From 5566213fec2ac20d975a08c536991cc1ef556054 Mon Sep 17 00:00:00 2001
From: Jonathan Christison <jochrist@redhat.com>
Date: Fri, 7 Jul 2023 16:01:28 +0100
Subject: [PATCH] Pass parameters though to OSH tekton run

* Alter tekton pipeline/task for from source (haven't done brew builds
  yet)
* Propergate scan options (no validation) it be better to cast to the
  paramMapper and also have paramMapper give the re-parsed mockbuild
  command
---
 .../pipline/osh-client-from-source-pipeline.yaml |  6 ++++++
 .../task/osh-client-from-source.yaml             | 16 +++++-----------
 .../java/com/redhat/pctsec/model/PNCBuild.java   |  5 +++++
 src/main/java/com/redhat/pctsec/model/Scan.java  |  9 +++++++++
 .../com/redhat/pctsec/model/ScanRequest.java     | 10 ++--------
 .../com/redhat/pctsec/model/ScanRequests.java    |  8 ++++++++
 .../com/redhat/pctsec/model/osh/paramMapper.java |  6 ++++++
 .../pctsec/rest/v1alpha1/ScanResource.java       |  3 +++
 .../com/redhat/pctsec/tekton/TaskHandler.java    | 11 ++++++-----
 9 files changed, 50 insertions(+), 24 deletions(-)

diff --git a/k8s/stage/osh-client-tekton/pipline/osh-client-from-source-pipeline.yaml b/k8s/stage/osh-client-tekton/pipline/osh-client-from-source-pipeline.yaml
index f806c12..613023a 100644
--- a/k8s/stage/osh-client-tekton/pipline/osh-client-from-source-pipeline.yaml
+++ b/k8s/stage/osh-client-tekton/pipline/osh-client-from-source-pipeline.yaml
@@ -15,6 +15,10 @@ spec:
     description: The revision or tag
     type: string
 
+  - name: mock-build-params
+    description: The parameters to pass to covscan mock-build
+    type: string
+
   - name: archive-name
     description: The name of the git archive file
     type: string
@@ -77,6 +81,8 @@ spec:
       params:
         - name: targz-file
           value: $(params.archive-name)
+        - name: mock-build-params
+          value: $(params.mock-build-params)
       runAfter:
         - archive
       taskRef:
diff --git a/k8s/stage/osh-client-tekton/task/osh-client-from-source.yaml b/k8s/stage/osh-client-tekton/task/osh-client-from-source.yaml
index aba0eb1..fe8b38d 100644
--- a/k8s/stage/osh-client-tekton/task/osh-client-from-source.yaml
+++ b/k8s/stage/osh-client-tekton/task/osh-client-from-source.yaml
@@ -13,15 +13,10 @@ spec:
     default: "source.tar.gz"
     description: The filename of the tar.gz we'll be uploading to covscan
 
-  - name: scan-profile
+  - name: mock-build-params
     type: string
-    description: The scan profile we will use
-    default: "snyk-only-unstable"
-
-  - name: tarball-build-script
-    type: string
-    description: Parameters to be passed to tarball-build-script
-    default: ":"
+    description: Parameters pushed to mock build
+    default: "-p snyk-only-unstable --tarball-build-script=:"
 
   volumes:
     - name: osh-client-kerb-vol
@@ -72,7 +67,6 @@ spec:
 
       script: |
         #!/bin/bash
-        echo $(params.scan-profile)
-        echo $(params.tarball-build-script)
+        echo $(params.mock-build-params)
         echo $(params.targz-file)
-        covscan mock-build -p $(params.scan-profile) --tarball-build-script=$(params.tarball-build-script) /workspace/source-tars/$(params.targz-file)
+        covscan mock-build $(params.mock-build-params) /workspace/source-tars/$(params.targz-file)
diff --git a/src/main/java/com/redhat/pctsec/model/PNCBuild.java b/src/main/java/com/redhat/pctsec/model/PNCBuild.java
index 9cd91af..ef54558 100644
--- a/src/main/java/com/redhat/pctsec/model/PNCBuild.java
+++ b/src/main/java/com/redhat/pctsec/model/PNCBuild.java
@@ -20,8 +20,10 @@ public class PNCBuild extends BuildType{
 
