-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add cve-reporter integration make target (#100)
* feat: add cve-reporter integration make target * fix: remove extra line
- Loading branch information
1 parent
8e25db5
commit 73bca4f
Showing
3 changed files
with
67 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# Converts a list of images collected for airgapped installation into | ||
# konvoy images.json format that can be submitted into CVE reporter. | ||
# Running this script requires specifying jq argument `DKP_CATALOG_VERSION`. | ||
# Example: | ||
# jq --arg DKP_CATALOG_VERSION v2.1.0 -f . | ||
|
||
# parse_image converts docker image reference from single line format to | ||
# structured json object in konvoy images.json format. | ||
def parse_image(i): | ||
split(":") as $image_and_tag | ||
| $image_and_tag[0] | split("/") as $parsed | ||
| { | ||
scheme: "https", | ||
registry: $parsed[0], | ||
image: $parsed[1:] | join("/"), | ||
tag: $image_and_tag[1], | ||
} | ||
; | ||
|
||
{ | ||
konvoyVersion: $DKP_CATALOG_VERSION, | ||
images: [ | ||
.[] | parse_image(.) | ||
], | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -e | ||
|
||
# This script requires setting `CVE_REPORTER_API_KEY`. It can be retrieved from staging | ||
# cluster by running: | ||
# | ||
# export CVE_REPORTER_API_KEY=$(kubectl -n dispatch get secrets cve-reporter-d2iq-ci -o json | jq -r '.data."api-key" | @base64d') | ||
# | ||
# The script requires a path to `images.json` file as a first argument. | ||
# | ||
# Optionally project name and version can be overriden with environment variables | ||
# CVE_REPORTER_PROJECT_NAME=kommander2 | ||
# CVE_REPORTER_PROJECT_VERSION=main | ||
# | ||
# Example: | ||
# CVE_REPORTER_PROJECT_VERSION=2.1.0-rc.1 ./push-images.sh ./path/to/kommander_images.json | ||
|
||
: "${CVE_REPORTER_API_KEY:?Provide CVE_REPORTER_API_KEY environment variable}" | ||
IMAGES_JSON_PATH=${1:?Provide path to uploaded images.json file} | ||
|
||
: "${CVE_REPORTER_PROJECT_NAME:=dkp-catalog-applications}" | ||
: "${CVE_REPORTER_PROJECT_VERSION:=main}" | ||
: "${CVE_REPORTER_URL:=https://cve-reporter.production.d2iq.cloud}" | ||
|
||
curl -v -f -X POST \ | ||
-H "Content-Type: application/json" \ | ||
-H "Authorization: Bearer $CVE_REPORTER_API_KEY" \ | ||
-d @"$IMAGES_JSON_PATH" \ | ||
"$CVE_REPORTER_URL/api/v1/import/konvoy/images_json?name=$CVE_REPORTER_PROJECT_NAME&version=$CVE_REPORTER_PROJECT_VERSION&overwrite=true" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters