From b743ef204db5a076250349efed3fe1cf8e80b472 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Mon, 20 Mar 2023 14:48:56 +0100 Subject: [PATCH 01/60] Create test jenkins image --- jenkins/Dockerfile | 5 +++++ jenkins/config.xml | 4 ++++ 2 files changed, 9 insertions(+) create mode 100644 jenkins/Dockerfile create mode 100644 jenkins/config.xml diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile new file mode 100644 index 00000000..bd5fe987 --- /dev/null +++ b/jenkins/Dockerfile @@ -0,0 +1,5 @@ +FROM jenkins/jenkins:2.395-alpine +ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false +# We need to change hpi to jpi +COPY --chown=jenkins:jenkins stackrox-container-image-scanner.hpi /var/jenkins_home/plugins/stackrox-container-image-scanner.jpi +COPY config.xml /var/jenkins_home/ \ No newline at end of file diff --git a/jenkins/config.xml b/jenkins/config.xml new file mode 100644 index 00000000..1a1e213f --- /dev/null +++ b/jenkins/config.xml @@ -0,0 +1,4 @@ + + + true + \ No newline at end of file From 7c51ada7e7b0f97a514ad4cc8dfcdf517225a7e1 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 14:29:39 +0100 Subject: [PATCH 02/60] Add e2e workflow --- .github/workflows/e2e.yml | 55 +++++++++++++++++++ .github/workflows/main.yml | 2 + .../src/main/groovy/RestApiClient.groovy | 8 +-- .../src/main/groovy/util/Config.groovy | 26 +++++++++ .../src/test/groovy/ImageScanningTest.groovy | 4 +- 5 files changed, 90 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/e2e.yml create mode 100644 functionaltest-jenkins-plugin/src/main/groovy/util/Config.groovy diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml new file mode 100644 index 00000000..eb33a7b6 --- /dev/null +++ b/.github/workflows/e2e.yml @@ -0,0 +1,55 @@ +name: E2E + +on: + push: + + +jobs: + build: + runs-on: ubuntu-latest + container: + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.56 + + steps: + - uses: actions/checkout@v3 + - name: Build with Maven + run: cd stackrox-container-image-scanner && ./mvnw -B verify package hpi:hpi cyclonedx:makeAggregateBom + - name: Copy plugin to jenkins + run: cp stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/ + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build jenkins image + uses: docker/build-push-action@v4 + with: + context: jenkins + push: false + tags: jenkins-test + - uses: actions/checkout@v3 + with: + repository: stackrox/stackrox + path: stackrox + - name: Create GKE cluster + id: create-cluster + env: + GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${secretes.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX} + run: | + cd stackrox + source "scripts/ci/gke.sh" + provision_gke_cluster + wait_for_cluster + MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh + pass=$(cat deploy/k8s/central-deploy/password) + echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT + - name: Run jenkins + run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test + - name: Run tests + env: + ROX_PASSWORD: ${{ steps.create-cluster.outputs.ROX_PASSWORD }}" + ROX_ENDPOINT: https://localhost:8000 + JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 + run: make -C functionaltest-jenkins-plugin tests + - name: Teardown GKE cluster + if: always() + run: | + source "stackrox/scripts/ci/gke.sh" + teardown_gke_cluster diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e1935fae..99060a1e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,6 +19,8 @@ jobs: distribution: 'temurin' java-version: '8' cache: 'maven' + - name: Check style + run: make -C functionaltest-jenkins-plugin style - name: Build with Maven run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi cyclonedx:makeAggregateBom - uses: release-drafter/release-drafter@v5 diff --git a/functionaltest-jenkins-plugin/src/main/groovy/RestApiClient.groovy b/functionaltest-jenkins-plugin/src/main/groovy/RestApiClient.groovy index d9a28071..0c5a062f 100644 --- a/functionaltest-jenkins-plugin/src/main/groovy/RestApiClient.groovy +++ b/functionaltest-jenkins-plugin/src/main/groovy/RestApiClient.groovy @@ -10,6 +10,8 @@ import com.stackrox.model.StoragePolicy import com.stackrox.model.V1GenerateTokenRequest import com.stackrox.model.V1Metadata +import util.Config + @CompileStatic class RestApiClient { @@ -18,13 +20,11 @@ class RestApiClient { ApiTokenServiceApi tokenApi RestApiClient() { - def env = System.getenv() - OkHttpClient client = UnsafeOkHttpClient.getUnsafeOkHttpClient() ApiClient apiClient = new ApiClient(client) - apiClient.setBasePath("https://localhost:8000") + apiClient.setBasePath(Config.roxEndpoint) apiClient.setUsername("admin") - apiClient.setPassword(env['ROX_PASSWORD']) + apiClient.setPassword(Config.roxPassword) policyServiceApi = new PolicyServiceApi(apiClient) metadataApi = new MetadataServiceApi(apiClient) diff --git a/functionaltest-jenkins-plugin/src/main/groovy/util/Config.groovy b/functionaltest-jenkins-plugin/src/main/groovy/util/Config.groovy new file mode 100644 index 00000000..0f964593 --- /dev/null +++ b/functionaltest-jenkins-plugin/src/main/groovy/util/Config.groovy @@ -0,0 +1,26 @@ +package util + +import groovy.transform.CompileStatic + +@CompileStatic +class Config { + static String getCentralUri() { + return getEnv("JENKINS_ROX_ENDPOINT") + } + + static String getRoxEndpoint() { + return getEnv("ROX_ENDPOINT") + } + + static String getRoxPassword() { + return getEnv("ROX_PASSWORD") + } + + static String getEnv(String name) { + String val = System.getenv(name) + if (val == null) { + throw new IllegalArgumentException(name + " is not specified!") + } + return val + } +} diff --git a/functionaltest-jenkins-plugin/src/test/groovy/ImageScanningTest.groovy b/functionaltest-jenkins-plugin/src/test/groovy/ImageScanningTest.groovy index 74ca7796..98eb22da 100644 --- a/functionaltest-jenkins-plugin/src/test/groovy/ImageScanningTest.groovy +++ b/functionaltest-jenkins-plugin/src/test/groovy/ImageScanningTest.groovy @@ -13,11 +13,13 @@ import com.stackrox.model.StorageListPolicy import com.stackrox.model.StoragePolicy import com.stackrox.model.StoragePolicyFields +import util.Config + import spock.lang.Unroll class ImageScanningTest extends BaseSpecification { - protected static final String CENTRAL_URI = "https://central.stackrox:443" + protected static final String CENTRAL_URI = Config.centralUri @Unroll def "image scanning test with toggle enforcement(#imageName, #policyName, #enforcements, #endStatus)"() { From ffd53c38b9f250d612cbfaeb1b7836ec5ca0f3c1 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 14:39:15 +0100 Subject: [PATCH 03/60] Fixes for java 9+ --- .github/workflows/e2e.yml | 12 ++++++++++++ .../plugins/ViewStackroxResultsActionTest.java | 2 +- .../jenkins/plugins/jenkins/RunConfigTest.java | 2 +- .../jenkins/plugins/report/ReportGeneratorTest.java | 2 +- .../plugins/services/ApiClientFactoryTest.java | 2 +- .../plugins/services/DetectionServiceTest.java | 2 +- .../jenkins/plugins/services/ImageServiceTest.java | 2 +- .../plugins/services/ServiceExceptionTest.java | 2 +- 8 files changed, 19 insertions(+), 7 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index eb33a7b6..c2e3260c 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -12,6 +12,18 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Cache Gradle Dependencies + uses: actions/cache@v2 + with: + path: | + ~/.gradle/caches + ~/.gradle/wrapper + ~/.m2/repository + key: gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}-${{ github.job }} + restore-keys: | + gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}-${{ github.job }} + gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}- + gradle-v2- - name: Build with Maven run: cd stackrox-container-image-scanner && ./mvnw -B verify package hpi:hpi cyclonedx:makeAggregateBom - name: Copy plugin to jenkins diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/ViewStackroxResultsActionTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/ViewStackroxResultsActionTest.java index 3378b30e..ea7556d9 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/ViewStackroxResultsActionTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/ViewStackroxResultsActionTest.java @@ -15,7 +15,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; -class ViewStackroxResultsActionTest { +public class ViewStackroxResultsActionTest { @MethodSource @DisplayName("getUrl/DisplayName should return joined and escaped image names") @ParameterizedTest(name = "{0}") diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/jenkins/RunConfigTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/jenkins/RunConfigTest.java index 8a3672b3..d5380f5e 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/jenkins/RunConfigTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/jenkins/RunConfigTest.java @@ -20,7 +20,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -class RunConfigTest { +public class RunConfigTest { @TempDir Path folder; diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/report/ReportGeneratorTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/report/ReportGeneratorTest.java index 95cb0ead..597466e1 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/report/ReportGeneratorTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/report/ReportGeneratorTest.java @@ -42,7 +42,7 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.io.TempDir; -class ReportGeneratorTest { +public class ReportGeneratorTest { @TempDir Path folder; diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ApiClientFactoryTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ApiClientFactoryTest.java index a03325ae..98db814f 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ApiClientFactoryTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ApiClientFactoryTest.java @@ -26,7 +26,7 @@ import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.CsvSource; -class ApiClientFactoryTest { +public class ApiClientFactoryTest { private final static String KEY_STORE_PATH = Paths.get("src", "test", "resources", "cert", "localhost.jks").toString(); private final static String KEY_STORE_PASSWORD = "password"; diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/DetectionServiceTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/DetectionServiceTest.java index a93b5f30..faecfeb8 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/DetectionServiceTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/DetectionServiceTest.java @@ -25,7 +25,7 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -class DetectionServiceTest extends AbstractServiceTest { +public class DetectionServiceTest extends AbstractServiceTest { private static final List FAIL_BUILD_ENFORCEMENTS = ImmutableList.of(FAIL_BUILD_ENFORCEMENT); diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ImageServiceTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ImageServiceTest.java index bfd4cbe2..b1d85714 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ImageServiceTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ImageServiceTest.java @@ -27,7 +27,7 @@ import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.ValueSource; -class ImageServiceTest extends AbstractServiceTest { +public class ImageServiceTest extends AbstractServiceTest { private ImageService imageService; diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ServiceExceptionTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ServiceExceptionTest.java index 64da0c80..a4fb16d3 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ServiceExceptionTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ServiceExceptionTest.java @@ -8,7 +8,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; -class ServiceExceptionTest { +public class ServiceExceptionTest { @DisplayName("ServiceException message") @ParameterizedTest(name = "should be \"{2}\" when response body \"{0}\"") From 5a3e49dc8a3c44642bd363dc478c9df62520d4d5 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 14:50:57 +0100 Subject: [PATCH 04/60] Do not run unit tests in e2e --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index c2e3260c..9d542470 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -25,7 +25,7 @@ jobs: gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}- gradle-v2- - name: Build with Maven - run: cd stackrox-container-image-scanner && ./mvnw -B verify package hpi:hpi cyclonedx:makeAggregateBom + run: cd stackrox-container-image-scanner && ./mvnw -B hpi:hpi - name: Copy plugin to jenkins run: cp stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/ - name: Set up Docker Buildx From 3ddbc5e2cd7c3c1a39721d6731fe160aba9ec201 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 14:58:49 +0100 Subject: [PATCH 05/60] run pacakge --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 9d542470..d8052885 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -25,7 +25,7 @@ jobs: gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}- gradle-v2- - name: Build with Maven - run: cd stackrox-container-image-scanner && ./mvnw -B hpi:hpi + run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi - name: Copy plugin to jenkins run: cp stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/ - name: Set up Docker Buildx From 464f1345cba4b58bc18d3515149526f3e047764c Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 15:01:30 +0100 Subject: [PATCH 06/60] skip license --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index d8052885..59d3d47f 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -25,7 +25,7 @@ jobs: gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}- gradle-v2- - name: Build with Maven - run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi + run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi -Dlicense.skip=true - name: Copy plugin to jenkins run: cp stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/ - name: Set up Docker Buildx From 2eb59be4aa70856a3241ec8901ccf678789d2545 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 15:50:35 +0100 Subject: [PATCH 07/60] Downgrade java --- .github/workflows/e2e.yml | 6 +- .../.mvn/wrapper/maven-wrapper.properties | 4 +- stackrox-container-image-scanner/mvnw | 414 ++++++++---------- stackrox-container-image-scanner/mvnw.cmd | 282 +++++------- 4 files changed, 310 insertions(+), 396 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 59d3d47f..7cafb75c 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -24,8 +24,12 @@ jobs: gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}-${{ github.job }} gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}- gradle-v2- + - name: Downgrade java + run: | + dnf -y install java-11-openjdk-devel + alternatives --config java <<< '2' - name: Build with Maven - run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi -Dlicense.skip=true + run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi - name: Copy plugin to jenkins run: cp stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/ - name: Set up Docker Buildx diff --git a/stackrox-container-image-scanner/.mvn/wrapper/maven-wrapper.properties b/stackrox-container-image-scanner/.mvn/wrapper/maven-wrapper.properties index dc3affce..6f40a26e 100644 --- a/stackrox-container-image-scanner/.mvn/wrapper/maven-wrapper.properties +++ b/stackrox-container-image-scanner/.mvn/wrapper/maven-wrapper.properties @@ -6,7 +6,7 @@ # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # -# https://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an @@ -15,4 +15,4 @@ # specific language governing permissions and limitations # under the License. distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip -wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar +wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar diff --git a/stackrox-container-image-scanner/mvnw b/stackrox-container-image-scanner/mvnw index b7f06462..633bbb74 100755 --- a/stackrox-container-image-scanner/mvnw +++ b/stackrox-container-image-scanner/mvnw @@ -19,269 +19,221 @@ # ---------------------------------------------------------------------------- # ---------------------------------------------------------------------------- -# Apache Maven Wrapper startup batch script, version 3.1.1 -# -# Required ENV vars: -# ------------------ -# JAVA_HOME - location of a JDK home dir +# Apache Maven Wrapper startup batch script, version 3.2.0 # # Optional ENV vars # ----------------- -# MAVEN_OPTS - parameters passed to the Java VM when running Maven -# e.g. to debug Maven itself, use -# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 -# MAVEN_SKIP_RC - flag to disable loading of mavenrc files +# JAVA_HOME - location of a JDK home dir, required when download maven via java source +# MVNW_REPOURL - repo url base for downloading maven distribution +# MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +# MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output # ---------------------------------------------------------------------------- -if [ -z "$MAVEN_SKIP_RC" ] ; then - - if [ -f /usr/local/etc/mavenrc ] ; then - . /usr/local/etc/mavenrc - fi - - if [ -f /etc/mavenrc ] ; then - . /etc/mavenrc - fi - - if [ -f "$HOME/.mavenrc" ] ; then - . "$HOME/.mavenrc" - fi - -fi +set -euf +[ "${MVNW_VERBOSE-}" != debug ] || set -x -# OS specific support. $var _must_ be set to either true or false. -cygwin=false; -darwin=false; -mingw=false -case "`uname`" in - CYGWIN*) cygwin=true ;; - MINGW*) mingw=true;; - Darwin*) darwin=true - # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home - # See https://developer.apple.com/library/mac/qa/qa1170/_index.html - if [ -z "$JAVA_HOME" ]; then - if [ -x "/usr/libexec/java_home" ]; then - JAVA_HOME="`/usr/libexec/java_home`"; export JAVA_HOME - else - JAVA_HOME="/Library/Java/Home"; export JAVA_HOME - fi - fi - ;; +# OS specific support. +native_path() { printf %s\\n "$1"; } +case "$(uname)" in +(CYGWIN*|MINGW*) [ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")" + native_path() { cygpath --path --windows "$1"; } ;; esac -if [ -z "$JAVA_HOME" ] ; then - if [ -r /etc/gentoo-release ] ; then - JAVA_HOME=`java-config --jre-home` - fi -fi - -# For Cygwin, ensure paths are in UNIX format before anything is touched -if $cygwin ; then - [ -n "$JAVA_HOME" ] && - JAVA_HOME=`cygpath --unix "$JAVA_HOME"` - [ -n "$CLASSPATH" ] && - CLASSPATH=`cygpath --path --unix "$CLASSPATH"` -fi - -# For Mingw, ensure paths are in UNIX format before anything is touched -if $mingw ; then - [ -n "$JAVA_HOME" ] && - JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" -fi - -if [ -z "$JAVA_HOME" ]; then - javaExecutable="`which javac`" - if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then - # readlink(1) is not available as standard on Solaris 10. - readLink=`which readlink` - if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then - if $darwin ; then - javaHome="`dirname \"$javaExecutable\"`" - javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" - else - javaExecutable="`readlink -f \"$javaExecutable\"`" - fi - javaHome="`dirname \"$javaExecutable\"`" - javaHome=`expr "$javaHome" : '\(.