jonny
/
covscanrest
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
102 Commits
18 Branches
0 Tags
786 KiB
 
 
 
 
 
Tree: 7d61509b12
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7d61509b12'
${ noResults }
covscanrest/src/main/java/com/redhat/pctsec/tekton/TaskHandler.java

139 lines
5.3 KiB
Raw Blame History

package com.redhat.pctsec.tekton;
import com.redhat.pctsec.model.RequestType;
import com.redhat.pctsec.model.ScanTask;
import com.redhat.pctsec.model.ScanTaskState;
import io.fabric8.kubernetes.api.model.ConfigMapVolumeSource;
import io.fabric8.kubernetes.api.model.PersistentVolumeClaimVolumeSource;
import io.fabric8.kubernetes.api.model.PodSecurityContext;
import io.fabric8.kubernetes.api.model.PodSecurityContextBuilder;
import io.fabric8.tekton.client.DefaultTektonClient;
import io.fabric8.tekton.client.TektonClient;
import io.fabric8.tekton.client.DefaultTektonClient;
import io.fabric8.tekton.client.TektonClient;
import io.fabric8.tekton.pipeline.v1beta1.*;
import io.quarkus.vertx.ConsumeEvent;
import io.smallrye.common.annotation.Blocking;
import jakarta.inject.Inject;
import org.apache.commons.lang3.RandomStringUtils;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import java.util.ArrayList;
import java.util.List;
public class TaskHandler {
@ConfigProperty(name = "quarkus.openshift.namespace")
String NAMESPACE;
@ConfigProperty(name = "tekton.pipeline.ref")
String PIPELINE_REFERENCE;
@ConfigProperty(name = "tekton.service-account")
String SERVICE_ACCOUNT;
@ConfigProperty(name = "tekton.task.ref")
String TASK_REFERENCE;
@Inject
TektonClient tektonClient;
@ConsumeEvent("tekton")
@Blocking
public ScanTask consume(ScanTask scanTask)
{
switch(scanTask.getScanRequest().getType())
{
case BREW:
scanTask.setTektonRunId(invokeScanTask(scanTask.getScanRequest().brewBuild.buildRef));
scanTask.setState(ScanTaskState.RUNNING);
break;
case PNC:
String repo = scanTask.getScanRequest().pncBuild.SCMURL().toString();
String ref = scanTask.getScanRequest().pncBuild.revision();
scanTask.setTektonRunId(invokeOshScmScanPipeline(repo, ref));
scanTask.setState(ScanTaskState.RUNNING);
break;
case GIT:
scanTask.setTektonRunId(invokeOshScmScanPipeline(scanTask.getScanRequest().git.repo.toString(), scanTask.getScanRequest().git.ref));
scanTask.setState(ScanTaskState.RUNNING);
break;
}
return scanTask;
}
public String invokeScanTask(String buildId) {
// String buildId = "xterm-366-8.el9";
String scanProfile = "snyk-only-unstable";
// random taskrun name generating for now
TaskRun taskRun = new TaskRunBuilder().withNewMetadata().withName("osh-scan-taskrun-" + RandomStringUtils.randomAlphanumeric(8).toLowerCase())
.endMetadata()
.withNewSpec()
.withServiceAccountName(SERVICE_ACCOUNT)
.withNewTaskRef()
.withName(TASK_REFERENCE)
.endTaskRef()
.withParams(
new Param("buildId", new ArrayOrString(buildId)),
new Param("scanProfile", new ArrayOrString(scanProfile)))
.endSpec()
.build();
tektonClient.v1beta1().taskRuns().inNamespace(NAMESPACE).resource(taskRun).create();
return taskRun.getMetadata().getName();
}
public String invokeOshScmScanPipeline(String repo, String ref) {
PodSecurityContext securityContext = new PodSecurityContextBuilder()
.withRunAsNonRoot(true)
.withRunAsUser(65532L)
.build();
WorkspaceBinding sourcesWorkspaceBinding = new WorkspaceBindingBuilder()
.withName("sources")
.withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-sources", null))
.build();
WorkspaceBinding sourceTarsWorkspaceBinding = new WorkspaceBindingBuilder()
.withName("source-tars")
.withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-source-tars", null))
.build();
WorkspaceBinding sslCaDirectoryWorkspaceBinding = new WorkspaceBindingBuilder()
.withName("ssl-ca-directory")
.withConfigMap(new ConfigMapVolumeSource(null, null, "config-trusted-cabundle", null))
.build();
List<WorkspaceBinding> workspaceBindings = new ArrayList<>();
workspaceBindings.add(sourcesWorkspaceBinding);
workspaceBindings.add(sourceTarsWorkspaceBinding);
workspaceBindings.add(sslCaDirectoryWorkspaceBinding);
PipelineRun pipelineRun = new PipelineRunBuilder()
.withNewMetadata().withName("osh-scm-scan-" + RandomStringUtils.randomAlphanumeric(8).toLowerCase()).endMetadata()
.withNewSpec()
.withNewPodTemplate()
.withSecurityContext(securityContext)
.endPodTemplate()
.withServiceAccountName(SERVICE_ACCOUNT)
.withNewPipelineRef().withName(PIPELINE_REFERENCE).endPipelineRef()
.addNewParam().withName("repo-url").withNewValue(repo).endParam()
.addNewParam().withName("revision").withNewValue(ref).endParam()
.withWorkspaces(workspaceBindings)
.endSpec()
.build();
tektonClient.v1beta1().pipelineRuns().inNamespace(NAMESPACE).resource(pipelineRun).create();
return pipelineRun.getMetadata().getName();
}
}