From 01de6d8495a513fb1d957a2000e3c92e28364407 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Mon, 27 Mar 2023 17:39:43 +0200 Subject: [PATCH 1/5] Reuse generated code in E2E --- .github/workflows/tests.yaml | 8 +++ functionaltest-jenkins-plugin/Makefile | 7 +-- functionaltest-jenkins-plugin/build.gradle | 33 +----------- .../src/main/groovy/RestApiClient.groovy | 9 ++-- .../src/main/groovy/UnsafeOkHttpClient.groovy | 53 ------------------- 5 files changed, 18 insertions(+), 92 deletions(-) delete mode 100644 functionaltest-jenkins-plugin/src/main/groovy/UnsafeOkHttpClient.groovy diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 454d17dd..7bcb239c 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -39,6 +39,10 @@ jobs: with: name: stackrox-container-image-scanner.hpi path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi + - uses: actions/upload-artifact@v3 + with: + name: stackrox-container-image-scanner.jar + path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 @@ -71,6 +75,10 @@ jobs: with: name: stackrox-container-image-scanner.hpi path: jenkins + - uses: actions/download-artifact@v3 + with: + name: stackrox-container-image-scanner.hpi + path: stackrox-container-image-scanner/target/ - name: Build jenkins image uses: docker/build-push-action@v4 with: diff --git a/functionaltest-jenkins-plugin/Makefile b/functionaltest-jenkins-plugin/Makefile index f1153743..c46c0edc 100644 --- a/functionaltest-jenkins-plugin/Makefile +++ b/functionaltest-jenkins-plugin/Makefile @@ -4,7 +4,7 @@ all: style test ## Test ## ########## .PHONY: test -test: +test: ../stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar @echo "+ $@" @./gradlew :cleanTest :test ########### @@ -20,5 +20,6 @@ style: fi ; \ exit $$STATUS - - +../stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar: + cd ../stackrox-container-image-scanner && \ + ./mvnw package diff --git a/functionaltest-jenkins-plugin/build.gradle b/functionaltest-jenkins-plugin/build.gradle index 3fbc7d4c..6017b407 100644 --- a/functionaltest-jenkins-plugin/build.gradle +++ b/functionaltest-jenkins-plugin/build.gradle @@ -29,32 +29,8 @@ repositories { } } -// Assign all Java source dirs to Groovy, as the groovy compiler should take care of them. -sourceSets.each { ss -> - ss.groovy.srcDirs += ss.java.srcDirs - ss.java.srcDirs = [] -} - -openApiGenerate { - generatorName = "java" - generateApiTests = false - inputSpec = "../stackrox-container-image-scanner/api.yaml" - outputDir = "$buildDir/generated".toString() - apiPackage = "com.stackrox.api" - invokerPackage = "com.stackrox.invoker" - modelPackage = "com.stackrox.model" - configOptions = [ - dateLibrary : "java8", - library : "okhttp-gson", - java8 : "true", - disallowAdditionalPropertiesIfNotPresent: "false", - ] -} - -sourceSets.main.java.srcDirs += "$buildDir/generated/src/main".toString() -compileJava.dependsOn tasks.openApiGenerate - dependencies { + implementation files('../stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar') implementation 'org.codehaus.groovy:groovy-all:3.0.8' implementation group: 'org.spockframework', name: 'spock-core', version: '2.0-groovy-3.0' implementation group: 'com.offbytwo.jenkins', name: 'jenkins-client', version: '0.3.8' @@ -62,15 +38,8 @@ dependencies { implementation "jakarta.xml.bind:jakarta.xml.bind-api:4.0.0" implementation "org.glassfish.jaxb:jaxb-runtime:4.0.0" - implementation 'io.swagger:swagger-annotations:1.6.6' - implementation "com.google.code.findbugs:jsr305:3.0.2" implementation 'com.squareup.okhttp3:okhttp:4.10.0' - implementation 'com.squareup.okhttp3:logging-interceptor:4.10.0' implementation 'com.google.code.gson:gson:2.10.1' implementation 'io.gsonfire:gson-fire:1.8.5' - implementation 'org.openapitools:jackson-databind-nullable:0.2.3' - implementation "jakarta.annotation:jakarta.annotation-api:2.1.1" - implementation 