 
     @Transient
+    @JsonIgnore
     public static final String apiUrl = ConfigProvider.getConfig().getValue("pnc.api-url",String.class);
     @Transient
+    @JsonIgnore
     private static final AltPncService pnc = QuarkusRestClientBuilder.newBuilder().baseUri(URI.create(apiUrl)).build(AltPncService.class);
 
 
@@ -30,6 +32,7 @@ public class PNCBuild extends BuildType{
     PncService pnc;
     */
 
+
     @Transient
     @JsonIgnore
     private Build build;
@@ -40,6 +43,8 @@ public class PNCBuild extends BuildType{
     public PNCBuild() {
         super();
     }
+    @Transient
+    @JsonIgnore
     public Build getBuild() {
         if(build == null)
             build = pnc.getBuild(this.buildRef);
diff --git a/src/main/java/com/redhat/pctsec/model/Scan.java b/src/main/java/com/redhat/pctsec/model/Scan.java
index 2398113..71c7e28 100644
--- a/src/main/java/com/redhat/pctsec/model/Scan.java
+++ b/src/main/java/com/redhat/pctsec/model/Scan.java
@@ -119,4 +119,13 @@ public class Scan {
     public void setScanRequests(ScanRequests scanRequests) {
         this.scanRequests = scanRequests;
     }
+
+    @JsonIgnore
+    @Transient
+    public void propergateOptions(){
+        //In future lets export this scan object as YAML
+        getScanRequests().propergateOptions();
+        String covscanArgs = " --email-to " + this.getEmail() + " --comment \"" + this.productName + "\"";
+        getScanRequests().scanRequests.forEach(sr -> sr.setScanProperties(sr.getScanProperties() + covscanArgs));
+    }
 }
diff --git a/src/main/java/com/redhat/pctsec/model/ScanRequest.java b/src/main/java/com/redhat/pctsec/model/ScanRequest.java
index 24d3ff7..8bc16d3 100644
--- a/src/main/java/com/redhat/pctsec/model/ScanRequest.java
+++ b/src/main/java/com/redhat/pctsec/model/ScanRequest.java
@@ -22,7 +22,7 @@ public class ScanRequest {
     @GeneratedValue
     protected UUID id;
     private String metadata;
-    private String oshScanOptions;
+    //private String oshScanOptions;
 
     public EventBus getBus() {
         return bus;
@@ -58,13 +58,6 @@ public class ScanRequest {
     @JsonInclude(JsonInclude.Include.NON_NULL)
     public Git git;
 
-    public String getOshScanOptions() {
-        return oshScanOptions;
-    }
-
-    public void setOshScanOptions(String oshScanOptions) {
-        this.oshScanOptions = oshScanOptions;
-    }
 
     public String getScanProperties() {
         return scanProperties;
@@ -77,6 +70,7 @@ public class ScanRequest {
     @Column(name="scan_properties")
     public String scanProperties;
     public ScanRequest() {
+
     }
 
     public ScanRequest(BrewBuild brewBuild)
diff --git a/src/main/java/com/redhat/pctsec/model/ScanRequests.java b/src/main/java/com/redhat/pctsec/model/ScanRequests.java
index 4771ba6..35d722f 100644
--- a/src/main/java/com/redhat/pctsec/model/ScanRequests.java
+++ b/src/main/java/com/redhat/pctsec/model/ScanRequests.java
@@ -128,4 +128,12 @@ public class ScanRequests {
     public Set<ScanRequest> getScanRequests() {
         return this.scanRequests;
     }
+
+    @JsonIgnore
+    @Transient
+    public void propergateOptions(){
+        //In future lets export this scan object as YAML
+        //If its empy overwrite with the global options
+        getScanRequests().stream().filter(eso -> eso.getScanProperties() == null).forEach(sr -> sr.setScanProperties(getGlobalScanProperties()));
+    }
 }
diff --git a/src/main/java/com/redhat/pctsec/model/osh/paramMapper.java b/src/main/java/com/redhat/pctsec/model/osh/paramMapper.java
index dc0ed64..32322e6 100644
--- a/src/main/java/com/redhat/pctsec/model/osh/paramMapper.java
+++ b/src/main/java/com/redhat/pctsec/model/osh/paramMapper.java
@@ -32,6 +32,12 @@ public class paramMapper {
             "                                 of a local file")
     private String brewBuild;
 
