Introduce script for downloading Scanner blobs

It's actually stolen from
#1334
with small modifications.

.tekton/scanner-db-pull-request.yaml

@@ -240,26 +240,10 @@ spec:
         taskSpec:
           steps:
             - name: fetch-sql-definitions
-              image: registry.access.redhat.com/ubi8/ubi
+              image: registry.access.redhat.com/ubi8/ubi-minimal:latest
               script: |
-                #!/usr/bin/env bash
-                mkdir -p "$(workspaces.source.path)/source"
-                blobs=(
-                  pg-definitions.sql.gz
-                )
-                for blob in "${blobs[@]}"; do
-                  echo "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob} > $(workspaces.source.path)/source/blob-${blob}"
-                  curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \
-                    --output "$(workspaces.source.path)/source/${blob}" \
-                    "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}"
-                
-                  if [ "$?" != "0" ]; then
-                      echo "Failed to download"
-                      exit 1
-                  fi
-                
-                  ls -lh $(workspaces.source.path)/source
-                done
+                "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" pg-definitions.sql.gz
+              timeout: '10m'
         workspaces:
           - name: source
             workspace: workspace

.tekton/scanner-db-push.yaml

@@ -238,26 +238,10 @@ spec:
         taskSpec:
           steps:
             - name: fetch-sql-definitions
-              image: registry.access.redhat.com/ubi8/ubi
+              image: registry.access.redhat.com/ubi8/ubi-minimal:latest
               script: |
-                #!/usr/bin/env bash
-                mkdir -p "$(workspaces.source.path)/source"
-                blobs=(
-                  pg-definitions.sql.gz
-                )
-                for blob in "${blobs[@]}"; do
-                  echo "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob} > $(workspaces.source.path)/source/blob-${blob}"
-                  curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \
-                    --output "$(workspaces.source.path)/source/${blob}" \
-                    "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}"
-                
-                  if [ "$?" != "0" ]; then
-                      echo "Failed to download"
-                      exit 1
-                  fi
-                
-                  ls -lh $(workspaces.source.path)/source
-                done
+                "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" pg-definitions.sql.gz
+              timeout: '10m'
         workspaces:
           - name: source
             workspace: workspace

scripts/konflux/fetch-scanner-data.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")"/../.. && pwd)"
+
+if [[ "$#" < 1 ]]; then
+  >&2 echo "Error: please pass blob filenames as command line arguments."
+  >&2 echo "For example:"
+  >&2 echo "    $(basename "${BASH_SOURCE[0]}") nvd-definitions.zip k8s-definitions.zip repo2cpe.zip genesis_manifests.json"
+  exit 1
+fi
+
+blobs=( "$@" )
+
+for blob in "${blobs[@]}"; do
+
+  # TODO(ROX-22130): Assign proper suffix for tagged commits instead of /latest/.
+  url="https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}"
+  dest="${REPO_ROOT}/blob-${blob}"
+
+  echo "Downloading ${url} > ${dest}"
+  curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \
+    --output "${dest}" \
+    "${url}"
+
+done