` + ReScan bool `json:"reScan"` +} + +func (r *ImageScanEvent) IsManifest() bool { + return r.SourceType == constants.SourceTypeCode && r.SourceSubType == constants.SourceSubTypeManifest +} + +func (r *ImageScanEvent) IsImageFromManifest() bool { + return r.SourceType == constants.SourceTypeImage && r.SourceSubType == constants.SourceSubTypeManifest +} + +func (r *ImageScanEvent) IsBuiltImage() bool { + return r.SourceType == constants.SourceTypeImage && r.SourceSubType == constants.SourceSubTypeCi +} diff --git a/image-scanner/vendor/modules.txt b/image-scanner/vendor/modules.txt index 1d3ab5179..110a17931 100644 --- a/image-scanner/vendor/modules.txt +++ b/image-scanner/vendor/modules.txt @@ -72,11 +72,12 @@ github.com/cespare/xxhash/v2 github.com/coreos/clair/api/v3/clairpb github.com/coreos/clair/database github.com/coreos/clair/ext/versionfmt -# github.com/devtron-labs/common-lib v0.19.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib v0.19.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 ## explicit; go 1.21 github.com/devtron-labs/common-lib/constants github.com/devtron-labs/common-lib/git-manager github.com/devtron-labs/common-lib/git-manager/util +github.com/devtron-labs/common-lib/imageScan/bean github.com/devtron-labs/common-lib/middlewares github.com/devtron-labs/common-lib/monitoring github.com/devtron-labs/common-lib/monitoring/pprof @@ -438,4 +439,4 @@ google.golang.org/protobuf/types/known/wrapperspb # mellium.im/sasl v0.3.1 ## explicit; go 1.18 mellium.im/sasl -# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 diff --git a/kubelink/go.mod b/kubelink/go.mod index 21c9568ef..0f2695763 100644 --- a/kubelink/go.mod +++ b/kubelink/go.mod @@ -177,7 +177,7 @@ require ( ) replace ( - github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b + github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 go.opentelemetry.io/otel/metric => go.opentelemetry.io/otel/metric v1.18.0 // https://github.com/kubernetes/kubernetes/issues/79384#issuecomment-505627280 k8s.io/api => k8s.io/api v0.29.0 diff --git a/kubelink/go.sum b/kubelink/go.sum index ffef900fb..01cffb683 100644 --- a/kubelink/go.sum +++ b/kubelink/go.sum @@ -79,8 +79,8 @@ github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b h1:0Mua8RfGFNDbaAprezc6NM5TnQdNbqo+qMVtbERx6Yg= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 h1:0nYnqC8SuDbXJY9vfC6Wg4xMgsmCi2s+d57SpoRfJ84= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/distribution/distribution/v3 v3.0.0-beta.1 h1:X+ELTxPuZ1Xe5MsD3kp2wfGUhc8I+MPfRis8dZ818Ic= diff --git a/kubelink/vendor/github.com/devtron-labs/common-lib/constants/constants.go b/kubelink/vendor/github.com/devtron-labs/common-lib/constants/constants.go index 2b34bf833..26f918e23 100644 --- a/kubelink/vendor/github.com/devtron-labs/common-lib/constants/constants.go +++ b/kubelink/vendor/github.com/devtron-labs/common-lib/constants/constants.go @@ -57,3 +57,19 @@ const ( TOPIC = "topic" STATUS = "status" ) + +// multiple history rows for one source event +type SourceType int + +const ( + SourceTypeImage SourceType = 1 + SourceTypeCode SourceType = 2 + SourceTypeSbom SourceType = 3 // can be used in future for direct sbom scanning +) + +type SourceSubType int + +const ( + SourceSubTypeCi SourceSubType = 1 // relevant for ci code(2,1) or ci built image(1,1) + SourceSubTypeManifest SourceSubType = 2 // relevant for devtron app deployment manifest/helm app manifest(2,2) or images retrieved from manifest(1,2)) +) diff --git a/kubelink/vendor/github.com/devtron-labs/common-lib/utils/k8s/K8sUtil.go b/kubelink/vendor/github.com/devtron-labs/common-lib/utils/k8s/K8sUtil.go index e243148d0..f3adf4a53 100644 --- a/kubelink/vendor/github.com/devtron-labs/common-lib/utils/k8s/K8sUtil.go +++ b/kubelink/vendor/github.com/devtron-labs/common-lib/utils/k8s/K8sUtil.go @@ -337,6 +337,7 @@ func (impl *K8sServiceImpl) GetNsIfExists(namespace string, client *v12.CoreV1Cl //ns, err := impl.k8sClient.CoreV1().Namespaces().Get(namespace, metav1.GetOptions{}) impl.logger.Debugw("ns fetch", "name", namespace, "res", ns) if errors.IsNotFound(err) { + impl.logger.Debugw("namespace not found", "name", namespace, "err", err) return nil, false, nil } else if err != nil { impl.logger.Errorw("error in checking if ns exist", "err", err) diff --git a/kubelink/vendor/modules.txt b/kubelink/vendor/modules.txt index cd8cbf252..094423a67 100644 --- a/kubelink/vendor/modules.txt +++ b/kubelink/vendor/modules.txt @@ -127,7 +127,7 @@ github.com/cyphar/filepath-securejoin # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/devtron-labs/common-lib v0.0.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib v0.0.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 ## explicit; go 1.21 github.com/devtron-labs/common-lib/async github.com/devtron-labs/common-lib/constants @@ -1353,7 +1353,7 @@ sigs.k8s.io/structured-merge-diff/v4/value # sigs.k8s.io/yaml v1.3.0 ## explicit; go 1.12 sigs.k8s.io/yaml -# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 # go.opentelemetry.io/otel/metric => go.opentelemetry.io/otel/metric v1.18.0 # k8s.io/api => k8s.io/api v0.29.0 # k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.29.0 diff --git a/kubewatch/go.mod b/kubewatch/go.mod index 56239650b..ad4dfc512 100644 --- a/kubewatch/go.mod +++ b/kubewatch/go.mod @@ -245,4 +245,4 @@ replace ( k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.29.7 ) -replace github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +replace github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 diff --git a/kubewatch/go.sum b/kubewatch/go.sum index 45032b926..ea4c11c61 100644 --- a/kubewatch/go.sum +++ b/kubewatch/go.sum @@ -719,8 +719,8 @@ github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b h1:0Mua8RfGFNDbaAprezc6NM5TnQdNbqo+qMVtbERx6Yg= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 h1:0nYnqC8SuDbXJY9vfC6Wg4xMgsmCi2s+d57SpoRfJ84= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= diff --git a/kubewatch/vendor/github.com/devtron-labs/common-lib/constants/constants.go b/kubewatch/vendor/github.com/devtron-labs/common-lib/constants/constants.go index 2b34bf833..26f918e23 100644 --- a/kubewatch/vendor/github.com/devtron-labs/common-lib/constants/constants.go +++ b/kubewatch/vendor/github.com/devtron-labs/common-lib/constants/constants.go @@ -57,3 +57,19 @@ const ( TOPIC = "topic" STATUS = "status" ) + +// multiple history rows for one source event +type SourceType int + +const ( + SourceTypeImage SourceType = 1 + SourceTypeCode SourceType = 2 + SourceTypeSbom SourceType = 3 // can be used in future for direct sbom scanning +) + +type SourceSubType int + +const ( + SourceSubTypeCi SourceSubType = 1 // relevant for ci code(2,1) or ci built image(1,1) + SourceSubTypeManifest SourceSubType = 2 // relevant for devtron app deployment manifest/helm app manifest(2,2) or images retrieved from manifest(1,2)) +) diff --git a/kubewatch/vendor/github.com/devtron-labs/common-lib/utils/k8s/K8sUtil.go b/kubewatch/vendor/github.com/devtron-labs/common-lib/utils/k8s/K8sUtil.go index e243148d0..f3adf4a53 100644 --- a/kubewatch/vendor/github.com/devtron-labs/common-lib/utils/k8s/K8sUtil.go +++ b/kubewatch/vendor/github.com/devtron-labs/common-lib/utils/k8s/K8sUtil.go @@ -337,6 +337,7 @@ func (impl *K8sServiceImpl) GetNsIfExists(namespace string, client *v12.CoreV1Cl //ns, err := impl.k8sClient.CoreV1().Namespaces().Get(namespace, metav1.GetOptions{}) impl.logger.Debugw("ns fetch", "name", namespace, "res", ns) if errors.IsNotFound(err) { + impl.logger.Debugw("namespace not found", "name", namespace, "err", err) return nil, false, nil } else if err != nil { impl.logger.Errorw("error in checking if ns exist", "err", err) diff --git a/kubewatch/vendor/modules.txt b/kubewatch/vendor/modules.txt index 1d095955d..259ee82d6 100644 --- a/kubewatch/vendor/modules.txt +++ b/kubewatch/vendor/modules.txt @@ -211,7 +211,7 @@ github.com/cyphar/filepath-securejoin # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/devtron-labs/common-lib v0.0.