*\)/bin'` - JAVA_HOME="$javaHome" - export JAVA_HOME - fi - fi -fi - -if [ -z "$JAVACMD" ] ; then - if [ -n "$JAVA_HOME" ] ; then +# set JAVACMD and JAVACCMD +set_java_home() { + # For Cygwin and MinGW, ensure paths are in Unix format before anything is touched + if [ -n "${JAVA_HOME-}" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then # IBM's JDK on AIX uses strange locations for the executables JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACCMD="$JAVA_HOME/jre/sh/javac" else JAVACMD="$JAVA_HOME/bin/java" + JAVACCMD="$JAVA_HOME/bin/javac" + + if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ] ; then + echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2 + echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2 + return 1 + fi fi else - JAVACMD="`\\unset -f command; \\command -v java`" - fi -fi - -if [ ! -x "$JAVACMD" ] ; then - echo "Error: JAVA_HOME is not defined correctly." >&2 - echo " We cannot execute $JAVACMD" >&2 - exit 1 -fi - -if [ -z "$JAVA_HOME" ] ; then - echo "Warning: JAVA_HOME environment variable is not set." -fi + JAVACMD="$('set' +e; 'unset' -f command 2>/dev/null; 'command' -v java)" || : + JAVACCMD="$('set' +e; 'unset' -f command 2>/dev/null; 'command' -v javac)" || : -# traverses directory structure from process work directory to filesystem root -# first directory with .mvn subdirectory is considered project base directory -find_maven_basedir() { - if [ -z "$1" ] - then - echo "Path not specified to find_maven_basedir" - return 1 + if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ] ; then + echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2 + return 1 + fi fi +} - basedir="$1" - wdir="$1" - while [ "$wdir" != '/' ] ; do - if [ -d "$wdir"/.mvn ] ; then - basedir=$wdir - break - fi - # workaround for JBEAP-8937 (on Solaris 10/Sparc) - if [ -d "${wdir}" ]; then - wdir=`cd "$wdir/.."; pwd` - fi - # end of workaround +# hash string like Java String::hashCode +hash_string() { + str="${1:-}" h=0 + while [ -n "$str" ]; do + h=$(( ( h * 31 + $(LC_CTYPE=C printf %d "'$str") ) % 4294967296 )) + str="${str#?}" done - printf '%s' "$(cd "$basedir"; pwd)" + printf %x\\n $h } -# concatenates all lines of a file -concat_lines() { - if [ -f "$1" ]; then - echo "$(tr -s '\n' ' ' < "$1")" - fi +verbose() { :; } +[ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; } + +die() { + printf %s\\n "$1" >&2 + exit 1 } -BASE_DIR=$(find_maven_basedir "$(dirname $0)") -if [ -z "$BASE_DIR" ]; then - exit 1; -fi +# parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties +while IFS="=" read -r key value; do + case "${key-}" in + distributionUrl) distributionUrl="${value-}" ;; + distributionSha256Sum) distributionSha256Sum="${value-}" ;; + esac +done < "${0%/*}/.mvn/wrapper/maven-wrapper.properties" +[ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in ${0%/*}/.mvn/wrapper/maven-wrapper.properties" + + +case "${distributionUrl##*/}" in +(maven-mvnd-*bin.*) + MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ + case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in + (*AMD64:CYGWIN*|*AMD64:MINGW*) distributionPlatform=windows-amd64 ;; + (:Darwin*x86_64) distributionPlatform=darwin-amd64 ;; + (:Darwin*arm64) distributionPlatform=darwin-aarch64 ;; + (:Linux*x86_64*) distributionPlatform=linux-amd64 ;; + (*) echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2 + distributionPlatform=linux-amd64 + ;; + esac + distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip" + ;; +(maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;; +(*) MVN_CMD="mvn${0##*/mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;; +esac -MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}; export MAVEN_PROJECTBASEDIR -if [ "$MVNW_VERBOSE" = true ]; then - echo $MAVEN_PROJECTBASEDIR +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +[ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}" +distributionUrlName="${distributionUrl##*/}" +distributionUrlNameMain="${distributionUrlName%.*}" +distributionUrlNameMain="${distributionUrlNameMain%-bin}" +MAVEN_HOME="$HOME/.m2/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")" + +exec_maven() { + unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || : + exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD" +} + +if [ -d "$MAVEN_HOME" ]; then + verbose "found existing MAVEN_HOME at $MAVEN_HOME" + exec_maven "$@" fi -########################################################################################## -# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central -# This allows using the maven wrapper in projects that prohibit checking in binary data. -########################################################################################## -if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then - if [ "$MVNW_VERBOSE" = true ]; then - echo "Found .mvn/wrapper/maven-wrapper.jar" - fi +case "${distributionUrl-}" in +(*?-bin.zip|*?maven-mvnd-?*-?*.zip) ;; +(*) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;; +esac + +# prepare tmp dir +if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then + clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; } + trap clean HUP INT TERM EXIT else - if [ "$MVNW_VERBOSE" = true ]; then - echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." - fi - if [ -n "$MVNW_REPOURL" ]; then - wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" - else - wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" - fi - while IFS="=" read key value; do - case "$key" in (wrapperUrl) wrapperUrl="$value"; break ;; - esac - done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" - if [ "$MVNW_VERBOSE" = true ]; then - echo "Downloading from: $wrapperUrl" - fi - wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" - if $cygwin; then - wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"` - fi + die "cannot create temp dir" +fi - if command -v wget > /dev/null; then - QUIET="--quiet" - if [ "$MVNW_VERBOSE" = true ]; then - echo "Found wget ... using wget" - QUIET="" - fi - if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then - wget $QUIET "$wrapperUrl" -O "$wrapperJarPath" - else - wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath" - fi - [ $? -eq 0 ] || rm -f "$wrapperJarPath" - elif command -v curl > /dev/null; then - QUIET="--silent" - if [ "$MVNW_VERBOSE" = true ]; then - echo "Found curl ... using curl" - QUIET="" - fi - if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then - curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L - else - curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L - fi - [ $? -eq 0 ] || rm -f "$wrapperJarPath" - else - if [ "$MVNW_VERBOSE" = true ]; then - echo "Falling back to using Java to download" - fi - javaSource="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" - javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" - # For Cygwin, switch paths to Windows format before running javac - if $cygwin; then - javaSource=`cygpath --path --windows "$javaSource"` - javaClass=`cygpath --path --windows "$javaClass"` - fi - if [ -e "$javaSource" ]; then - if [ ! -e "$javaClass" ]; then - if [ "$MVNW_VERBOSE" = true ]; then - echo " - Compiling MavenWrapperDownloader.java ..." - fi - # Compiling the Java class - ("$JAVA_HOME/bin/javac" "$javaSource") - fi - if [ -e "$javaClass" ]; then - # Running the downloader - if [ "$MVNW_VERBOSE" = true ]; then - echo " - Running MavenWrapperDownloader.java ..." - fi - ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR") - fi - fi - fi +mkdir -p -- "${MAVEN_HOME%/*}" + +# Download and Install Apache Maven +verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +verbose "Downloading from: $distributionUrl" +verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +# select .zip or .tar.gz +if ! command -v unzip >/dev/null; then + distributionUrl="${distributionUrl%.zip}.tar.gz" + distributionUrlName="${distributionUrl##*/}" fi -########################################################################################## -# End of extension -########################################################################################## -MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" +# verbose opt +__MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR='' +[ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v + +# normalize http auth +case "${MVNW_PASSWORD:+has-password}" in +'') MVNW_USERNAME='' MVNW_PASSWORD='' ;; +has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;; +esac -# For Cygwin, switch paths to Windows format before running java -if $cygwin; then - [ -n "$JAVA_HOME" ] && - JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` - [ -n "$CLASSPATH" ] && - CLASSPATH=`cygpath --path --windows "$CLASSPATH"` - [ -n "$MAVEN_PROJECTBASEDIR" ] && - MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` +if [ -z "${MVNW_USERNAME-}" ] && command -v wget > /dev/null; then + verbose "Found wget ... using wget" + wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" +elif [ -z "${MVNW_USERNAME-}" ] && command -v curl > /dev/null; then + verbose "Found curl ... using curl" + curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" +elif set_java_home; then + verbose "Falling back to use Java to download" + javaSource="$TMP_DOWNLOAD_DIR/Downloader.java" + targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName" + cat > "$javaSource" <<-END + public class Downloader extends java.net.Authenticator + { + protected java.net.PasswordAuthentication getPasswordAuthentication() + { + return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() ); + } + public static void main( String[] args ) throws Exception + { + setDefault( new Downloader() ); + java.nio.file.Files.copy( new java.net.URL( args[0] ).openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() ); + } + } + END + # For Cygwin/MinGW, switch paths to Windows format before running javac and java + verbose " - Compiling Downloader.java ..." + "$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" + verbose " - Running Downloader.java ..." + "$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")" fi -# Provide a "standardized" way to retrieve the CLI args that will -# work with both Windows and non-Windows executions. -MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" -export MAVEN_CMD_LINE_ARGS +# If specified, validate the SHA-256 sum of the Maven distribution zip file +if [ -n "${distributionSha256Sum-}" ]; then + distributionSha256Result=false + if [ "$MVN_CMD" = mvnd.sh ]; then + echo "Checksum validation is not supported for maven-mvnd." >&2 + echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + elif command -v sha256sum > /dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c > /dev/null 2>&1; then + distributionSha256Result=true + fi + elif command -v shasum > /dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c > /dev/null 2>&1; then + distributionSha256Result=true + fi + else + echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2 + echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + fi + if [ $distributionSha256Result = false ]; then + echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2 + echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2 + exit 1 + fi +fi -WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain +# unzip and move +if command -v unzip > /dev/null; then + unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" +else + tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" +fi +printf %s\\n "$distributionUrl" > "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/mvnw.url" +mv -- "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME" -exec "$JAVACMD" \ - $MAVEN_OPTS \ - $MAVEN_DEBUG_OPTS \ - -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ - "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ - ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" +clean || : +exec_maven "$@" diff --git a/stackrox-container-image-scanner/mvnw.cmd b/stackrox-container-image-scanner/mvnw.cmd index 474c9d6b..97aaed6f 100644 --- a/stackrox-container-image-scanner/mvnw.cmd +++ b/stackrox-container-image-scanner/mvnw.cmd @@ -1,3 +1,4 @@ +<# : batch portion @REM ---------------------------------------------------------------------------- @REM Licensed to the Apache Software Foundation (ASF) under one @REM or more contributor license agreements. See the NOTICE file @@ -18,170 +19,127 @@ @REM ---------------------------------------------------------------------------- @REM ---------------------------------------------------------------------------- -@REM Apache Maven Wrapper startup batch script, version 3.1.1 -@REM -@REM Required ENV vars: -@REM JAVA_HOME - location of a JDK home dir +@REM Apache Maven Wrapper startup batch script, version 3.2.0 @REM @REM Optional ENV vars -@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands -@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending -@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven -@REM e.g. to debug Maven itself, use -@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 -@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files +@REM MVNW_REPOURL - repo url base for downloading maven distribution +@REM MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +@REM MVNW_VERBOSE - true: enable verbose log; others: silence the output @REM ---------------------------------------------------------------------------- -@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' -@echo off -@REM set title of command window -title %0 -@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' -@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% - -@REM set %HOME% to equivalent of $HOME -if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") - -@REM Execute a user defined script before this one -if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre -@REM check for pre script, once with legacy .bat ending and once with .cmd ending -if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %* -if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %* -:skipRcPre - -@setlocal - -set ERROR_CODE=0 - -@REM To isolate internal variables from possible post scripts, we use another setlocal -@setlocal - -@REM ==== START VALIDATION ==== -if not "%JAVA_HOME%" == "" goto OkJHome - -echo. -echo Error: JAVA_HOME not found in your environment. >&2 -echo Please set the JAVA_HOME variable in your environment to match the >&2 -echo location of your Java installation. >&2 -echo. -goto error - -:OkJHome -if exist "%JAVA_HOME%\bin\java.exe" goto init - -echo. -echo Error: JAVA_HOME is set to an invalid directory. >&2 -echo JAVA_HOME = "%JAVA_HOME%" >&2 -echo Please set the JAVA_HOME variable in your environment to match the >&2 -echo location of your Java installation. >&2 -echo. -goto error - -@REM ==== END VALIDATION ==== - -:init - -@REM Find the project base dir, i.e. the directory that contains the folder ".mvn". -@REM Fallback to current working directory if not found. - -set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% -IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir - -set EXEC_DIR=%CD% -set WDIR=%EXEC_DIR% -:findBaseDir -IF EXIST "%WDIR%"\.mvn goto baseDirFound -cd .. -IF "%WDIR%"=="%CD%" goto baseDirNotFound -set WDIR=%CD% -goto findBaseDir - -:baseDirFound -set MAVEN_PROJECTBASEDIR=%WDIR% -cd "%EXEC_DIR%" -goto endDetectBaseDir - -:baseDirNotFound -set MAVEN_PROJECTBASEDIR=%EXEC_DIR% -cd "%EXEC_DIR%" - -:endDetectBaseDir - -IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig - -@setlocal EnableExtensions EnableDelayedExpansion -for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a -@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% - -:endReadAdditionalConfig - -SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" -set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" -set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain - -set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" - -FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( - IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B -) - -@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central -@REM This allows using the maven wrapper in projects that prohibit checking in binary data. -if exist %WRAPPER_JAR% ( - if "%MVNW_VERBOSE%" == "true" ( - echo Found %WRAPPER_JAR% - ) -) else ( - if not "%MVNW_REPOURL%" == "" ( - SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" - ) - if "%MVNW_VERBOSE%" == "true" ( - echo Couldn't find %WRAPPER_JAR%, downloading it ... - echo Downloading from: %WRAPPER_URL% - ) - - powershell -Command "&{"^ - "$webclient = new-object System.Net.WebClient;"^ - "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ - "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ - "}"^ - "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^ - "}" - if "%MVNW_VERBOSE%" == "true" ( - echo Finished downloading %WRAPPER_JAR% - ) +@IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0) +@SET __MVNW_CMD__= +@SET __MVNW_ERROR__= +@SET __MVNW_PSMODULEP_SAVE=%PSModulePath% +@SET PSModulePath= +@FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @( + IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B) ) -@REM End of extension - -@REM Provide a "standardized" way to retrieve the CLI args that will -@REM work with both Windows and non-Windows executions. -set MAVEN_CMD_LINE_ARGS=%* - -%MAVEN_JAVA_EXE% ^ - %JVM_CONFIG_MAVEN_PROPS% ^ - %MAVEN_OPTS% ^ - %MAVEN_DEBUG_OPTS% ^ - -classpath %WRAPPER_JAR% ^ - "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^ - %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* -if ERRORLEVEL 1 goto error -goto end - -:error -set ERROR_CODE=1 - -:end -@endlocal & set ERROR_CODE=%ERROR_CODE% - -if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost -@REM check for post script, once with legacy .bat ending and once with .cmd ending -if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat" -if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd" -:skipRcPost - -@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' -if "%MAVEN_BATCH_PAUSE%"=="on" pause - -if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE% - -cmd /C exit /B %ERROR_CODE% +@SET PSModulePath=%__MVNW_PSMODULEP_SAVE% +@SET __MVNW_PSMODULEP_SAVE= +@SET __MVNW_ARG0_NAME__= +@SET MVNW_USERNAME= +@SET MVNW_PASSWORD= +@IF NOT "%__MVNW_CMD__%"=="" (%__MVNW_CMD__% %*) +@echo Cannot start maven from wrapper >&2 && exit /b 1 +@GOTO :EOF +: end batch / begin powershell #> + +$ErrorActionPreference = "Stop" +if ($env:MVNW_VERBOSE -eq "true") { + $VerbosePreference = "Continue" +} + +# calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties +$distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl +if (!