feat: add cve-reporter integration make target (#100)

* feat: add cve-reporter integration make target

* fix: remove extra line

hack/cve/convert-images-json.jq

@@ -0,0 +1,25 @@
+# Converts a list of images collected for airgapped installation into
+# konvoy images.json format that can be submitted into CVE reporter.
+# Running this script requires specifying jq argument `DKP_CATALOG_VERSION`.
+# Example:
+# jq --arg DKP_CATALOG_VERSION v2.1.0 -f .
+
+# parse_image converts docker image reference from single line format to
+# structured json object in konvoy images.json format.
+def parse_image(i):
+  split(":") as $image_and_tag
+  | $image_and_tag[0] | split("/") as $parsed
+  | {
+    scheme: "https",
+    registry: $parsed[0],
+    image: $parsed[1:] | join("/"),
+    tag: $image_and_tag[1],
+  }
+;
+
+{
+  konvoyVersion: $DKP_CATALOG_VERSION,
+  images: [
+    .[] | parse_image(.)
+  ],
+}

hack/cve/push-images.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+set -e
+
+# This script requires setting `CVE_REPORTER_API_KEY`. It can be retrieved from staging
+# cluster by running:
+#
+#    export CVE_REPORTER_API_KEY=$(kubectl -n dispatch get secrets cve-reporter-d2iq-ci -o json | jq -r '.data."api-key" | @base64d')
+#
+# The script requires a path to `images.json` file as a first argument.
+#
+# Optionally project name and version can be overriden with environment variables
+#  CVE_REPORTER_PROJECT_NAME=kommander2
+#  CVE_REPORTER_PROJECT_VERSION=main
+#
+# Example:
+#  CVE_REPORTER_PROJECT_VERSION=2.1.0-rc.1 ./push-images.sh ./path/to/kommander_images.json
+
+: "${CVE_REPORTER_API_KEY:?Provide CVE_REPORTER_API_KEY environment variable}"
+IMAGES_JSON_PATH=${1:?Provide path to uploaded images.json file}
+
+: "${CVE_REPORTER_PROJECT_NAME:=dkp-catalog-applications}"
+: "${CVE_REPORTER_PROJECT_VERSION:=main}"
+: "${CVE_REPORTER_URL:=https://cve-reporter.production.d2iq.cloud}"
+
+curl -v -f -X POST \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $CVE_REPORTER_API_KEY" \
+  -d @"$IMAGES_JSON_PATH" \
+  "$CVE_REPORTER_URL/api/v1/import/konvoy/images_json?name=$CVE_REPORTER_PROJECT_NAME&version=$CVE_REPORTER_PROJECT_VERSION&overwrite=true"

make/release.mk

@@ -20,6 +20,18 @@ release.save-images.tar:
 	@$(MINDTHEGAP_BIN) create image-bundle --platform linux/amd64 --images-file $(CATALOG_IMAGES_TXT) --output-file $(IMAGE_TAR_FILE)
 	@ls -latrh $(IMAGE_TAR_FILE)
 
+.PHONY: cve-reporter.push-images
+cve-reporter.push-images: $(GOJQ_BIN)
+cve-reporter.push-images: CVE_REPORTER_KOMMANDER_VERSION ?= main
+cve-reporter.push-images:
+	$(call print-target)
+	@$(GOJQ_BIN) -r --yaml-input '.|flatten|sort|unique' hack/images.yaml > $(CATALOG_IMAGES_TXT)
+	TMP_IMAGES_JSON=$$(mktemp) && \
+	$(GOJQ_BIN) --arg DKP_CATALOG_VERSION $(CVE_REPORTER_KOMMANDER_VERSION) \
+		-r -f ./hack/cve/convert-images-json.jq $(CATALOG_IMAGES_TXT) > $$TMP_IMAGES_JSON && \
+	CVE_REPORTER_PROJECT_VERSION=$(CVE_REPORTER_KOMMANDER_VERSION) ./hack/cve/push-images.sh $$TMP_IMAGES_JSON && \
+	rm -f $$TMP_IMAGES_JSON
+
 .PHONY: release.repo-archive
 release.repo-archive: $(BUILD_DIR)
 ifeq ($(CATALOG_APPLICATIONS_VERSION),"")