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib v0.0.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 ## explicit; go 1.21 github.com/devtron-labs/common-lib/constants github.com/devtron-labs/common-lib/git-manager/util @@ -1753,4 +1753,4 @@ upper.io/db.v3/postgresql # k8s.io/mount-utils => k8s.io/mount-utils v0.29.7 # k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.29.7 # k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.29.7 -# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 diff --git a/lens/go.mod b/lens/go.mod index cdf93625b..dd776c47d 100644 --- a/lens/go.mod +++ b/lens/go.mod @@ -59,4 +59,4 @@ require ( github.com/onsi/gomega v1.18.1 // indirect ) -replace github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +replace github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 diff --git a/lens/go.sum b/lens/go.sum index 494d242fe..51e3bf567 100644 --- a/lens/go.sum +++ b/lens/go.sum @@ -22,8 +22,8 @@ github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWH github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b h1:0Mua8RfGFNDbaAprezc6NM5TnQdNbqo+qMVtbERx6Yg= -github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 h1:0nYnqC8SuDbXJY9vfC6Wg4xMgsmCi2s+d57SpoRfJ84= +github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo= github.com/devtron-labs/protos v0.0.3-0.20240130061723-7b2e12ab0abb h1:CkfQQgZc950/hTPqtQSiHV2RmZgkBLGCzwR02FZYjAU= github.com/devtron-labs/protos v0.0.3-0.20240130061723-7b2e12ab0abb/go.mod h1:pjLjgoa1GzbkOkvbMyP4SAKsaiK7eG6GoQCNauG03JA= github.com/docker/cli v24.0.6+incompatible h1:fF+XCQCgJjjQNIMjzaSmiKJSCcfcXb3TWTcc7GAneOY= diff --git a/lens/vendor/github.com/devtron-labs/common-lib/constants/constants.go b/lens/vendor/github.com/devtron-labs/common-lib/constants/constants.go index 2b34bf833..26f918e23 100644 --- a/lens/vendor/github.com/devtron-labs/common-lib/constants/constants.go +++ b/lens/vendor/github.com/devtron-labs/common-lib/constants/constants.go @@ -57,3 +57,19 @@ const ( TOPIC = "topic" STATUS = "status" ) + +// multiple history rows for one source event +type SourceType int + +const ( + SourceTypeImage SourceType = 1 + SourceTypeCode SourceType = 2 + SourceTypeSbom SourceType = 3 // can be used in future for direct sbom scanning +) + +type SourceSubType int + +const ( + SourceSubTypeCi SourceSubType = 1 // relevant for ci code(2,1) or ci built image(1,1) + SourceSubTypeManifest SourceSubType = 2 // relevant for devtron app deployment manifest/helm app manifest(2,2) or images retrieved from manifest(1,2)) +) diff --git a/lens/vendor/modules.txt b/lens/vendor/modules.txt index 5c437529b..22952a928 100644 --- a/lens/vendor/modules.txt +++ b/lens/vendor/modules.txt @@ -7,7 +7,7 @@ github.com/caarlos0/env # github.com/cespare/xxhash/v2 v2.2.0 ## explicit; go 1.11 github.com/cespare/xxhash/v2 -# github.com/devtron-labs/common-lib v0.0.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib v0.0.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13 ## explicit; go 1.21 github.com/devtron-labs/common-lib/constants github.com/devtron-labs/common-lib/git-manager/util @@ -282,4 +282,4 @@ google.golang.org/protobuf/types/known/timestamppb # mellium.im/sasl v0.3.1 ## explicit; go 1.18 mellium.im/sasl -# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241219031102-d5eb208ee11b +# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241230042545-446c0258ec13