$distributionUrl) { + Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" +} + +switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) { + "maven-mvnd-*" { + $USE_MVND = $true + $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip" + $MVN_CMD = "mvnd.cmd" + break + } + default { + $USE_MVND = $false + $MVN_CMD = $script -replace '^mvnw','mvn' + break + } +} + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +if ($env:MVNW_REPOURL) { + $MVNW_REPO_PATTERN = if ($USE_MVND) { "/org/apache/maven/" } else { "/maven/mvnd/" } + $distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace '^.*'+$MVNW_REPO_PATTERN,'')" +} +$distributionUrlName = $distributionUrl -replace '^.*/','' +$distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$','' +$MAVEN_HOME_PARENT = "$HOME/.m2/wrapper/dists/$distributionUrlNameMain" +$MAVEN_HOME_NAME = ([System.Security.Cryptography.MD5]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join '' +$MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME" + +if (Test-Path -Path "$MAVEN_HOME" -PathType Container) { + Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME" + Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" + exit $? +} + +if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) { + Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl" +} + +# prepare tmp dir +$TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile +$TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir" +$TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null +trap { + if ($TMP_DOWNLOAD_DIR.Exists) { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } + } +} + +New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null + +# Download and Install Apache Maven +Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +Write-Verbose "Downloading from: $distributionUrl" +Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +$webclient = New-Object System.Net.WebClient +if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) { + $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD) +} +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +$webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +$distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum +if ($distributionSha256Sum) { + if ($USE_MVND) { + Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." + } + if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) { + Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property." + } +} + +# unzip and move +Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null +Rename-Item -Path "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" -NewName $MAVEN_HOME_NAME | Out-Null +try { + Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null +} catch { + if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) { + Write-Error "fail to move MAVEN_HOME" + } +} finally { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } +} + +Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" From 03869b10a06f5ac250b8740169e2d3d36eb12a46 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 16:10:19 +0100 Subject: [PATCH 08/60] WIP --- .github/workflows/e2e.yml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 7cafb75c..918baade 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -24,22 +24,22 @@ jobs: gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}-${{ github.job }} gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}- gradle-v2- - - name: Downgrade java - run: | - dnf -y install java-11-openjdk-devel - alternatives --config java <<< '2' - - name: Build with Maven - run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi - - name: Copy plugin to jenkins - run: cp stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/ - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build jenkins image - uses: docker/build-push-action@v4 - with: - context: jenkins - push: false - tags: jenkins-test + # - name: Downgrade java + # run: | + # dnf -y install java-11-openjdk-devel + # alternatives --config java <<< '2' + # - name: Build with Maven + # run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi + # - name: Copy plugin to jenkins + # run: cp stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/ + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@v2 + # - name: Build jenkins image + # uses: docker/build-push-action@v4 + # with: + # context: jenkins + # push: false + # tags: jenkins-test - uses: actions/checkout@v3 with: repository: stackrox/stackrox From 7821a538870427d6d0adf15a40a5cb746adafe9c Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 16:25:42 +0100 Subject: [PATCH 09/60] {{ --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 918baade..68c52823 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -47,7 +47,7 @@ jobs: - name: Create GKE cluster id: create-cluster env: - GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${secretes.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX} + GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secretes.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} run: | cd stackrox source "scripts/ci/gke.sh" From 2d9219c747253f857f3c4191f16d19cf82e9482d Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 16:29:41 +0100 Subject: [PATCH 10/60] Fix typpo --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 68c52823..98cfd0f4 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -47,7 +47,7 @@ jobs: - name: Create GKE cluster id: create-cluster env: - GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secretes.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} + GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} run: | cd stackrox source "scripts/ci/gke.sh" From 0e4f512127a6651930b33f5bcfceff6e6b28e2f0 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 16:47:06 +0100 Subject: [PATCH 11/60] Add vars --- .github/workflows/e2e.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 98cfd0f4..aa127a3b 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -47,15 +47,18 @@ jobs: - name: Create GKE cluster id: create-cluster env: + OPENSHIFT_CI: true + BUILD_ID: ${{ vars.GITHUB_RUN_ID }} GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} run: | cd stackrox source "scripts/ci/gke.sh" - provision_gke_cluster + provision_gke_cluster "jenkins-plugin-e2e" 1 e2-medium wait_for_cluster MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh pass=$(cat deploy/k8s/central-deploy/password) echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT + echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT - name: Run jenkins run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test - name: Run tests @@ -66,6 +69,9 @@ jobs: run: make -C functionaltest-jenkins-plugin tests - name: Teardown GKE cluster if: always() + env: + OPENSHIFT_CI: true + CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }}" run: | source "stackrox/scripts/ci/gke.sh" teardown_gke_cluster From a464b23c4d8a7ed7bb62d9af10864a67831fd155 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 16:56:30 +0100 Subject: [PATCH 12/60] vers to env --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index aa127a3b..b2bcf198 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -48,7 +48,7 @@ jobs: id: create-cluster env: OPENSHIFT_CI: true - BUILD_ID: ${{ vars.GITHUB_RUN_ID }} + BUILD_ID: ${{ env.GITHUB_RUN_ID }} GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} run: | cd stackrox From 2cc1fb75c94e9920ef74c9177c9e5fab94937bdf Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 17:08:20 +0100 Subject: [PATCH 13/60] use bash --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index b2bcf198..2e5e8726 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -48,10 +48,10 @@ jobs: id: create-cluster env: OPENSHIFT_CI: true - BUILD_ID: ${{ env.GITHUB_RUN_ID }} GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} run: | cd stackrox + export BUILD_ID=${GITHUB_RUN_ID} source "scripts/ci/gke.sh" provision_gke_cluster "jenkins-plugin-e2e" 1 e2-medium wait_for_cluster From e702722d9659c7ba8dc8e188c05ea7d265b61f96 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 17:14:20 +0100 Subject: [PATCH 14/60] export job name --- .github/workflows/e2e.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 2e5e8726..ab3fc31b 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -52,6 +52,7 @@ jobs: run: | cd stackrox export BUILD_ID=${GITHUB_RUN_ID} + export JOB_NAME=${GITHUB_JOB} source "scripts/ci/gke.sh" provision_gke_cluster "jenkins-plugin-e2e" 1 e2-medium wait_for_cluster @@ -68,7 +69,7 @@ jobs: JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 run: make -C functionaltest-jenkins-plugin tests - name: Teardown GKE cluster - if: always() + if: steps.create-cluster.outputs.CLUSTER_NAME != "" env: OPENSHIFT_CI: true CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }}" From 831076ba61cd40aa090c1cd371e745c8783d2d8b Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 17:15:32 +0100 Subject: [PATCH 15/60] '' --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index ab3fc31b..88af79ae 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -69,7 +69,7 @@ jobs: JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 run: make -C functionaltest-jenkins-plugin tests - name: Teardown GKE cluster - if: steps.create-cluster.outputs.CLUSTER_NAME != "" + if: steps.create-cluster.outputs.CLUSTER_NAME != '' env: OPENSHIFT_CI: true CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }}" From 0e6ef0d8d11473a46b004faadf922b1ee931157f Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 17:20:44 +0100 Subject: [PATCH 16/60] WIP --- .github/workflows/e2e.yml | 64 +++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 88af79ae..c96022d5 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -24,42 +24,42 @@ jobs: gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}-${{ github.job }} gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}- gradle-v2- - # - name: Downgrade java - # run: | - # dnf -y install java-11-openjdk-devel - # alternatives --config java <<< '2' - # - name: Build with Maven - # run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi - # - name: Copy plugin to jenkins - # run: cp stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/ - # - name: Set up Docker Buildx - # uses: docker/setup-buildx-action@v2 - # - name: Build jenkins image - # uses: docker/build-push-action@v4 - # with: - # context: jenkins - # push: false - # tags: jenkins-test + - name: Downgrade java + run: | + dnf -y install java-11-openjdk-devel + alternatives --config java <<< '2' + - name: Build with Maven + run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi + - name: Copy plugin to jenkins + run: cp stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/ + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build jenkins image + uses: docker/build-push-action@v4 + with: + context: jenkins + push: false + tags: jenkins-test - uses: actions/checkout@v3 with: repository: stackrox/stackrox path: stackrox - - name: Create GKE cluster - id: create-cluster - env: - OPENSHIFT_CI: true - GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} - run: | - cd stackrox - export BUILD_ID=${GITHUB_RUN_ID} - export JOB_NAME=${GITHUB_JOB} - source "scripts/ci/gke.sh" - provision_gke_cluster "jenkins-plugin-e2e" 1 e2-medium - wait_for_cluster - MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh - pass=$(cat deploy/k8s/central-deploy/password) - echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT - echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT + # - name: Create GKE cluster + # id: create-cluster + # env: + # OPENSHIFT_CI: true + # GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} + # run: | + # cd stackrox + # export BUILD_ID=${GITHUB_RUN_ID} + # export JOB_NAME=${GITHUB_JOB} + # source "scripts/ci/gke.sh" + # provision_gke_cluster "jenkins-plugin-e2e" 1 e2-medium + # wait_for_cluster + # MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh + # pass=$(cat deploy/k8s/central-deploy/password) + # echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT + # echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT - name: Run jenkins run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test - name: Run tests From 74fca5ce5b146a4629f1211f81218155c8d3f638 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 17:33:23 +0100 Subject: [PATCH 17/60] smaller instances --- .github/workflows/e2e.yml | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index c96022d5..0e5c3fd5 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -40,28 +40,29 @@ jobs: context: jenkins push: false tags: jenkins-test + - name: Run jenkins + run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test - uses: actions/checkout@v3 with: repository: stackrox/stackrox path: stackrox - # - name: Create GKE cluster - # id: create-cluster - # env: - # OPENSHIFT_CI: true - # GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} - # run: | - # cd stackrox - # export BUILD_ID=${GITHUB_RUN_ID} - # export JOB_NAME=${GITHUB_JOB} - # source "scripts/ci/gke.sh" - # provision_gke_cluster "jenkins-plugin-e2e" 1 e2-medium - # wait_for_cluster - # MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh - # pass=$(cat deploy/k8s/central-deploy/password) - # echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT - # echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT - - name: Run jenkins - run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test + - name: Create GKE cluster + id: create-cluster + env: + OPENSHIFT_CI: true + GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} + run: | + cd stackrox + export BUILD_ID=${GITHUB_RUN_ID} + export JOB_NAME=${GITHUB_JOB} + source "scripts/ci/gke.sh" + provision_gke_cluster "jenkins-plugin-e2e" 1 e2-standard-4 + wait_for_cluster + MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh + pass=$(cat deploy/k8s/central-deploy/password) + echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT + echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT + - name: Run tests env: ROX_PASSWORD: ${{ steps.create-cluster.outputs.ROX_PASSWORD }}" From 1b6a2095ae68a80136b4af0afa25d6c26abda81b Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 17:39:10 +0100 Subject: [PATCH 18/60] set cluster name --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 0e5c3fd5..b27c3476 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -57,11 +57,11 @@ jobs: export JOB_NAME=${GITHUB_JOB} source "scripts/ci/gke.sh" provision_gke_cluster "jenkins-plugin-e2e" 1 e2-standard-4 + echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT wait_for_cluster MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh pass=$(cat deploy/k8s/central-deploy/password) echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT - echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT - name: Run tests env: From 9ab277090b6d749daad4bea067c881ba0c7b6bec Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 17:53:06 +0100 Subject: [PATCH 19/60] push --- .github/workflows/e2e.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index b27c3476..971d56aa 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -16,14 +16,12 @@ jobs: uses: actions/cache@v2 with: path: | - ~/.gradle/caches - ~/.gradle/wrapper ~/.m2/repository - key: gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}-${{ github.job }} + key: gradle-v1-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}-${{ github.job }} restore-keys: | - gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}-${{ github.job }} - gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}- - gradle-v2- + gradle-v1-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}-${{ github.job }} + gradle-v1-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}- + gradle-v1- - name: Downgrade java run: | dnf -y install java-11-openjdk-devel From fb97265b6f2ba818e482a67e1e00c6e00097c569 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 18:09:37 +0100 Subject: [PATCH 20/60] output --- .github/workflows/e2e.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 971d56aa..de67cf47 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -38,6 +38,7 @@ jobs: context: jenkins push: false tags: jenkins-test + output: type=docker - name: Run jenkins run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test - uses: actions/checkout@v3 From da5265303cc74b2550c05ce95eabe1f466bb9525 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 18:18:43 +0100 Subject: [PATCH 21/60] load --- .github/workflows/e2e.