+    @Option(names = {"--email-to"}, description = "Email address for email repots")
+    private String emailTo;
+
+    @Option(names = {"--comment"}, description = "Comments to add to scan request")
+    private String comment;
+
     public paramMapper(){}
 
     public paramMapper(String params){
diff --git a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java
index ce2a300..a826944 100644
--- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java
+++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java
@@ -61,6 +61,7 @@ public class ScanResource {
     public List<ScanTask> createRunPSSAAS(@Valid pssaas scanRequest)
     {
         Scan s = this.createPSSAAS(scanRequest);
+        s.propergateOptions();
         return s.scanRequests.execute(bus);
     }
 
@@ -93,6 +94,7 @@ public class ScanResource {
     public List<ScanTask> createRunScanChain(@Valid scanChain scanRequest)
     {
         Scan s = this.createScanChain(scanRequest);
+        s.propergateOptions();
         return s.scanRequests.execute(bus);
     }
     @GET
@@ -118,6 +120,7 @@ public class ScanResource {
     public List<ScanTask> scanRequestExe(String id)
     {
         Scan s = sr.findById(UUID.fromString(id));
+        s.propergateOptions();
         return s.scanRequests.execute(bus);
     }
 
diff --git a/src/main/java/com/redhat/pctsec/tekton/TaskHandler.java b/src/main/java/com/redhat/pctsec/tekton/TaskHandler.java
index b240716..8a26960 100644
--- a/src/main/java/com/redhat/pctsec/tekton/TaskHandler.java
+++ b/src/main/java/com/redhat/pctsec/tekton/TaskHandler.java
@@ -46,19 +46,19 @@ public class TaskHandler {
         switch(scanTask.getScanRequest().getType())
         {
         case BREW:
-            scanTask.setTektonRunId(invokeScanTask(scanTask.getScanRequest().brewBuild.buildRef));
+            scanTask.setTektonRunId(invokeScanTask(scanTask.getScanRequest().brewBuild.buildRef, ""));
             scanTask.setState(ScanTaskState.RUNNING);
             break;
 
         case PNC:
             String repo = scanTask.getScanRequest().pncBuild.SCMURL().toString();
             String ref = scanTask.getScanRequest().pncBuild.revision();
-            scanTask.setTektonRunId(invokeOshScmScanPipeline(repo, ref));
+            scanTask.setTektonRunId(invokeOshScmScanPipeline(repo, ref, scanTask.getScanRequest().getScanProperties()));
             scanTask.setState(ScanTaskState.RUNNING);
             break;
 
         case GIT:
-            scanTask.setTektonRunId(invokeOshScmScanPipeline(scanTask.getScanRequest().git.repo.toString(), scanTask.getScanRequest().git.ref));
+            scanTask.setTektonRunId(invokeOshScmScanPipeline(scanTask.getScanRequest().git.repo.toString(), scanTask.getScanRequest().git.ref, scanTask.getScanRequest().getScanProperties()));
             scanTask.setState(ScanTaskState.RUNNING);
             break;
         }
@@ -66,7 +66,7 @@ public class TaskHandler {
         return scanTask;
     }
 
-    public String invokeScanTask(String buildId) {
+    public String invokeScanTask(String buildId, String mockbuildArgs) {
         // String buildId = "xterm-366-8.el9";
         String scanProfile = "snyk-only-unstable";
 
@@ -89,7 +89,7 @@ public class TaskHandler {
         return taskRun.getMetadata().getName();
     }
 
-    public String invokeOshScmScanPipeline(String repo, String ref) {
+    public String invokeOshScmScanPipeline(String repo, String ref, String mockBuildArgs) {
 
         PodSecurityContext securityContext = new PodSecurityContextBuilder()
                 .withRunAsNonRoot(true)
@@ -126,6 +126,7 @@ public class TaskHandler {
                 .withNewPipelineRef().withName(PIPELINE_REFERENCE).endPipelineRef()
                 .addNewParam().withName("repo-url").withNewValue(repo).endParam()
                 .addNewParam().withName("revision").withNewValue(ref).endParam()
+                .addNewParam().withName("mock-build-params").withNewValue(mockBuildArgs).endParam()
                 .withWorkspaces(workspaceBindings)
                 .endSpec()
                 .build();