'javax:javaee-api:8.0.1' - implementation 'javax.annotation:javax.annotation-api:1.3.2' implementation 'javax.xml.bind:jaxb-api:2.3.1' } diff --git a/functionaltest-jenkins-plugin/src/main/groovy/RestApiClient.groovy b/functionaltest-jenkins-plugin/src/main/groovy/RestApiClient.groovy index 0c5a062f..ad9a6e55 100644 --- a/functionaltest-jenkins-plugin/src/main/groovy/RestApiClient.groovy +++ b/functionaltest-jenkins-plugin/src/main/groovy/RestApiClient.groovy @@ -1,10 +1,12 @@ +import static com.stackrox.jenkins.plugins.services.ApiClientFactory.StackRoxTlsValidationMode.INSECURE_ACCEPT_ANY + import groovy.transform.CompileStatic -import okhttp3.OkHttpClient import com.stackrox.api.ApiTokenServiceApi import com.stackrox.api.MetadataServiceApi import com.stackrox.api.PolicyServiceApi import com.stackrox.invoker.ApiClient +import com.stackrox.jenkins.plugins.services.ApiClientFactory import com.stackrox.model.StorageListPolicy import com.stackrox.model.StoragePolicy import com.stackrox.model.V1GenerateTokenRequest @@ -20,9 +22,8 @@ class RestApiClient { ApiTokenServiceApi tokenApi RestApiClient() { - OkHttpClient client = UnsafeOkHttpClient.getUnsafeOkHttpClient() - ApiClient apiClient = new ApiClient(client) - apiClient.setBasePath(Config.roxEndpoint) + ApiClient apiClient = ApiClientFactory.newApiClient(Config.roxEndpoint, "", "", INSECURE_ACCEPT_ANY) + apiClient.setBearerToken(null) apiClient.setUsername("admin") apiClient.setPassword(Config.roxPassword) diff --git a/functionaltest-jenkins-plugin/src/main/groovy/UnsafeOkHttpClient.groovy b/functionaltest-jenkins-plugin/src/main/groovy/UnsafeOkHttpClient.groovy deleted file mode 100644 index 05697763..00000000 --- a/functionaltest-jenkins-plugin/src/main/groovy/UnsafeOkHttpClient.groovy +++ /dev/null @@ -1,53 +0,0 @@ -import java.security.KeyManagementException -import java.security.NoSuchAlgorithmException -import java.security.cert.X509Certificate -import javax.net.ssl.HostnameVerifier -import javax.net.ssl.SSLContext -import javax.net.ssl.SSLSession -import javax.net.ssl.SSLSocketFactory -import javax.net.ssl.TrustManager -import javax.net.ssl.X509TrustManager - -import okhttp3.OkHttpClient -import okhttp3.logging.HttpLoggingInterceptor - -// https://futurestud.io/tutorials/retrofit-2-how-to-trust-unsafe-ssl-certificates-self-signed-expired -class UnsafeOkHttpClient { - static OkHttpClient getUnsafeOkHttpClient() throws KeyManagementException, NoSuchAlgorithmException { - // Create a trust manager that does not validate certificate chains - final TrustManager[] trustAllCerts = [new X509TrustManager() { - @Override - void checkClientTrusted(X509Certificate[] chain, String authType) { } - - @Override - void checkServerTrusted(X509Certificate[] chain, String authType) { } - - @Override - X509Certificate[] getAcceptedIssuers() { - return [] - } - }] - - // Install the all-trusting trust manager - final SSLContext sslContext = SSLContext.getInstance("SSL") - sslContext.init(null, trustAllCerts, null) - - // Create an ssl socket factory with our all-trusting manager - final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory() - - OkHttpClient.Builder builder = new OkHttpClient.Builder() - builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]) - builder.hostnameVerifier(new HostnameVerifier() { - @Override - boolean verify(String hostname, SSLSession session) { - return true - } - }) - - HttpLoggingInterceptor logging = new HttpLoggingInterceptor() - logging.setLevel(HttpLoggingInterceptor.Level.BASIC) - builder.addInterceptor(logging) - - return builder.build() - } -} From 4691adc04832f928bcda0b4a70dc3b8f43713240 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Mon, 27 Mar 2023 18:00:50 +0200 Subject: [PATCH 2/5] do not rebuild plugin --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 