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index de67cf47..fc4cdc34 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -35,10 +35,10 @@ jobs: - name: Build jenkins image uses: docker/build-push-action@v4 with: + tags: jenkins-test context: jenkins push: false - tags: jenkins-test - output: type=docker + load: true - name: Run jenkins run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test - uses: actions/checkout@v3 From f1d53462070a4b8c436fb96ce9cbdbd34b308bfe Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 19:05:12 +0100 Subject: [PATCH 22/60] more machines --- .github/workflows/e2e.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index fc4cdc34..e9fe2cd8 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -55,7 +55,7 @@ jobs: export BUILD_ID=${GITHUB_RUN_ID} export JOB_NAME=${GITHUB_JOB} source "scripts/ci/gke.sh" - provision_gke_cluster "jenkins-plugin-e2e" 1 e2-standard-4 + provision_gke_cluster "jenkins-plugin-e2e" 3 e2-standard-4 echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT wait_for_cluster MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh @@ -69,7 +69,7 @@ jobs: JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 run: make -C functionaltest-jenkins-plugin tests - name: Teardown GKE cluster - if: steps.create-cluster.outputs.CLUSTER_NAME != '' + if: always() && steps.create-cluster.outputs.CLUSTER_NAME != '' env: OPENSHIFT_CI: true CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }}" From 22159348776e413336a3a74aa04afbbfc981d785 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 21 Mar 2023 19:29:28 +0100 Subject: [PATCH 23/60] Fix teardown --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index e9fe2cd8..b749a9ba 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -72,7 +72,7 @@ jobs: if: always() && steps.create-cluster.outputs.CLUSTER_NAME != '' env: OPENSHIFT_CI: true - CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }}" + CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }} run: | source "stackrox/scripts/ci/gke.sh" teardown_gke_cluster From d8bf0eb55d93c95da3fc06d5d644fbb10941b88e Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 08:50:13 +0100 Subject: [PATCH 24/60] Split create and deploy --- .github/workflows/e2e.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index b749a9ba..da5e11d3 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -58,13 +58,17 @@ jobs: provision_gke_cluster "jenkins-plugin-e2e" 3 e2-standard-4 echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT wait_for_cluster + + - name: Deploy Stackrox + id: deploy + run: | MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh pass=$(cat deploy/k8s/central-deploy/password) echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT - name: Run tests env: - ROX_PASSWORD: ${{ steps.create-cluster.outputs.ROX_PASSWORD }}" + ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }}" ROX_ENDPOINT: https://localhost:8000 JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 run: make -C functionaltest-jenkins-plugin tests From e5da733ee3eb847d772847553cbd253fa7a4fa81 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 09:13:11 +0100 Subject: [PATCH 25/60] cd --- .github/workflows/e2e.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index da5e11d3..9a4b7321 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -62,6 +62,7 @@ jobs: - name: Deploy Stackrox id: deploy run: | + cd stackrox MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh pass=$(cat deploy/k8s/central-deploy/password) echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT From 45d863a4dd1a63feadbe718fe9a5b681aa9102ef Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 09:35:22 +0100 Subject: [PATCH 26/60] Skip sensor installation --- .github/workflows/e2e.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 9a4b7321..73e99b94 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -63,6 +63,7 @@ jobs: id: deploy run: | cd stackrox + echo '#!/usr/bin/env bash\necho "Skipping sensor installation."' > x.sh MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh pass=$(cat deploy/k8s/central-deploy/password) echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT From 3e0d7d407bdb317a92cc864e4be1d006d68d59fa Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 10:00:10 +0100 Subject: [PATCH 27/60] path --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 73e99b94..8226a6aa 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -63,7 +63,7 @@ jobs: id: deploy run: | cd stackrox - echo '#!/usr/bin/env bash\necho "Skipping sensor installation."' > x.sh + echo '#!/usr/bin/env bash\necho "Skipping sensor installation."' > deploy/k8s/sensor.sh MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh pass=$(cat deploy/k8s/central-deploy/password) echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT From 3ba572bd1589965224aacd4c6b1a6cc9ce983671 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 10:19:07 +0100 Subject: [PATCH 28/60] make --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 8226a6aa..fd8c7689 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -73,7 +73,7 @@ jobs: ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }}" ROX_ENDPOINT: https://localhost:8000 JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 - run: make -C functionaltest-jenkins-plugin tests + run: cd functionaltest-jenkins-plugin && make tests - name: Teardown GKE cluster if: always() && steps.create-cluster.outputs.CLUSTER_NAME != '' env: From bb8333ff9cad0ce7771390abe9f0b4ec913a85af Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 10:46:50 +0100 Subject: [PATCH 29/60] fix --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index fd8c7689..0aa4fb4f 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -73,7 +73,7 @@ jobs: ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }}" ROX_ENDPOINT: https://localhost:8000 JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 - run: cd functionaltest-jenkins-plugin && make tests + run: make -C functionaltest-jenkins-plugin test - name: Teardown GKE cluster if: always() && steps.create-cluster.outputs.CLUSTER_NAME != '' env: From f0177271812e3fe991795e5e1c88ca3f4b67a09e Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 11:49:41 +0100 Subject: [PATCH 30/60] fix --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 0aa4fb4f..bb955116 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -70,7 +70,7 @@ jobs: - name: Run tests env: - ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }}" + ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }} ROX_ENDPOINT: https://localhost:8000 JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 run: make -C functionaltest-jenkins-plugin test From 1eb3f6633bf89d4c549fd299c505cc1fb5121f90 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 12:51:59 +0100 Subject: [PATCH 31/60] local proxy --- .github/workflows/e2e.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index bb955116..80776ad2 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -68,6 +68,13 @@ jobs: pass=$(cat deploy/k8s/central-deploy/password) echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT + - name: Restart proxy + run: | + export port=8000 + pid="$(lsof -n -i "tcp:${port}" | grep kubectl | awk '{print $2}' | uniq)" + [[ -n "${pid}" ]] || { einfo "No kubectl port-forward is running on port ${port}."; exit 0; } + kill "${pid}" || die "Kill failed" + - name: Run tests env: ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }} From 31f039cb23aa1b87bb896d5f3458aefaf78ad6bc Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 13:05:48 +0100 Subject: [PATCH 32/60] WIP --- .github/workflows/e2e.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 80776ad2..f8f262f3 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -11,6 +11,14 @@ jobs: image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.56 steps: + + + - name: Run jenkins + run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins/jenkins + - name: Check jenkins + run: | + docker ps + curl http://localhost:8080 - uses: actions/checkout@v3 - name: Cache Gradle Dependencies uses: actions/cache@v2 From 976aec02bd7d03939f572f1058e80a09e439a212 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 13:24:07 +0100 Subject: [PATCH 33/60] without contrainer --- .github/workflows/e2e.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index f8f262f3..462bb482 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -7,8 +7,6 @@ on: jobs: build: runs-on: ubuntu-latest - container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.3.56 steps: From 6dd25bc899312136aaee3e3028f0407019c2e022 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 13:25:12 +0100 Subject: [PATCH 34/60] sleep --- .github/workflows/e2e.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 462bb482..3ce8d623 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -15,6 +15,7 @@ jobs: run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins/jenkins - name: Check jenkins run: | + sleep 10 docker ps curl http://localhost:8080 - uses: actions/checkout@v3 From fc32ccb92c54866eb204858ef7a23926c4f2371b Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 13:33:55 +0100 Subject: [PATCH 35/60] install deps --- .github/workflows/e2e.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 3ce8d623..8eab1978 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -9,15 +9,11 @@ jobs: runs-on: ubuntu-latest steps: - - - - name: Run jenkins - run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins/jenkins - - name: Check jenkins + - name: Install tools run: | - sleep 10 - docker ps - curl http://localhost:8080 + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + snap install google-cloud-cli --classic + - uses: actions/checkout@v3 - name: Cache Gradle Dependencies uses: actions/cache@v2 From 8cf199a73bad8ddb9dbd6b788416ac3f7cb010b7 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 13:34:52 +0100 Subject: [PATCH 36/60] setup java --- .github/workflows/e2e.yml | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 8eab1978..96d40abc 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -15,20 +15,11 @@ jobs: snap install google-cloud-cli --classic - uses: actions/checkout@v3 - - name: Cache Gradle Dependencies - uses: actions/cache@v2 + - uses: actions/setup-java@v3 with: - path: | - ~/.m2/repository - key: gradle-v1-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}-${{ github.job }} - restore-keys: | - gradle-v1-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}-${{ github.job }} - gradle-v1-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}- - gradle-v1- - - name: Downgrade java - run: | - dnf -y install java-11-openjdk-devel - alternatives --config java <<< '2' + distribution: 'temurin' + java-version: '11' + cache: 'gradle' - name: Build with Maven run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi - name: Copy plugin to jenkins From 6cc80749be3ec2011b9269d6334ac17a28ae14d3 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 13:37:49 +0100 Subject: [PATCH 37/60] fix --- .github/workflows/e2e.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 96d40abc..cb6d3012 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -11,8 +11,8 @@ jobs: steps: - name: Install tools run: | - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" - snap install google-cloud-cli --classic + sudo snap install kubectl --classic + sudo snap install google-cloud-cli --classic - uses: actions/checkout@v3 - uses: actions/setup-java@v3 From 0fbacd4fc130e1072ea1af26d80d60a0d689047d Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 14:44:38 +0100 Subject: [PATCH 38/60] install plugin --- .github/workflows/e2e.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index cb6d3012..ed10f073 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -11,9 +11,11 @@ jobs: steps: - name: Install tools run: | - sudo snap install kubectl --classic - sudo snap install google-cloud-cli --classic - + sudo snap install google-cloud-cli kubectl --classic + echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list + curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - + sudo apt update + sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin - uses: actions/checkout@v3 - uses: actions/setup-java@v3 with: From 01edf8f5b7ecfe6712dd1637df6157ad0ad1a58c Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 14:46:47 +0100 Subject: [PATCH 39/60] fix --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index ed10f073..0cb3627d 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Install tools run: | - sudo snap install google-cloud-cli kubectl --classic + sudo snap install google-cloud-cli kubectl echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - sudo apt update From c72fdf7b8625f80e6dc010ad26608f8c625adc09 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 14:48:42 +0100 Subject: [PATCH 40/60] fix --- .github/workflows/e2e.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 0cb3627d..f6fab4ee 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -11,11 +11,11 @@ jobs: steps: - name: Install tools run: | - sudo snap install google-cloud-cli kubectl + sudo snap install kubectl --classic echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - sudo apt update - sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin + sudo apt-get install google-cloud-cli google-cloud-sdk-gke-gcloud-auth-plugin - uses: actions/checkout@v3 - uses: actions/setup-java@v3 with: From 91aa3b5c150188804572212f31a79acc1884767b Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 14:51:03 +0100 Subject: [PATCH 41/60] fix --- .github/workflows/e2e.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index f6fab4ee..6cf68b11 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -12,10 +12,11 @@ jobs: - name: Install tools run: | sudo snap install kubectl --classic + sudo snap install google-cloud-cli --classic echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - sudo apt update - sudo apt-get install google-cloud-cli google-cloud-sdk-gke-gcloud-auth-plugin + sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin - uses: actions/checkout@v3 - uses: actions/setup-java@v3 with: From 67780fc43402ca4b8408324f5ba1c986603d9c4f Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 15:12:26 +0100 Subject: [PATCH 42/60] run proxy --- .github/workflows/e2e.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 6cf68b11..a2e9dfce 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -66,11 +66,13 @@ jobs: echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT - name: Restart proxy + env: + port: 8000 run: | - export port=8000 pid="$(lsof -n -i "tcp:${port}" | grep kubectl | awk '{print $2}' | uniq)" [[ -n "${pid}" ]] || { einfo "No kubectl port-forward is running on port ${port}."; exit 0; } kill "${pid}" || die "Kill failed" + kubectl port-forward -n 'stackrox' svc/central "8000:443" --address='0.0.0.0' & - name: Run tests env: From e94b9166f1487259559f13044d28d1ebde021d64 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 15:54:13 +0100 Subject: [PATCH 43/60] unify --- .github/workflows/e2e.yml | 90 -------------------------------------- .github/workflows/main.yml | 85 +++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 90 deletions(-) delete mode 100644 .github/workflows/e2e.yml diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml deleted file mode 100644 index a2e9dfce..00000000 --- a/.github/workflows/e2e.yml +++ /dev/null @@ -1,90 +0,0 @@ -name: E2E - -on: - push: - - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - name: Install tools - run: | - sudo snap install kubectl --classic - sudo snap install google-cloud-cli --classic - echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list - curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - - sudo apt update - sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin - - uses: actions/checkout@v3 - - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: '11' - cache: 'gradle' - - name: Build with Maven - run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi - - name: Copy plugin to jenkins - run: cp stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/ - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build jenkins image - uses: docker/build-push-action@v4 - with: - tags: jenkins-test - context: jenkins - push: false - load: true - - name: Run jenkins - run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test - - uses: actions/checkout@v3 - with: - repository: stackrox/stackrox - path: stackrox - - name: Create GKE cluster - id: create-cluster - env: - OPENSHIFT_CI: true - GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} - run: | - cd stackrox - export BUILD_ID=${GITHUB_RUN_ID} - export JOB_NAME=${GITHUB_JOB} - source "scripts/ci/gke.sh" - provision_gke_cluster "jenkins-plugin-e2e" 3 e2-standard-4 - echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT - wait_for_cluster - - - name: Deploy Stackrox - id: deploy - run: | - cd stackrox - echo '#!