Updating the security scan labels according to the new fields in the …

…security config files (kyma-project#1776) * fixes * Add security scan labels to e2e test * fix test * fix test * debug test * debug test * fix test * debug test * debug test * debug test * debug test * debug test * debug test * debug test * debug test * debug test * debug test * debug test * fix test * debug test * overwrite version * overwrite version * overwrite version * debug test * remove debugging statements * fix
lindnerby · Sep 25, 2023 · 14d6f71 · 14d6f71
1 parent b84d2b8
commit 14d6f71
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 9 deletions.
diff --git a/.github/workflows/test-e2e-create-module.yml b/.github/workflows/test-e2e-create-module.yml
@@ -55,7 +55,8 @@ jobs:
           --insecure \
           --kubebuilder-project \
           --version $MODULE_TEMPLATE_VERSION -v \
-          --output /tmp/kubebuilder-template.yaml
+          --output /tmp/kubebuilder-template.yaml \
+          --sec-scanners-config ./template-operator/sec-scanners-config.yaml
           echo "MODULE_TEMPLATE_PATH=/tmp/kubebuilder-template.yaml" >> "$GITHUB_ENV"
       - name: Run create module with module-config
         if: ${{ matrix.e2e-test == 'create_module_module_config' }}
@@ -69,7 +70,7 @@ jobs:
           --insecure \
           --module-config-file ./module-config.yaml \
           --version $MODULE_TEMPLATE_VERSION -v \
-          --output /tmp/module-config-template.yaml
+          --output /tmp/module-config-template.yaml 
           echo "MODULE_TEMPLATE_PATH=/tmp/module-config-template.yaml" >> "$GITHUB_ENV"
       - name: Verify module template
         run: |

diff --git a/pkg/module/security_scan.go b/pkg/module/security_scan.go
@@ -16,12 +16,12 @@ import (
 var ErrFailedToParseImageURL = errors.New("error parsing protecode image URL")
 
 const (
-	secScanLabelKey = "scan.security.kyma-project.io"
+	SecScanLabelKey = "scan.security.kyma-project.io"
 	secLabelKey     = "security.kyma-project.io"
 	secScanEnabled  = "enabled"
 )
 
-var labelTemplate = secScanLabelKey + "/%s"
+var labelTemplate = SecScanLabelKey + "/%s"
 var globalLabelTemplate = secLabelKey + "/%s"
 
 func AddSecurityScanningMetadata(descriptor *ocm.ComponentDescriptor, securityConfigPath string) error {
@@ -37,17 +37,26 @@ func AddSecurityScanningMetadata(descriptor *ocm.ComponentDescriptor, securityCo
 	if err != nil {
 		return err
 	}
+
 	if len(descriptor.Sources) == 0 {
 		return errors.New("found no sources in component descriptor")
 	}
 	//add whitesource sec scan labels
 	for srcIdx := range descriptor.Sources {
 		src := &descriptor.Sources[srcIdx]
-		err := appendLabelToAccessor(src, "language", config.WhiteSource.Language, labelTemplate)
+		// add dev branch label
+		err = appendLabelToAccessor(src, "dev-branch", config.DevBranch, labelTemplate)
+		if err != nil {
+			return err
+		}
+
+		// add rc tag label
+		err = appendLabelToAccessor(src, "rc-tag", config.RcTag, labelTemplate)
 		if err != nil {
 			return err
 		}
-		err = appendLabelToAccessor(src, "subprojects", config.WhiteSource.SubProjects, labelTemplate)
+
+		err := appendLabelToAccessor(src, "language", config.WhiteSource.Language, labelTemplate)
 		if err != nil {
 			return err
 		}
@@ -117,11 +126,12 @@ type SecurityScanCfg struct {
 	ModuleName  string            `json:"module-name"`
 	Protecode   []string          `json:"protecode"`
 	WhiteSource WhiteSourceSecCfg `json:"whitesource"`
+	DevBranch   string            `json:"dev-branch"`
+	RcTag       string            `json:"rc-tag"`
 }
 type WhiteSourceSecCfg struct {
-	Language    string   `json:"language"`
-	SubProjects string   `json:"subprojects"`
-	Exclude     []string `json:"exclude"`
+	Language string   `json:"language"`
+	Exclude  []string `json:"exclude"`
 }
 
 func parseSecurityScanConfig(securityConfigPath string) (*SecurityScanCfg, error) {

diff --git a/tests/e2e/kyma_create_module_test.go b/tests/e2e/kyma_create_module_test.go
@@ -17,6 +17,7 @@ import (
 	"github.com/open-component-model/ocm/pkg/contexts/ocm/cpi"
 	"github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/genericocireg"
 	ocmOCIReg "github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/ocireg"
+	"gopkg.in/yaml.v3"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -67,4 +68,23 @@ func Test_ModuleTemplate(t *testing.T) {
 	githubAccessSpec, ok := sourceAccessSpec.(*github.AccessSpec)
 	assert.Equal(t, githubAccessSpec.Type, github.Type)
 	assert.Contains(t, testRepoURL, githubAccessSpec.RepoURL)
+
+	// test security scan labels
+	secScanLabels := descriptor.Sources[0].Labels
+
+	var devBranch string
+	yaml.Unmarshal(secScanLabels[1].Value, &devBranch)
+	assert.Equal(t, "main", devBranch)
+
+	var rcTag string
+	yaml.Unmarshal(secScanLabels[2].Value, &rcTag)
+	assert.Equal(t, "0.5.0", rcTag)
+
+	var language string
+	yaml.Unmarshal(secScanLabels[3].Value, &language)
+	assert.Equal(t, "golang-mod", language)
+
+	var exclude string
+	yaml.Unmarshal(secScanLabels[4].Value, &exclude)
+	assert.Equal(t, "**/test/**,**/*_test.go", exclude)
 }