7bcb239c..ece28316 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -118,7 +118,7 @@ jobs: ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }} ROX_ENDPOINT: https://localhost:8000 JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 - run: make -C functionaltest-jenkins-plugin test + run: make -C functionaltest-jenkins-plugin test -o stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar - name: Teardown GKE cluster if: always() && steps.create-cluster.outputs.CLUSTER_NAME != '' env: From 74150bb27542f28f01eb01646fa85b599a43da68 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Mon, 27 Mar 2023 19:11:47 +0200 Subject: [PATCH 3/5] Revert makefile cahnge --- .github/workflows/tests.yaml | 2 +- functionaltest-jenkins-plugin/Makefile | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index ece28316..7bcb239c 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -118,7 +118,7 @@ jobs: ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }} ROX_ENDPOINT: https://localhost:8000 JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000 - run: make -C functionaltest-jenkins-plugin test -o stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar + run: make -C functionaltest-jenkins-plugin test - name: Teardown GKE cluster if: always() && steps.create-cluster.outputs.CLUSTER_NAME != '' env: diff --git a/functionaltest-jenkins-plugin/Makefile b/functionaltest-jenkins-plugin/Makefile index c46c0edc..f1153743 100644 --- a/functionaltest-jenkins-plugin/Makefile +++ b/functionaltest-jenkins-plugin/Makefile @@ -4,7 +4,7 @@ all: style test ## Test ## ########## .PHONY: test -test: ../stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar +test: @echo "+ $@" @./gradlew :cleanTest :test ########### @@ -20,6 +20,5 @@ style: fi ; \ exit $$STATUS -../stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar: - cd ../stackrox-container-image-scanner && \ - ./mvnw package + + From 8f81f6579e55bc32f2d0564b331040c89f54a586 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 28 Mar 2023 13:36:24 +0200 Subject: [PATCH 4/5] Use maven version --- functionaltest-jenkins-plugin/build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/functionaltest-jenkins-plugin/build.gradle b/functionaltest-jenkins-plugin/build.gradle index 6017b407..b4b0a9be 100644 --- a/functionaltest-jenkins-plugin/build.gradle +++ b/functionaltest-jenkins-plugin/build.gradle @@ -30,10 +30,10 @@ repositories { } dependencies { - implementation files('../stackrox-container-image-scanner/target/stackrox-container-image-scanner.jar') + implementation 'org.jenkins-ci.plugins:stackrox-container-image-scanner:1.3.5' implementation 'org.codehaus.groovy:groovy-all:3.0.8' - implementation group: 'org.spockframework', name: 'spock-core', version: '2.0-groovy-3.0' - implementation group: 'com.offbytwo.jenkins', name: 'jenkins-client', version: '0.3.8' + implementation 'org.spockframework:spock-core:2.0-groovy-3.0' + implementation 'com.offbytwo.jenkins:jenkins-client:0.3.8' // JAX-B dependencies for JDK 9+ implementation "jakarta.xml.bind:jakarta.xml.bind-api:4.0.0" implementation "org.glassfish.jaxb:jaxb-runtime:4.0.0" From b51611d9d53b463f564d269d6053334741df138e Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Wed, 29 Mar 2023 11:55:08 +0200 Subject: [PATCH 5/5] Use artifact metadata --- functionaltest-jenkins-plugin/build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/functionaltest-jenkins-plugin/build.gradle b/functionaltest-jenkins-plugin/build.gradle index b4b0a9be..19756236 100644 --- a/functionaltest-jenkins-plugin/build.gradle +++ b/functionaltest-jenkins-plugin/build.gradle @@ -23,9 +23,9 @@ repositories { mavenCentral() maven { url 'https://repo.jenkins-ci.org/releases' - } - maven { - url 'https://repo.jenkins-ci.org/public' + metadataSources { + artifact() + } } }