/usr/bin/env bash\necho "Skipping sensor installation."' > deploy/k8s/sensor.sh - MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh - pass=$(cat deploy/k8s/central-deploy/password) - echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT - - - name: Restart proxy - env: - port: 8000 - run: | - pid="$(lsof -n -i "tcp:${port}" | grep kubectl | awk '{print $2}' | uniq)" - [[ -n "${pid}" ]] || { einfo "No kubectl port-forward is running on port ${port}."; exit 0; } - kill "${pid}" || die "Kill failed" - kubectl port-forward -n 'stackrox' svc/central "8000:443" --address='0.0.0.0' & - - - name: Run tests - env: - ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }} - ROX_ENDPOINT: https://localhost:8000 - JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 - run: make -C functionaltest-jenkins-plugin test - - name: Teardown GKE cluster - if: always() && steps.create-cluster.outputs.CLUSTER_NAME != '' - env: - OPENSHIFT_CI: true - CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }} - run: | - source "stackrox/scripts/ci/gke.sh" - teardown_gke_cluster diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 99060a1e..de41ba05 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -61,3 +61,88 @@ jobs: asset_name: bom.json asset_content_type: application/json + - uses: actions/upload-artifact@v3 + with: + name: stackrox-container-image-scanner.hpi + path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi + + e2e: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: actions/checkout@v3 + with: + repository: stackrox/stackrox + path: stackrox + - uses: docker/setup-buildx-action@v2 + - uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '11' + cache: 'gralde' + - name: Install kubectl + run: sudo snap install kubectl --classic + - name: Install gcloud + run: | + sudo snap install google-cloud-cli --classic + echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list + curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - + sudo apt-get update + sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin + - uses: actions/download-artifact@v3 + with: + name: stackrox-container-image-scanner.hpi + path: jenkins + - name: Build jenkins image + uses: docker/build-push-action@v4 + with: + tags: jenkins-test + context: jenkins + push: false + load: true + - name: Run jenkins in background + run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test + - name: Create GKE cluster + id: create-cluster + env: + OPENSHIFT_CI: true + GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} + run: | + cd stackrox + export BUILD_ID=${GITHUB_RUN_ID} + export JOB_NAME=${GITHUB_JOB} + source "scripts/ci/gke.sh" + provision_gke_cluster "jenkins-plugin-e2e" 3 e2-standard-4 + echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT + wait_for_cluster + - name: Deploy Stackrox + id: deploy + run: | + cd stackrox + echo '#!/usr/bin/env bash\necho "Skipping sensor installation."' > deploy/k8s/sensor.sh + MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh + pass=$(cat deploy/k8s/central-deploy/password) + echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT + - name: Restart kubectl port-forward #TODO(janisz): Remove after merging https://github.com/stackrox/stackrox/pull/5348 + env: + port: 8000 + run: | + pid="$(lsof -n -i "tcp:${port}" | grep kubectl | awk '{print $2}' | uniq)" + [[ -n "${pid}" ]] || { einfo "No kubectl port-forward is running on port ${port}."; exit 0; } + kill "${pid}" || die "Kill failed" + kubectl port-forward -n 'stackrox' svc/central "8000:443" --address='0.0.0.0' & + - name: Run tests + env: + ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }} + ROX_ENDPOINT: https://localhost:8000 + JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 + run: make -C functionaltest-jenkins-plugin test + - name: Teardown GKE cluster + if: always() && steps.create-cluster.outputs.CLUSTER_NAME != '' + env: + OPENSHIFT_CI: true + CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }} + run: | + source "stackrox/scripts/ci/gke.sh" + teardown_gke_cluster \ No newline at end of file From 31ceceb6b20beb6a85cee34ac83d7d561baf11f6 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 15:58:08 +0100 Subject: [PATCH 44/60] Move to tests --- .github/workflows/main.yml | 86 ------------------------------------ .github/workflows/tests.yaml | 85 +++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 86 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index de41ba05..ff7aa6e3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -60,89 +60,3 @@ jobs: asset_path: stackrox-container-image-scanner/target/bom.json asset_name: bom.json asset_content_type: application/json - - - uses: actions/upload-artifact@v3 - with: - name: stackrox-container-image-scanner.hpi - path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi - - e2e: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - uses: actions/checkout@v3 - with: - repository: stackrox/stackrox - path: stackrox - - uses: docker/setup-buildx-action@v2 - - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: '11' - cache: 'gralde' - - name: Install kubectl - run: sudo snap install kubectl --classic - - name: Install gcloud - run: | - sudo snap install google-cloud-cli --classic - echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list - curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - - sudo apt-get update - sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin - - uses: actions/download-artifact@v3 - with: - name: stackrox-container-image-scanner.hpi - path: jenkins - - name: Build jenkins image - uses: docker/build-push-action@v4 - with: - tags: jenkins-test - context: jenkins - push: false - load: true - - name: Run jenkins in background - run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test - - name: Create GKE cluster - id: create-cluster - env: - OPENSHIFT_CI: true - GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} - run: | - cd stackrox - export BUILD_ID=${GITHUB_RUN_ID} - export JOB_NAME=${GITHUB_JOB} - source "scripts/ci/gke.sh" - provision_gke_cluster "jenkins-plugin-e2e" 3 e2-standard-4 - echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT - wait_for_cluster - - name: Deploy Stackrox - id: deploy - run: | - cd stackrox - echo '#!/usr/bin/env bash\necho "Skipping sensor installation."' > deploy/k8s/sensor.sh - MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh - pass=$(cat deploy/k8s/central-deploy/password) - echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT - - name: Restart kubectl port-forward #TODO(janisz): Remove after merging https://github.com/stackrox/stackrox/pull/5348 - env: - port: 8000 - run: | - pid="$(lsof -n -i "tcp:${port}" | grep kubectl | awk '{print $2}' | uniq)" - [[ -n "${pid}" ]] || { einfo "No kubectl port-forward is running on port ${port}."; exit 0; } - kill "${pid}" || die "Kill failed" - kubectl port-forward -n 'stackrox' svc/central "8000:443" --address='0.0.0.0' & - - name: Run tests - env: - ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }} - ROX_ENDPOINT: https://localhost:8000 - JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 - run: make -C functionaltest-jenkins-plugin test - - name: Teardown GKE cluster - if: always() && steps.create-cluster.outputs.CLUSTER_NAME != '' - env: - OPENSHIFT_CI: true - CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }} - run: | - source "stackrox/scripts/ci/gke.sh" - teardown_gke_cluster \ No newline at end of file diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 318f8787..ccf42abc 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -16,3 +16,88 @@ jobs: cache: 'maven' - name: Build with Maven run: cd stackrox-container-image-scanner && ./mvnw -B verify package hpi:hpi cyclonedx:makeAggregateBom + - uses: actions/upload-artifact@v3 + with: + name: stackrox-container-image-scanner.hpi + path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi + + e2e: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: actions/checkout@v3 + with: + repository: stackrox/stackrox + path: stackrox + - uses: docker/setup-buildx-action@v2 + - uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '11' + cache: 'gralde' + - name: Install kubectl + run: sudo snap install kubectl --classic + - name: Install gcloud + run: | + sudo snap install google-cloud-cli --classic + echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list + curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - + sudo apt-get update + sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin + - uses: actions/download-artifact@v3 + with: + name: stackrox-container-image-scanner.hpi + path: jenkins + - name: Build jenkins image + uses: docker/build-push-action@v4 + with: + tags: jenkins-test + context: jenkins + push: false + load: true + - name: Run jenkins in background + run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test + - name: Create GKE cluster + id: create-cluster + env: + OPENSHIFT_CI: true + GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} + run: | + cd stackrox + export BUILD_ID=${GITHUB_RUN_ID} + export JOB_NAME=${GITHUB_JOB} + source "scripts/ci/gke.sh" + provision_gke_cluster "jenkins-plugin-e2e" 3 e2-standard-4 + echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT + wait_for_cluster + - name: Deploy Stackrox + id: deploy + run: | + cd stackrox + echo '#!/usr/bin/env bash\necho "Skipping sensor installation."' > deploy/k8s/sensor.sh + MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh + pass=$(cat deploy/k8s/central-deploy/password) + echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT + - name: Restart kubectl port-forward #TODO(janisz): Remove after merging https://github.com/stackrox/stackrox/pull/5348 + env: + port: 8000 + run: | + pid="$(lsof -n -i "tcp:${port}" | grep kubectl | awk '{print $2}' | uniq)" + [[ -n "${pid}" ]] || { einfo "No kubectl port-forward is running on port ${port}."; exit 0; } + kill "${pid}" || die "Kill failed" + kubectl port-forward -n 'stackrox' svc/central "8000:443" --address='0.0.0.0' & + - name: Run tests + env: + ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }} + ROX_ENDPOINT: https://localhost:8000 + JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 + run: make -C functionaltest-jenkins-plugin test + - name: Teardown GKE cluster + if: always() && steps.create-cluster.outputs.CLUSTER_NAME != '' + env: + OPENSHIFT_CI: true + CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }} + run: | + source "stackrox/scripts/ci/gke.sh" + teardown_gke_cluster From 845255186b1f428a307eaba1c30d079f8cad3313 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 16:12:21 +0100 Subject: [PATCH 45/60] typo --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index ccf42abc..807cf504 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -35,7 +35,7 @@ jobs: with: distribution: 'temurin' java-version: '11' - cache: 'gralde' + cache: 'gradle' - name: Install kubectl run: sudo snap install kubectl --classic - name: Install gcloud From 1f39ce211b2de704eb5cea9c68036753b522f72a Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 16:15:29 +0100 Subject: [PATCH 46/60] build --- .github/workflows/tests.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 807cf504..5b5033c1 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -23,6 +23,7 @@ jobs: e2e: runs-on: ubuntu-latest + needs: build steps: - uses: actions/checkout@v3 From 7dd2f7e4268e5ffb4efeaf6d3bdb1decb17d8c6b Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 16:20:03 +0100 Subject: [PATCH 47/60] check style --- .github/workflows/main.yml | 2 -- .github/workflows/tests.yaml | 16 +++++++++++++--- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ff7aa6e3..8aad071e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,8 +19,6 @@ jobs: distribution: 'temurin' java-version: '8' cache: 'maven' - - name: Check style - run: make -C functionaltest-jenkins-plugin style - name: Build with Maven run: cd stackrox-container-image-scanner && ./mvnw -B package hpi:hpi cyclonedx:makeAggregateBom - uses: release-drafter/release-drafter@v5 diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 5b5033c1..4ce5fe0b 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -4,9 +4,20 @@ on: push: jobs: - build: + style: runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '17' + cache: 'gradle' + - name: Check style + run: make -C functionaltest-jenkins-plugin style + build: + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-java@v3 @@ -24,7 +35,6 @@ jobs: e2e: runs-on: ubuntu-latest needs: build - steps: - uses: actions/checkout@v3 - uses: actions/checkout@v3 @@ -35,7 +45,7 @@ jobs: - uses: actions/setup-java@v3 with: distribution: 'temurin' - java-version: '11' + java-version: '17' cache: 'gradle' - name: Install kubectl run: sudo snap install kubectl --classic From 864742016a3574aea4a31c0581c74eaf909523d3 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 16:23:45 +0100 Subject: [PATCH 48/60] 11 --- .github/workflows/tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 4ce5fe0b..fa981129 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -11,7 +11,7 @@ jobs: - uses: actions/setup-java@v3 with: distribution: 'temurin' - java-version: '17' + java-version: '11' cache: 'gradle' - name: Check style run: make -C functionaltest-jenkins-plugin style @@ -45,7 +45,7 @@ jobs: - uses: actions/setup-java@v3 with: distribution: 'temurin' - java-version: '17' + java-version: '11' cache: 'gradle' - name: Install kubectl run: sudo snap install kubectl --classic From 9e3895cfb41a47b32b720efdb09d05ee6be60a91 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 17:06:10 +0100 Subject: [PATCH 49/60] revert --- .../.mvn/wrapper/maven-wrapper.properties | 4 +- stackrox-container-image-scanner/mvnw | 414 ++++++++++-------- stackrox-container-image-scanner/mvnw.cmd | 282 +++++++----- .../ViewStackroxResultsActionTest.java | 2 +- .../plugins/jenkins/RunConfigTest.java | 2 +- .../plugins/report/ReportGeneratorTest.java | 2 +- .../services/ApiClientFactoryTest.java | 2 +- .../services/DetectionServiceTest.java | 2 +- .../plugins/services/ImageServiceTest.java | 2 +- .../services/ServiceExceptionTest.java | 2 +- 10 files changed, 402 insertions(+), 312 deletions(-) diff --git a/stackrox-container-image-scanner/.mvn/wrapper/maven-wrapper.properties b/stackrox-container-image-scanner/.mvn/wrapper/maven-wrapper.properties index 6f40a26e..dc3affce 100644 --- a/stackrox-container-image-scanner/.mvn/wrapper/maven-wrapper.properties +++ b/stackrox-container-image-scanner/.mvn/wrapper/maven-wrapper.properties @@ -6,7 +6,7 @@ # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an @@ -15,4 +15,4 @@ # specific language governing permissions and limitations # under the License. distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip -wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar +wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar diff --git a/stackrox-container-image-scanner/mvnw b/stackrox-container-image-scanner/mvnw index 633bbb74..b7f06462 100755 --- a/stackrox-container-image-scanner/mvnw +++ b/stackrox-container-image-scanner/mvnw @@ -19,221 +19,269 @@ # ---------------------------------------------------------------------------- # ---------------------------------------------------------------------------- -# Apache Maven Wrapper startup batch script, version 3.2.0 +# Apache Maven Wrapper startup batch script, version 3.1.1 +# +# Required ENV vars: +# ------------------ +# JAVA_HOME - location of a JDK home dir # # Optional ENV vars # ----------------- -# JAVA_HOME - location of a JDK home dir, required when download maven via java source -# MVNW_REPOURL - repo url base for downloading maven distribution -# MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven -# MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output +# MAVEN_OPTS - parameters passed to the Java VM when running Maven +# e.g. to debug Maven itself, use +# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 +# MAVEN_SKIP_RC - flag to disable loading of mavenrc files # ---------------------------------------------------------------------------- -set -euf -[ "${MVNW_VERBOSE-}" != debug ] || set -x +if [ -z "$MAVEN_SKIP_RC" ] ; then + + if [ -f /usr/local/etc/mavenrc ] ; then + . /usr/local/etc/mavenrc + fi + + if [ -f /etc/mavenrc ] ; then + . /etc/mavenrc + fi + + if [ -f "$HOME/.mavenrc" ] ; then + . "$HOME/.mavenrc" + fi + +fi -# OS specific support. -native_path() { printf %s\\n "$1"; } -case "$(uname)" in -(CYGWIN*|MINGW*) [ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")" - native_path() { cygpath --path --windows "$1"; } ;; +# OS specific support. $var _must_ be set to either true or false. +cygwin=false; +darwin=false; +mingw=false +case "`uname`" in + CYGWIN*) cygwin=true ;; + MINGW*) mingw=true;; + Darwin*) darwin=true + # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home + # See https://developer.apple.com/library/mac/qa/qa1170/_index.html + if [ -z "$JAVA_HOME" ]; then + if [ -x "/usr/libexec/java_home" ]; then + JAVA_HOME="`/usr/libexec/java_home`"; export JAVA_HOME + else + JAVA_HOME="/Library/Java/Home"; export JAVA_HOME + fi + fi + ;; esac -# set JAVACMD and JAVACCMD -set_java_home() { - # For Cygwin and MinGW, ensure paths are in Unix format before anything is touched - if [ -n "${JAVA_HOME-}" ] ; then +if [ -z "$JAVA_HOME" ] ; then + if [ -r /etc/gentoo-release ] ; then + JAVA_HOME=`java-config --jre-home` + fi +fi + +# For Cygwin, ensure paths are in UNIX format before anything is touched +if $cygwin ; then + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --unix "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --unix "$CLASSPATH"` +fi + +# For Mingw, ensure paths are in UNIX format before anything is touched +if $mingw ; then + [ -n "$JAVA_HOME" ] && + JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" +fi + +if [ -z "$JAVA_HOME" ]; then + javaExecutable="`which javac`" + if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then + # readlink(1) is not available as standard on Solaris 10. + readLink=`which readlink` + if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then + if $darwin ; then + javaHome="`dirname \"$javaExecutable\"`" + javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" + else + javaExecutable="`readlink -f \"$javaExecutable\"`" + fi + javaHome="`dirname \"$javaExecutable\"`" + javaHome=`expr "$javaHome" : '\(.*\)/bin'` + JAVA_HOME="$javaHome" + export JAVA_HOME + fi + fi +fi + +if [ -z "$JAVACMD" ] ; then + if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then # IBM's JDK on AIX uses strange locations for the executables JAVACMD="$JAVA_HOME/jre/sh/java" - JAVACCMD="$JAVA_HOME/jre/sh/javac" else JAVACMD="$JAVA_HOME/bin/java" - JAVACCMD="$JAVA_HOME/bin/javac" - - if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ] ; then - echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2 - echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2 - return 1 - fi fi else - JAVACMD="$('set' +e; 'unset' -f command 2>/dev/null; 'command' -v java)" || : - JAVACCMD="$('set' +e; 'unset' -f command 2>/dev/null; 'command' -v javac)" || : - - if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ] ; then - echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2 - return 1 - fi + JAVACMD="`\\unset -f command; \\command -v java`" fi -} +fi -# hash string like Java String::hashCode -hash_string() { - str="${1:-}" h=0 - while [ -n "$str" ]; do - h=$(( ( h * 31 + $(LC_CTYPE=C printf %d "'$str") ) % 4294967296 )) - str="${str#?}" - done - printf %x\\n $h -} +if [ ! -x "$JAVACMD" ] ; then + echo "Error: JAVA_HOME is not defined correctly." >&2 + echo " We cannot execute $JAVACMD" >&2 + exit 1 +fi -verbose() { :; } -[ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; } +if [ -z "$JAVA_HOME" ] ; then + echo "Warning: JAVA_HOME environment variable is not set." +fi -die() { - printf %s\\n "$1" >&2 - exit 1 -} +# traverses directory structure from process work directory to filesystem root +# first directory with .mvn subdirectory is considered project base directory +find_maven_basedir() { + if [ -z "$1" ] + then + echo "Path not specified to find_maven_basedir" + return 1 + fi -# parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties -while IFS="=" read -r key value; do - case "${key-}" in - distributionUrl) distributionUrl="${value-}" ;; - distributionSha256Sum) distributionSha256Sum="${value-}" ;; - esac -done < "${0%/*}/.mvn/wrapper/maven-wrapper.properties" -[ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in ${0%/*}/.mvn/wrapper/maven-wrapper.properties" - - -case "${distributionUrl##*/}" in -(maven-mvnd-*bin.*) - MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ - case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in - (*AMD64:CYGWIN*|*AMD64:MINGW*) distributionPlatform=windows-amd64 ;; - (:Darwin*x86_64) distributionPlatform=darwin-amd64 ;; - (:Darwin*arm64) distributionPlatform=darwin-aarch64 ;; - (:Linux*x86_64*) distributionPlatform=linux-amd64 ;; - (*) echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2 - distributionPlatform=linux-amd64 - ;; - esac - distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip" - ;; -(maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;; -(*) MVN_CMD="mvn${0##*/mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;; -esac + basedir="$1" + wdir="$1" + while [ "$wdir" != '/' ] ; do + if [ -d "$wdir"/.mvn ] ; then + basedir=$wdir + break + fi + # workaround for JBEAP-8937 (on Solaris 10/Sparc) + if [ -d "${wdir}" ]; then + wdir=`cd "$wdir/.."; pwd` + fi + # end of workaround + done + printf '%s' "$(cd "$basedir"; pwd)" +} -# apply MVNW_REPOURL and calculate MAVEN_HOME -# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ -[ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}" -distributionUrlName="${distributionUrl##*/}" -distributionUrlNameMain="${distributionUrlName%.*}" -distributionUrlNameMain="${distributionUrlNameMain%-bin}" -MAVEN_HOME="$HOME/.m2/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")" - -exec_maven() { - unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || : - exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD" +# concatenates all lines of a file +concat_lines() { + if [ -f "$1" ]; then + echo "$(tr -s '\n' ' ' < "$1")" + fi } -if [ -d "$MAVEN_HOME" ]; then - verbose "found existing MAVEN_HOME at $MAVEN_HOME" - exec_maven "$@" +BASE_DIR=$(find_maven_basedir "$(dirname $0)") +if [ -z "$BASE_DIR" ]; then + exit 1; fi -case "${distributionUrl-}" in -(*?-bin.zip|*?maven-mvnd-?*-?*.zip) ;; -(*) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;; -esac - -# prepare tmp dir -if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then - clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; } - trap clean HUP INT TERM EXIT -else - die "cannot create temp dir" +MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}; export MAVEN_PROJECTBASEDIR +if [ "$MVNW_VERBOSE" = true ]; then + echo $MAVEN_PROJECTBASEDIR fi -mkdir -p -- "${MAVEN_HOME%/*}" - -# Download and Install Apache Maven -verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." -verbose "Downloading from: $distributionUrl" -verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" +########################################################################################## +# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central +# This allows using the maven wrapper in projects that prohibit checking in binary data. +########################################################################################## +if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then + if [ "$MVNW_VERBOSE" = true ]; then + echo "Found .mvn/wrapper/maven-wrapper.jar" + fi +else + if [ "$MVNW_VERBOSE" = true ]; then + echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." + fi + if [ -n "$MVNW_REPOURL" ]; then + wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" + else + wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" + fi + while IFS="=" read key value; do + case "$key" in (wrapperUrl) wrapperUrl="$value"; break ;; + esac + done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" + if [ "$MVNW_VERBOSE" = true ]; then + echo "Downloading from: $wrapperUrl" + fi + wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" + if $cygwin; then + wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"` + fi -# select .zip or .tar.gz -if ! command -v unzip >/dev/null; then - distributionUrl="${distributionUrl%.zip}.tar.gz" - distributionUrlName="${distributionUrl##*/}" + if command -v wget > /dev/null; then + QUIET="--quiet" + if [ "$MVNW_VERBOSE" = true ]; then + echo "Found wget ... using wget" + QUIET="" + fi + if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then + wget $QUIET "$wrapperUrl" -O "$wrapperJarPath" + else + wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath" + fi + [ $? -eq 0 ] || rm -f "$wrapperJarPath" + elif command -v curl > /dev/null; then + QUIET="--silent" + if [ "$MVNW_VERBOSE" = true ]; then + echo "Found curl ... using curl" + QUIET="" + fi + if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then + curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L + else + curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L + fi + [ $? -eq 0 ] || rm -f "$wrapperJarPath" + else + if [ "$MVNW_VERBOSE" = true ]; then + echo "Falling back to using Java to download" + fi + javaSource="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" + javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" + # For Cygwin, switch paths to Windows format before running javac + if $cygwin; then + javaSource=`cygpath --path --windows "$javaSource"` + javaClass=`cygpath --path --windows "$javaClass"` + fi + if [ -e "$javaSource" ]; then + if [ ! -e "$javaClass" ]; then + if [ "$MVNW_VERBOSE" = true ]; then + echo " - Compiling MavenWrapperDownloader.java ..." + fi + # Compiling the Java class + ("$JAVA_HOME/bin/javac" "$javaSource") + fi + if [ -e "$javaClass" ]; then + # Running the downloader + if [ "$MVNW_VERBOSE" = true ]; then + echo " - Running MavenWrapperDownloader.java ..." + fi + ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR") + fi + fi + fi fi +########################################################################################## +# End of extension +########################################################################################## -# verbose opt -__MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR='' -[ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v - -# normalize http auth -case "${MVNW_PASSWORD:+has-password}" in -'') MVNW_USERNAME='' MVNW_PASSWORD='' ;; -has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;; -esac +MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" -if [ -z "${MVNW_USERNAME-}" ] && command -v wget > /dev/null; then - verbose "Found wget ... using wget" - wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" -elif [ -z "${MVNW_USERNAME-}" ] && command -v curl > /dev/null; then - verbose "Found curl ... using curl" - curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" -elif set_java_home; then - verbose "Falling back to use Java to download" - javaSource="$TMP_DOWNLOAD_DIR/Downloader.java" - targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName" - cat > "$javaSource" <<-END - public class Downloader extends java.net.Authenticator - { - protected java.net.PasswordAuthentication getPasswordAuthentication() - { - return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() ); - } - public static void main( String[] args ) throws Exception - { - setDefault( new Downloader() ); - java.nio.file.Files.copy( new java.net.URL( args[0] ).openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() ); - } - } - END - # For Cygwin/MinGW, switch paths to Windows format before running javac and java - verbose " - Compiling Downloader.java ..." - "$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" - verbose " - Running Downloader.java ..." - "$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")" +# For Cygwin, switch paths to Windows format before running java +if $cygwin; then + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --windows "$CLASSPATH"` + [ -n "$MAVEN_PROJECTBASEDIR" ] && + MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` fi -# If specified, validate the SHA-256 sum of the Maven distribution zip file -if [ -n "${distributionSha256Sum-}" ]; then - distributionSha256Result=false - if [ "$MVN_CMD" = mvnd.sh ]; then - echo "Checksum validation is not supported for maven-mvnd." >&2 - echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 - exit 1 - elif command -v sha256sum > /dev/null; then - if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c > /dev/null 2>&1; then - distributionSha256Result=true - fi - elif command -v shasum > /dev/null; then - if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c > /dev/null 2>&1; then - distributionSha256Result=true - fi - else - echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2 - echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 - exit 1 - fi - if [ $distributionSha256Result = false ]; then - echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2 - echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2 - exit 1 - fi -fi +# Provide a "standardized" way to retrieve the CLI args that will +# work with both Windows and non-Windows executions. +MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" +export MAVEN_CMD_LINE_ARGS -# unzip and move -if command -v unzip > /dev/null; then - unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" -else - tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" -fi -printf %s\\n "$distributionUrl" > "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/mvnw.url" -mv -- "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME" +WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain -clean || : -exec_maven "$@" +exec "$JAVACMD" \ + $MAVEN_OPTS \ + $MAVEN_DEBUG_OPTS \ + -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ + "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ + ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" diff --git a/stackrox-container-image-scanner/mvnw.cmd b/stackrox-container-image-scanner/mvnw.cmd index 97aaed6f..474c9d6b 100644 --- a/stackrox-container-image-scanner/mvnw.cmd +++ b/stackrox-container-image-scanner/mvnw.cmd @@ -1,4 +1,3 @@ -<# : batch portion @REM ---------------------------------------------------------------------------- @REM Licensed to the Apache Software Foundation (ASF) under one @REM or more contributor license agreements. See the NOTICE file @@ -19,127 +18,170 @@ @REM ---------------------------------------------------------------------------- @REM ---------------------------------------------------------------------------- -@REM Apache Maven Wrapper startup batch script, version 3.2.0 +@REM Apache Maven Wrapper startup batch script, version 3.1.1 +@REM +@REM Required ENV vars: +@REM JAVA_HOME - location of a JDK home dir @REM @REM Optional ENV vars -@REM MVNW_REPOURL - repo url base for downloading maven distribution -@REM MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven -@REM MVNW_VERBOSE - true: enable verbose log; others: silence the output +@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands +@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending +@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven +@REM e.g. to debug Maven itself, use +@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 +@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files @REM ---------------------------------------------------------------------------- -@IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0) -@SET __MVNW_CMD__= -@SET __MVNW_ERROR__= -@SET __MVNW_PSMODULEP_SAVE=%PSModulePath% -@SET PSModulePath= -@FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @( - IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B) +@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' +@echo off +@REM set title of command window +title %0 +@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' +@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% + +@REM set %HOME% to equivalent of $HOME +if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") + +@REM Execute a user defined script before this one +if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre +@REM check for pre script, once with legacy .bat ending and once with .cmd ending +if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %* +if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %* +:skipRcPre + +@setlocal + +set ERROR_CODE=0 + +@REM To isolate internal variables from possible post scripts, we use another setlocal +@setlocal + +@REM ==== START VALIDATION ==== +if not "%JAVA_HOME%" == "" goto OkJHome + +echo. +echo Error: JAVA_HOME not found in your environment. >&2 +echo Please set the JAVA_HOME variable in your environment to match the >&2 +echo location of your Java installation. >&2 +echo. +goto error + +:OkJHome +if exist "%JAVA_HOME%\bin\java.exe" goto init + +echo. +echo Error: JAVA_HOME is set to an invalid directory. >&2 +echo JAVA_HOME = "%JAVA_HOME%" >&2 +echo Please set the JAVA_HOME variable in your environment to match the >&2 +echo location of your Java installation. >&2 +echo. +goto error + +@REM ==== END VALIDATION ==== + +:init + +@REM Find the project base dir, i.e. the directory that contains the folder ".mvn". +@REM Fallback to current working directory if not found. + +set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% +IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir + +set EXEC_DIR=%CD% +set WDIR=%EXEC_DIR% +:findBaseDir +IF EXIST "%WDIR%"\.mvn goto baseDirFound +cd .. +IF "%WDIR%"=="%CD%" goto baseDirNotFound +set WDIR=%CD% +goto findBaseDir + +:baseDirFound +set MAVEN_PROJECTBASEDIR=%WDIR% +cd "%EXEC_DIR%" +goto endDetectBaseDir + +:baseDirNotFound +set MAVEN_PROJECTBASEDIR=%EXEC_DIR% +cd "%EXEC_DIR%" + +:endDetectBaseDir + +IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig + +@setlocal EnableExtensions EnableDelayedExpansion +for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a +@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% + +:endReadAdditionalConfig + +SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" +set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" +set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain + +set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" + +FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( + IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B +) + +@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central +@REM This allows using the maven wrapper in projects that prohibit checking in binary data. +if exist %WRAPPER_JAR% ( + if "%MVNW_VERBOSE%" == "true" ( + echo Found %WRAPPER_JAR% + ) +) else ( + if not "%MVNW_REPOURL%" == "" ( + SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" + ) + if "%MVNW_VERBOSE%" == "true" ( + echo Couldn't find %WRAPPER_JAR%, downloading it ... + echo Downloading from: %WRAPPER_URL% + ) + + powershell -Command "&{"^ + "$webclient = new-object System.Net.WebClient;"^ + "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ + "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ + "}"^ + "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^ + "}" + if "%MVNW_VERBOSE%" == "true" ( + echo Finished downloading %WRAPPER_JAR% + ) ) -@SET PSModulePath=%__MVNW_PSMODULEP_SAVE% -@SET __MVNW_PSMODULEP_SAVE= -@SET __MVNW_ARG0_NAME__= -@SET MVNW_USERNAME= -@SET MVNW_PASSWORD= -@IF NOT "%__MVNW_CMD__%"=="" (%__MVNW_CMD__% %*) -@echo Cannot start maven from wrapper >&2 && exit /b 1 -@GOTO :EOF -: end batch / begin powershell #> - -$ErrorActionPreference = "Stop" -if ($env:MVNW_VERBOSE -eq "true") { - $VerbosePreference = "Continue" -} - -# calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties -$distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl -if (!$distributionUrl) { - Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" -} - -switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) { - "maven-mvnd-*" { - $USE_MVND = $true - $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip" - $MVN_CMD = "mvnd.cmd" - break - } - default { - $USE_MVND = $false - $MVN_CMD = $script -replace '^mvnw','mvn' - break - } -} - -# apply MVNW_REPOURL and calculate MAVEN_HOME -# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ -if ($env:MVNW_REPOURL) { - $MVNW_REPO_PATTERN = if ($USE_MVND) { "/org/apache/maven/" } else { "/maven/mvnd/" } - $distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace '^.*'+$MVNW_REPO_PATTERN,'')" -} -$distributionUrlName = $distributionUrl -replace '^.*/','' -$distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$','' -$MAVEN_HOME_PARENT = "$HOME/.m2/wrapper/dists/$distributionUrlNameMain" -$MAVEN_HOME_NAME = ([System.Security.Cryptography.MD5]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join '' -$MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME" - -if (Test-Path -Path "$MAVEN_HOME" -PathType Container) { - Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME" - Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" - exit $? -} - -if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) { - Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl" -} - -# prepare tmp dir -$TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile -$TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir" -$TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null -trap { - if ($TMP_DOWNLOAD_DIR.Exists) { - try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } - catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } - } -} - -New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null - -# Download and Install Apache Maven -Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." -Write-Verbose "Downloading from: $distributionUrl" -Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" - -$webclient = New-Object System.Net.WebClient -if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) { - $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD) -} -[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -$webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null - -# If specified, validate the SHA-256 sum of the Maven distribution zip file -$distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum -if ($distributionSha256Sum) { - if ($USE_MVND) { - Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." - } - if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) { - Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property." - } -} - -# unzip and move -Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null -Rename-Item -Path "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" -NewName $MAVEN_HOME_NAME | Out-Null -try { - Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null -} catch { - if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) { - Write-Error "fail to move MAVEN_HOME" - } -} finally { - try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } - catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } -} - -Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" +@REM End of extension + +@REM Provide a "standardized" way to retrieve the CLI args that will +@REM work with both Windows and non-Windows executions. +set MAVEN_CMD_LINE_ARGS=%* + +%MAVEN_JAVA_EXE% ^ + %JVM_CONFIG_MAVEN_PROPS% ^ + %MAVEN_OPTS% ^ + %MAVEN_DEBUG_OPTS% ^ + -classpath %WRAPPER_JAR% ^ + "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^ + %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* +if ERRORLEVEL 1 goto error +goto end + +:error +set ERROR_CODE=1 + +:end +@endlocal & set ERROR_CODE=%ERROR_CODE% + +if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost +@REM check for post script, once with legacy .bat ending and once with .cmd ending +if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat" +if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd" +:skipRcPost + +@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' +if "%MAVEN_BATCH_PAUSE%"=="on" pause + +if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE% + +cmd /C exit /B %ERROR_CODE% diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/ViewStackroxResultsActionTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/ViewStackroxResultsActionTest.java index ea7556d9..3378b30e 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/ViewStackroxResultsActionTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/ViewStackroxResultsActionTest.java @@ -15,7 +15,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; -public class ViewStackroxResultsActionTest { +class ViewStackroxResultsActionTest { @MethodSource @DisplayName("getUrl/DisplayName should return joined and escaped image names") @ParameterizedTest(name = "{0}") diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/jenkins/RunConfigTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/jenkins/RunConfigTest.java index d5380f5e..8a3672b3 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/jenkins/RunConfigTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/jenkins/RunConfigTest.java @@ -20,7 +20,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -public class RunConfigTest { +class RunConfigTest { @TempDir Path folder; diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/report/ReportGeneratorTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/report/ReportGeneratorTest.java index 597466e1..95cb0ead 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/report/ReportGeneratorTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/report/ReportGeneratorTest.java @@ -42,7 +42,7 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.io.TempDir; -public class ReportGeneratorTest { +class ReportGeneratorTest { @TempDir Path folder; diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ApiClientFactoryTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ApiClientFactoryTest.java index 98db814f..a03325ae 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ApiClientFactoryTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ApiClientFactoryTest.java @@ -26,7 +26,7 @@ import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.CsvSource; -public class ApiClientFactoryTest { +class ApiClientFactoryTest { private final static String KEY_STORE_PATH = Paths.get("src", "test", "resources", "cert", "localhost.jks").toString(); private final static String KEY_STORE_PASSWORD = "password"; diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/DetectionServiceTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/DetectionServiceTest.java index faecfeb8..a93b5f30 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/DetectionServiceTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/DetectionServiceTest.java @@ -25,7 +25,7 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -public class DetectionServiceTest extends AbstractServiceTest { +class DetectionServiceTest extends AbstractServiceTest { private static final List FAIL_BUILD_ENFORCEMENTS = ImmutableList.of(FAIL_BUILD_ENFORCEMENT); diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ImageServiceTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ImageServiceTest.java index b1d85714..bfd4cbe2 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ImageServiceTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ImageServiceTest.java @@ -27,7 +27,7 @@ import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.ValueSource; -public class ImageServiceTest extends AbstractServiceTest { +class ImageServiceTest extends AbstractServiceTest { private ImageService imageService; diff --git a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ServiceExceptionTest.java b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ServiceExceptionTest.java index a4fb16d3..64da0c80 100644 --- a/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ServiceExceptionTest.java +++ b/stackrox-container-image-scanner/src/test/java/com/stackrox/jenkins/plugins/services/ServiceExceptionTest.java @@ -8,7 +8,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; -public class ServiceExceptionTest { +class ServiceExceptionTest { @DisplayName("ServiceException message") @ParameterizedTest(name = "should be \"{2}\" when response body \"{0}\"") From 0db15bfcee951d18bf70e1ad4a91a4ee30ae03af Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 17:06:51 +0100 Subject: [PATCH 50/60] revert --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8aad071e..e1935fae 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -58,3 +58,4 @@ jobs: asset_path: stackrox-container-image-scanner/target/bom.json asset_name: bom.json asset_content_type: application/json + From 8d3ef60b218fd61e93dd48e7fff7ed10e9515e70 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 17:11:07 +0100 Subject: [PATCH 51/60] cron --- .github/workflows/tests.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index fa981129..07195a05 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -2,6 +2,8 @@ name: Tests on: push: + schedule: + - cron: '0 5 * * *' jobs: style: From 93e424bd73a749eeaf3fd367bfd840e68cd43e32 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 17:24:26 +0100 Subject: [PATCH 52/60] cleanup --- .circleci/check-workflow-live.sh | 20 -- .circleci/config.yml | 367 ---------------------------- .circleci/create-cluster.sh | 107 -------- .circleci/mirror-repository | 39 --- .circleci/setUpJenkinsPlugin.sh | 48 ---- .circleci/waitForJenkinService.sh | 20 -- README.md | 30 +-- jenkins/jenkins-app-deployment.yaml | 35 --- jenkins/jenkins-service.yaml | 12 - 9 files changed, 13 insertions(+), 665 deletions(-) delete mode 100755 .circleci/check-workflow-live.sh delete mode 100644 .circleci/config.yml delete mode 100755 .circleci/create-cluster.sh delete mode 100755 .circleci/mirror-repository delete mode 100755 .circleci/setUpJenkinsPlugin.sh delete mode 100755 .circleci/waitForJenkinService.sh delete mode 100644 jenkins/jenkins-app-deployment.yaml delete mode 100644 jenkins/jenkins-service.yaml diff --git a/.circleci/check-workflow-live.sh b/.circleci/check-workflow-live.sh deleted file mode 100755 index bea33b23..00000000 --- a/.circleci/check-workflow-live.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env bash - -[[ -n "$CIRCLE_WORKFLOW_ID" ]] || { - echo >&2 "No CircleCI workflow ID found. Is this job running on CircleCI?" - exit 0 -} - -IFS=$'\n' read -d '' -r -a failed_steps < <( - gsutil 2>/dev/null ls "gs://stackrox-ci-status/workflows/${CIRCLE_WORKFLOW_ID}/fatal-failures/**" | - sed -E 's@^.*/@@g' -) - -if [[ "${#failed_steps[@]}" == 0 ]]; then - exit 0 -fi - -echo >&2 "Workflow $CIRCLE_WORKFLOW_ID is no longer live due to fatal errors in the following steps:" -printf >&2 " - %s\n" "${failed_steps[@]}" - -exit 1 diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index ca136694..00000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,367 +0,0 @@ -version: 2.1 - -defaultImage: &defaultImage - image: "quay.io/rhacs-eng/apollo-ci:jenkins-plugin-0.3.27" - auth: - username: $QUAY_RHACS_ENG_RO_USERNAME - password: $QUAY_RHACS_ENG_RO_PASSWORD - -runOnAllTags: &runOnAllTags - filters: - tags: - only: /.*/ - -runOnAllTagsWithPullCtx: &runOnAllTagsWithPullCtx - <<: *runOnAllTags - context: quay-rhacs-eng-readonly - -buildLivenessCheck: &buildLivenessCheck - run: - name: Ensure workflow is still live - command: | - .circleci/check-workflow-live.sh - -storetestResults: &storeTestResults - store_test_results: - path: /home/circleci/project/functionaltest-jenkins-plugin/build/test-results/test - -storetestArtifacts: &storeTestArtifacts - store_artifacts: - path: /home/circleci/project/functionaltest-jenkins-plugin/build/test-results/test - destination: artifacts - - -setupGoogleAppCreds: &setupGoogleAppCreds - run: - name: Setup GCloud Service Account - command: | - touch /tmp/gcp.json - chmod 0600 /tmp/gcp.json - echo "$GCLOUD_SERVICE_ACCOUNT_CIRCLECI_ROX" >/tmp/gcp.json - cci-export GOOGLE_APPLICATION_CREDENTIALS /tmp/gcp.json - gcloud auth activate-service-account --key-file /tmp/gcp.json - gcloud auth list - -storeK8sLogs: &storeK8sLogs - store_artifacts: - path: /tmp/k8s-service-logs - destination: k8s-service-logs - -collectK8sLogs: &collectK8sLogs - run: - name: Collect k8s logs - command: | - set +e - ./scripts/collect-service-logs.sh stackrox - when: always - -waitForCentral: &waitForCentral - run: - name: wait for central - command: | - pod="$(kubectl get pod -l app=central -n stackrox -o custom-columns=:metadata.name)" - SUCCESS=0 - for i in $(seq 1 50);do - status="$(kubectl get pods -n stackrox ${pod} -o jsonpath="{.status.phase}")" - echo "waiting for central to come up" - if [[ $status == "Running" ]]; then - SUCCESS=1 - echo "Central is up and running" - break - fi - sleep 5 - done - if [[ $SUCCESS == 0 ]]; then - echo "Central did not come up" - exit 1 - fi - -deleteClusterk8s: &deleteClusterk8s - run: - name: Tear down cluster upon failure - command: | - gcloud container clusters delete "$CLUSTER_NAME" --async - when: always - -jobs: - build: - docker: - - <<: *defaultImage - working_directory: /home/circleci/jenkins-plugin - steps: - - checkout - - restore_cache: - keys: - # when lock file changes, use increasingly general patterns to restore cache - - maven-repo-v1-{{ .Branch }}-{{ checksum "stackrox-container-image-scanner/pom.xml" }} - - maven-repo-v1-{{ .Branch }}- - - maven-repo-v1- - - run: - name: Unit tests - command: | - cd stackrox-container-image-scanner - ./mvnw verify - - run: - name: Build and package the Jenkins plugin - command: | - cd stackrox-container-image-scanner - ./mvnw package - ./mvnw hpi:hpi - - store_test_results: - path: /home/circleci/jenkins-plugin/stackrox-container-image-scanner/target/surefire-reports - - store_artifacts: - path: /home/circleci/jenkins-plugin/stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi - destination: artifacts - - persist_to_workspace: - root: /home/circleci/jenkins-plugin/ - paths: - - stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi - - save_cache: - paths: - - ~/.m2 - key: maven-repo-v1-{{ .Branch }}-{{ checksum "stackrox-container-image-scanner/pom.xml" }} - provision-cluster-qa-tests: - docker: - - <<: *defaultImage - environment: - GCP_IMAGE_TYPE: "COS" - working_directory: /home/circleci/jenkins-plugin - steps: - - checkout - - setup_remote_docker - - provision-gke-cluster: - cluster-id: qa-tests - num-nodes: 1 - - deploy-stackrox-and-run-qa-tests: - docker: - - <<: *defaultImage - parameters: - orchestrator-flavor: - type: string - default: k8s - require-cluster-admin: - type: boolean - default: false - validate-autoupgrade-label: - type: boolean - default: false - - steps: - - setup-gcp - - attach_workspace: - at: /home/circleci/jenkins-plugin/ - - setup_remote_docker - - attach-gke-cluster: - cluster-id: qa-tests - - checkout - - run: - name: Get Roxctl binary and set the image name - command: | - cci-export IMAGE_NAME "quay.io/rhacs-eng/main:3.70.0" - cci-export BASE_DIR "/home/circleci/jenkins-plugin" - docker login -u "${QUAY_RHACS_ENG_RO_USERNAME}" --password-stdin \<<<"${QUAY_RHACS_ENG_RO_PASSWORD}" quay.io - cci-export REGISTRY_USERNAME "$QUAY_RHACS_ENG_RO_USERNAME" - cci-export REGISTRY_PASSWORD "$QUAY_RHACS_ENG_RO_PASSWORD" - containerId=$(docker create "${IMAGE_NAME}") - docker cp $containerId:/assets/downloads/cli/roxctl-linux ./roxctl - docker rm ${containerId} - - - - *setupGoogleAppCreds - - - run: - name: Generate central bundle - command: | - ./roxctl central generate k8s pvc \ - --main-image "${IMAGE_NAME}" \ - --scanner-image quay.io/rhacs-eng/scanner:2.24.0 \ - --scanner-db-image quay.io/rhacs-eng/scanner-db:2.24.0 - export ROX_PASSWORD="$(cat central-bundle/password)" - cci-export ROX_USERNAME "admin" - cci-export ROX_PASSWORD "$ROX_PASSWORD" - - - run: - name: Deploy central to remote cluster - command: | - central-bundle/central/scripts/setup.sh - kubectl create -R -f central-bundle/central - - - run: - name: Deploy scanner to remote cluster - command: | - central-bundle/scanner/scripts/setup.sh - kubectl create -R -f central-bundle/scanner - - - run: - name: Deploy Jenkins - command: | - kubectl create namespace jenkins - kubectl apply -f jenkins - - run: - name: wait for Jenkins service - command: | - .circleci/waitForJenkinService.sh - export JENKINS_IP="$(kubectl -n jenkins get svc jenkins -o jsonpath="{.status.loadBalancer.ingress[*].ip}")" - cci-export JENKINS_IP "$JENKINS_IP" - - run: - name: wait For set up plugin - command: | - .circleci/setUpJenkinsPlugin.sh - - run: - name: Set Up Port-Forwarding. - command: | - POD="$(kubectl get pod -l app=central -n stackrox -o custom-columns=:metadata.name --no-headers)" - kubectl -n stackrox wait --for=condition=ready "pod/${POD}" --timeout=3m - nohup kubectl -n 'stackrox' port-forward service/central '8000:443' 1>/dev/null 2>&1 & - export API_HOST_NAME="localhost" - export API_PORT=8000 - PORT_FORWARD=false - for i in $(seq 1 50); do - export API_ENDPOINT="${API_HOST_NAME}:${API_PORT}" || true - echo $API_ENDPOINT - export METADATA_URL="https://${API_ENDPOINT}/v1/metadata" || true - echo $METADATA_URL - licenseStatus="$(curl -sk $METADATA_URL | jq '.licenseStatus' -r || true)" - if [[ $licenseStatus = "VALID" ]]; then - PORT_FORWARD=true - break - fi - sleep 5 - done - if [[ $PORT_FORWARD = false ]]; then - echo "Port forwarding is not up" - exit 1 - fi - - run: - name: Run qa tests. - command: | - cd functionaltest-jenkins-plugin - make all - - *storeTestResults - - *storeTestArtifacts - - *collectK8sLogs - - *storeK8sLogs - - *deleteClusterk8s - mirror: - docker: - - <<: *defaultImage - working_directory: /home/circleci/jenkins-plugin - steps: - - checkout - - run: - name: Mirror to public JenkinsCI repo - command: .circleci/mirror-repository - -workflows: - version: 2 - build: - jobs: - - build: - <<: *runOnAllTagsWithPullCtx - - mirror: - context: - - quay-rhacs-eng-readonly - filters: - branches: - ignore: /.*/ - tags: - only: /.*/ - - provision-cluster-qa-tests: - <<: *runOnAllTagsWithPullCtx - - deploy-stackrox-and-run-qa-tests: - <<: *runOnAllTagsWithPullCtx - orchestrator-flavor: k8s - requires: - - provision-cluster-qa-tests - - build -commands: - setup-gcp: - steps: - - run: - name: Setup deployment env - command: | - gcloud auth activate-service-account --key-file <(echo "$GCLOUD_SERVICE_ACCOUNT_CIRCLECI_ROX") - gcloud auth list - gcloud config set project stackrox-ci - gcloud config set compute/region us-central1 - gcloud config set core/disable_prompts True - - create-gke: - parameters: - wait: - type: boolean - default: true - - steps: - - run: - name: Create GKE cluster - command: | - source .circleci/create-cluster.sh && create-cluster - <<# parameters.wait >> - wait-for-cluster - <> - - provision-gke-cluster: - parameters: - cluster-id: - type: string - num-nodes: - type: integer - default: 1 - steps: - - setup-gcp - - run: - name: Assign environment variables - command: | - CLUSTER_NAME="rox-jenkins-<< parameters.cluster-id >>-${CIRCLE_BUILD_NUM}" - cci-export CLUSTER_NAME "$CLUSTER_NAME" - echo "Assigned cluster name is $CLUSTER_NAME" - NUM_NODES="<< parameters.num-nodes >>" - cci-export NUM_NODES "$NUM_NODES" - echo "Number of nodes for cluster is $NUM_NODES" - - - create-gke: - wait: false - - - run: - name: Save cluster config - command: | - CONFIG_DIR="/home/circleci/jenkins-plugin/.ci-clusters/<< parameters.cluster-id >>" - mkdir -p "$CONFIG_DIR" - echo "$CLUSTER_NAME" >>"${CONFIG_DIR}/name" - gcloud config get-value compute/zone >>"${CONFIG_DIR}/zone" - - - - *buildLivenessCheck - - - persist_to_workspace: - root: /home/circleci/jenkins-plugin/ - paths: - - .ci-clusters/<< parameters.cluster-id >> - - attach-gke-cluster: - parameters: - cluster-id: - type: string - - steps: - - run: - name: Restore config for << parameters.cluster-id >> cluster - command: | - CONFIG_DIR="/home/circleci/jenkins-plugin/.ci-clusters/<< parameters.cluster-id >>" - CLUSTER_NAME="$(cat "${CONFIG_DIR}/name")" - [[ -n "$CLUSTER_NAME" ]] - ZONE="$(cat "${CONFIG_DIR}/zone")" - [[ -n "$ZONE" ]] - gcloud config set compute/zone "$ZONE" - cmd=(gcloud container clusters get-credentials --project stackrox-ci --zone "$ZONE" "$CLUSTER_NAME") - "${cmd[@]}" - echo "Restored config for cluster ${CLUSTER_NAME}" - cci-export CLUSTER_NAME "$CLUSTER_NAME" - echo - echo "Run the following command to attach to the cluster:" - echo - printf " %q" "${cmd[@]}" - echo - diff --git a/.circleci/create-cluster.sh b/.circleci/create-cluster.sh deleted file mode 100755 index 1be4900c..00000000 --- a/.circleci/create-cluster.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/usr/bin/env bash - -### Network Sizing ### -# The overall subnetwork ("--create-subnetwork") is used for nodes. -# The "cluster" secondary range is for pods ("--cluster-ipv4-cidr"). -# The "services" secondary range is for ClusterIP services ("--services-ipv4-cidr"). -# See https://cloud.google.com/kubernetes-engine/docs/how-to/alias-ips#cluster_sizing. - -CLUSTER_NAME="${CLUSTER_NAME:-jenkins-ci-${CIRCLE_BUILD_NUM}}" - -create-cluster() { - REGION=us-central1 - NUM_NODES="${NUM_NODES:-3}" - GCP_IMAGE_TYPE="${GCP_IMAGE_TYPE:-UBUNTU}" - POD_SECURITY_POLICIES="${POD_SECURITY_POLICIES:-false}" - - # this function does not work in strict -e mode - set +euo pipefail - - echo "Creating ${NUM_NODES} node cluster with image type \"${GCP_IMAGE_TYPE}\"" - - PSP_ARG= - if [[ "${POD_SECURITY_POLICIES}" == "true" ]]; then - PSP_ARG="--enable-pod-security-policy" - fi - zones=$(gcloud compute zones list --filter="region=$REGION" | grep UP | cut -f1 -d' ') - success=0 - for zone in $zones; do - "$(dirname "${BASH_SOURCE[0]}")/check-workflow-live.sh" || return 1 - echo "Trying zone $zone" - gcloud config set compute/zone "${zone}" - timeout 420 gcloud beta container clusters create \ - --machine-type e2-standard-8 \ - --num-nodes "${NUM_NODES}" \ - --disk-type=pd-standard \ - --disk-size=20GB \ - --create-subnetwork range=/28 \ - --cluster-ipv4-cidr=/20 \ - --services-ipv4-cidr=/24 \ - --enable-ip-alias \ - --enable-network-policy \ - --image-type ${GCP_IMAGE_TYPE} \ - --tags="jenkins-plugin-ci,jenkins-plugin-ci-${CIRCLE_JOB}" \ - --labels="jenkins-plugin-ci-automation=true,jenkins-plugin-ci-automation=${CIRCLE_JOB},jp-ci-workflow=${CIRCLE_WORKFLOW_ID}" \ - ${PSP_ARG} \ - "${CLUSTER_NAME}" - status="$?" - if [[ "${status}" == 0 ]]; - then - success=1 - break - elif [[ "${status}" == 124 ]]; - then - echo >&2 "gcloud command timed out. Checking to see if cluster is still creating" - if ! gcloud container clusters describe "${CLUSTER_NAME}" > /dev/null; then - echo >&2 "Create cluster did not create the cluster in Google. Trying a different zone..." - else - for i in {1..120}; do - if [[ "$(gcloud container clusters describe ${CLUSTER_NAME} --format json | jq -r .status)" == "RUNNING" ]]; then - success=1 - break - fi - sleep 5 - echo "Currently have waited $((i * 5)) for cluster ${CLUSTER_NAME} in ${zone} to move to running state" - done - fi - - if [[ "${success}" == 1 ]]; then - echo "Successfully launched cluster ${CLUSTER_NAME}" - break - fi - echo >&2 "Timed out after 10 more minutes. Trying another zone..." - echo >&2 "Deleting the cluster" - gcloud container clusters delete "${CLUSTER_NAME}" --async - fi - done - - if [[ "${success}" == "0" ]]; then - echo "Cluster creation failed" - return 1 - fi -} - -wait-for-cluster() { - while [[ $(kubectl -n kube-system get pod | tail +2 | wc -l) -lt 2 ]]; do - echo "Still waiting for kubernetes to create initial kube-system pods" - sleep 1 - done - - GRACE_PERIOD=30 - while true; do - NUMSTARTING=$(kubectl -n kube-system get pod -o json | jq '[(.items[].status.containerStatuses // [])[].ready | select(. | not)] | length') - if (( NUMSTARTING == 0 )); then - LAST_START_TS="$(kubectl -n kube-system get pod -o json | jq '[(.items[].status.containerStatuses // [])[] | (.state.running.startedAt // (now | todate)) | fromdate] | max')" - CURR_TS="$(date '+%s')" - REMAINING_GRACE_PERIOD=$((LAST_START_TS + GRACE_PERIOD - CURR_TS)) - if (( REMAINING_GRACE_PERIOD <= 0 )); then - break - fi - echo "Waiting for another $REMAINING_GRACE_PERIOD seconds for kube-system pods to stabilize" - sleep "$REMAINING_GRACE_PERIOD" - fi - - echo "Waiting for ${NUMSTARTING} kube-system containers to be initialized" - sleep 10 - done -} diff --git a/.circleci/mirror-repository b/.circleci/mirror-repository deleted file mode 100755 index 45595c65..00000000 --- a/.circleci/mirror-repository +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -set -eu - -user_name='roxbot' -user_email='roxbot@stackrox.com' -local_subdirectory='stackrox-container-image-scanner' -remote_repository="git@github.com:jenkinsci/stackrox-container-image-scanner-plugin.git" - -main() { - echo "Mirroring directory ${local_subdirectory} to repo ${remote_repository}" - - tmp_remote_repository="$(mktemp -d)" - cp -r "${local_subdirectory}/." "$tmp_remote_repository" - cd "$tmp_remote_repository" - - # Sanity check some files before pushing them publicly. - banned CHANGELOG.md '[NEXT RELEASE]' - - git init - git remote add origin "$remote_repository" - git fetch - git reset --soft origin/master - git add -A - git -c "user.name=${user_name}" -c "user.email=${user_email}" commit -m "Update repository" || exit 0 - git push origin master --force -} - -banned() { - file="$1" - phrase="$2" - if [ -f "$file" ]; then - if grep -qF "$phrase" "$file"; then - echo "fatal: file '${file}' contains banned phrase '${phrase}'" 1>&2 - exit 1 - fi - fi -} - -main "$@" diff --git a/.circleci/setUpJenkinsPlugin.sh b/.circleci/setUpJenkinsPlugin.sh deleted file mode 100755 index ca56f7ea..00000000 --- a/.circleci/setUpJenkinsPlugin.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/env bash -set -e -JENKINS_DEPLOYED=false -JENKINSPORT="8080" -for i in $(seq 1 50); do - JENKINSPOD="$(kubectl -n jenkins get pods -o=jsonpath='{.items[*].metadata.name}')" - export JENKINSPOD - if [[ -n "${JENKINSPOD}" ]]; then - JENKINS_DEPLOYED=true - echo "JENKINSPOD is running on ${JENKINSPOD}" - break - fi - sleep 5 -done -if [[ "${JENKINS_DEPLOYED}" = false ]]; then - kubectl -n jenkins describe deploy - kubectl -n jenkins describe rs - kubectl -n jenkins get svc - kubectl -n jenkins get pods - exit 1 -fi - -echo "Copying Jenkins plugin into pod" -kubectl cp "${BASE_DIR}"/stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/"${JENKINSPOD}":/var/jenkins_home/plugins/. -# No result=$? and if-else stuff is needed. No-zero exit code from kubectl will stop the script. - -kubectl -n jenkins exec -i "${JENKINSPOD}" -- ls /var/jenkins_home/plugins/stackrox-container-image-scanner.hpi -GETSVC=false -for i in $(seq 1 50); do - echo "in ${i} iteration" - JENKINSVC=$(kubectl get svc -n jenkins jenkins -o jsonpath="{.status.loadBalancer.ingress[*].ip}") - export JENKINSVC - if [[ -n "${JENKINSVC}" ]]; then - echo "Jenkins svc is running on ${JENKINSVC}" - GETSVC=true - break - fi - sleep 5 -done -if [[ "$GETSVC" = false ]]; then - echo "Jenkins svc failed to come up" - exit 1 -fi -echo restarting jenkins -export JENKINS_URL="http://${JENKINSVC}:${JENKINSPORT}" -export JENKIS_CRUMB=`curl -f --cookie-jar cookies.txt -s "${JENKINS_URL}/crumbIssuer/api/json" | jq .crumb -r` -curl -f -b cookies.txt -XPOST "${JENKINS_URL}/restart\?Jenkins-Crumb=${JENKIS_CRUMB}" -curl -s --connect-timeout 5 --max-time 10 "${JENKINS_URL}" \ No newline at end of file diff --git a/.circleci/waitForJenkinService.sh b/.circleci/waitForJenkinService.sh deleted file mode 100755 index beac496a..00000000 --- a/.circleci/waitForJenkinService.sh +++ /dev/null @@ -1,20 +0,0 @@ -set +e -SUCCESS=0 -JENKINS_PORT=8080 -for i in $(seq 1 50); do - export JENKINS_SVC="$(kubectl -n jenkins get svc jenkins -o jsonpath="{.status.loadBalancer.ingress[*].ip}")" - export JENKINS_URL="http://${JENKINS_SVC}:${JENKINS_PORT}/" - curl -sk --connect-timeout 5 --max-time 10 "${JENKINS_URL}" - result=$? - if [[ $result -eq 0 ]]; then - SUCCESS=1 - break - fi - sleep 5 - done -if [[ $SUCCESS == 0 ]]; then - kubectl -n jenkins get pods - echo "Failed to deploy jenkins server" - exit 1 -fi -echo -e "\nJENKINS_URL is set to ${JENKINS_URL}" \ No newline at end of file diff --git a/README.md b/README.md index e913c24a..2af4a6c0 100644 --- a/README.md +++ b/README.md @@ -12,37 +12,33 @@ Please take a look at [plugin README](stackrox-container-image-scanner/README.md 0. Requirements -- K8s cluster to run Jenkins -- kubectl -- Maven +- Podman/Docker - Java 8 -- curl -- jq -1. Deploy Jenkins +1. Create HPI file ``` -kubectl create namespace jenkins -kubectl apply -f jenkins/jenkins-app-deployment.yaml -kubectl apply -f jenkins/jenkins-service.yaml -nohup kubectl port-forward -n jenkins svc/jenkins 8080:8080 & + cd stackrox-container-image-scanner + ./mvnw package && ./mvnw hpi:hpi ``` -2. Create HPI file +2. Run Jenkins with plugin installed ``` - cd stackrox-container-image-scanner - ./mvnw package && ./mvnw hpi:hpi +cp stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/ +docker build -t jenkins-test jenkins +docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test ``` -3. Install Plugin +4. Create a new job with the plugin or run e2e ``` -export JENKIS_CRUMB=`curl --cookie-jar cookies.txt -s http://localhost:8080/crumbIssuer/api/json | jq .crumb -r` -curl -b cookies.txt -i -F file=@stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi http://localhost:8080/pluginManager/uploadPlugin\?Jenkins-Crumb=$JENKIS_CRUMB +export JENKINS_ROX_ENDPOINT='https://host.docker.internal:8000' # endpoint accessed by jenkins +export ROX_ENDPOINT='https://localhost:8000' # endpoint accessed from local machine +export ROX_PASSWORD=... # stackrox admin password +make -C functionaltest-jenkins-plugin test ``` -4. Create a new job with the plugin 5. This project uses [Lombok](https://projectlombok.org/) so you may need to [enable Annotation Processing](https://stackoverflow.com/q/9424364/1387612) ### Updating API Schema diff --git a/jenkins/jenkins-app-deployment.yaml b/jenkins/jenkins-app-deployment.yaml deleted file mode 100644 index f2cb585f..00000000 --- a/jenkins/jenkins-app-deployment.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: jenkins - namespace: jenkins -spec: - replicas: 1 - selector: - matchLabels: - app: jenkins - template: - metadata: - labels: - app: jenkins - spec: - containers: - - name: jenkins - image: jenkins/jenkins:2.313-alpine - resources: - limits: - memory: 512Mi - requests: - memory: 256Mi - env: - - name: JAVA_OPTS - value: -Djenkins.install.runSetupWizard=false - ports: - - name: http-port - containerPort: 8080 - volumeMounts: - - name: jenkins-home - mountPath: /var/jenkins_home - volumes: - - name: jenkins-home - emptyDir: {} diff --git a/jenkins/jenkins-service.yaml b/jenkins/jenkins-service.yaml deleted file mode 100644 index c3c978b0..00000000 --- a/jenkins/jenkins-service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: jenkins - namespace: jenkins -spec: - type: LoadBalancer - ports: - - port: 8080 - targetPort: 8080 - selector: - app: jenkins From 2a04ffd15629b10de86d73e96ba4b7a15efc7530 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 17:28:51 +0100 Subject: [PATCH 53/60] hpi --- jenkins/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile index bd5fe987..c6a6517f 100644 --- a/jenkins/Dockerfile +++ b/jenkins/Dockerfile @@ -1,5 +1,4 @@ FROM jenkins/jenkins:2.395-alpine ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false -# We need to change hpi to jpi -COPY --chown=jenkins:jenkins stackrox-container-image-scanner.hpi /var/jenkins_home/plugins/stackrox-container-image-scanner.jpi +COPY --chown=jenkins:jenkins stackrox-container-image-scanner.hpi /var/jenkins_home/plugins/stackrox-container-image-scanner.hpi COPY config.xml /var/jenkins_home/ \ No newline at end of file From 68d5ecba69447b730bfeb3b84da8af9cbcd3f018 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 22 Mar 2023 17:30:06 +0100 Subject: [PATCH 54/60] add newlines" --- jenkins/Dockerfile | 2 +- jenkins/config.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile index c6a6517f..c66b5e8d 100644 --- a/jenkins/Dockerfile +++ b/jenkins/Dockerfile @@ -1,4 +1,4 @@ FROM jenkins/jenkins:2.395-alpine ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false COPY --chown=jenkins:jenkins stackrox-container-image-scanner.hpi /var/jenkins_home/plugins/stackrox-container-image-scanner.hpi -COPY config.xml /var/jenkins_home/ \ No newline at end of file +COPY config.xml /var/jenkins_home/ diff --git a/jenkins/config.xml b/jenkins/config.xml index 1a1e213f..6463c977 100644 --- a/jenkins/config.xml +++ b/jenkins/config.xml @@ -1,4 +1,4 @@ true - \ No newline at end of file + From e00458ec4cbbcc51d6e4042980314009c568f5cb Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Thu, 23 Mar 2023 11:00:54 +0100 Subject: [PATCH 55/60] Wait for API --- .github/workflows/tests.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 07195a05..1f1db805 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -88,11 +88,10 @@ jobs: id: deploy run: | cd stackrox - echo '#!/usr/bin/env bash\necho "Skipping sensor installation."' > deploy/k8s/sensor.sh - MAIN_IMAGE_TAG=latest ./deploy/k8s/deploy-local.sh + MAIN_IMAGE_TAG=latest ./deploy/k8s/central.sh pass=$(cat deploy/k8s/central-deploy/password) echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT - - name: Restart kubectl port-forward #TODO(janisz): Remove after merging https://github.com/stackrox/stackrox/pull/5348 + - name: Run proxy env: port: 8000 run: | @@ -100,6 +99,11 @@ jobs: [[ -n "${pid}" ]] || { einfo "No kubectl port-forward is running on port ${port}."; exit 0; } kill "${pid}" || die "Kill failed" kubectl port-forward -n 'stackrox' svc/central "8000:443" --address='0.0.0.0' & + - name: Wait for API + run: | + cd stackrox + source "tests/e2e/lib.sh" + wait_for_api - name: Run tests env: ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }} From b786ab7fa55b6db6a5e5799c26b30f81f3e70b18 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Thu, 23 Mar 2023 13:42:46 +0100 Subject: [PATCH 56/60] Do not mimic osci --- .github/workflows/tests.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 1f1db805..fea009ae 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -43,6 +43,7 @@ jobs: with: repository: stackrox/stackrox path: stackrox + ref: support_deploy_from_gha #TODO(janisz): remove after https://github.com/stackrox/stackrox/pull/5363 - uses: docker/setup-buildx-action@v2 - uses: actions/setup-java@v3 with: @@ -74,12 +75,9 @@ jobs: - name: Create GKE cluster id: create-cluster env: - OPENSHIFT_CI: true GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }} run: | cd stackrox - export BUILD_ID=${GITHUB_RUN_ID} - export JOB_NAME=${GITHUB_JOB} source "scripts/ci/gke.sh" provision_gke_cluster "jenkins-plugin-e2e" 3 e2-standard-4 echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT @@ -113,7 +111,6 @@ jobs: - name: Teardown GKE cluster if: always() && steps.create-cluster.outputs.CLUSTER_NAME != '' env: - OPENSHIFT_CI: true CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }} run: | source "stackrox/scripts/ci/gke.sh" From 73fa31781f264179b6f32f18f3fe14611ed10333 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Thu, 23 Mar 2023 14:23:32 +0100 Subject: [PATCH 57/60] Disable security --- jenkins/config.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins/config.xml b/jenkins/config.xml index 6463c977..17efb450 100644 --- a/jenkins/config.xml +++ b/jenkins/config.xml @@ -1,4 +1,4 @@ - true + false From 7b899acfac94124427f7e446aca371d72f089e3a Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Fri, 24 Mar 2023 18:05:03 +0100 Subject: [PATCH 58/60] Remove custom ref: --- .github/workflows/tests.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index fea009ae..a67f4635 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -43,7 +43,6 @@ jobs: with: repository: stackrox/stackrox path: stackrox - ref: support_deploy_from_gha #TODO(janisz): remove after https://github.com/stackrox/stackrox/pull/5363 - uses: docker/setup-buildx-action@v2 - uses: actions/setup-java@v3 with: From bd0f60b70f0282adced2e6d67e2c7a1f0521d8ea Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Mon, 27 Mar 2023 12:32:24 +0200 Subject: [PATCH 59/60] Update README.md Co-authored-by: dhaus67 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2af4a6c0..f19b26f2 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ docker build -t jenkins-test jenkins docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test ``` -4. Create a new job with the plugin or run e2e +4. Run the E2E tests ``` export JENKINS_ROX_ENDPOINT='https://host.docker.internal:8000' # endpoint accessed by jenkins From bb00f1f195cdcb8b74d117659b0867be7fd23ba2 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Mon, 27 Mar 2023 13:41:59 +0200 Subject: [PATCH 60/60] Do not run monitoring --- .github/workflows/tests.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index a67f4635..1ac78230 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -83,9 +83,12 @@ jobs: wait_for_cluster - name: Deploy Stackrox id: deploy + env: + MAIN_IMAGE_TAG: latest + MONITORING_SUPPORT: false run: | cd stackrox - MAIN_IMAGE_TAG=latest ./deploy/k8s/central.sh + ./deploy/k8s/central.sh pass=$(cat deploy/k8s/central-deploy/password) echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT - name: Run proxy