Introduce script for downloading Scanner blobs

It's actually stolen from #1334 with small modifications.
stackrox · Feb 1, 2024 · e23d81a · e23d81a
1 parent 7993e3b
commit e23d81a
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 39 deletions.
diff --git a/.tekton/scanner-db-pull-request.yaml b/.tekton/scanner-db-pull-request.yaml
@@ -240,26 +240,10 @@ spec:
         taskSpec:
           steps:
             - name: fetch-sql-definitions
-              image: registry.access.redhat.com/ubi8/ubi
+              image: registry.access.redhat.com/ubi8/ubi-minimal:latest
               script: |
-                #!/usr/bin/env bash
-                mkdir -p "$(workspaces.source.path)/source"
-                blobs=(
-                  pg-definitions.sql.gz
-                )
-                for blob in "${blobs[@]}"; do
-                  echo "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob} > $(workspaces.source.path)/source/blob-${blob}"
-                  curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \
-                    --output "$(workspaces.source.path)/source/${blob}" \
-                    "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}"
-                
-                  if [ "$?" != "0" ]; then
-                      echo "Failed to download"
-                      exit 1
-                  fi
-                
-                  ls -lh $(workspaces.source.path)/source
-                done
+                "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" "$(workspaces.source.path)/source" pg-definitions.sql.gz
+              timeout: '10m'
         workspaces:
           - name: source
             workspace: workspace

diff --git a/.tekton/scanner-db-push.yaml b/.tekton/scanner-db-push.yaml
@@ -238,26 +238,10 @@ spec:
         taskSpec:
           steps:
             - name: fetch-sql-definitions
-              image: registry.access.redhat.com/ubi8/ubi
+              image: registry.access.redhat.com/ubi8/ubi-minimal:latest
               script: |
-                #!/usr/bin/env bash
-                mkdir -p "$(workspaces.source.path)/source"
-                blobs=(
-                  pg-definitions.sql.gz
-                )
-                for blob in "${blobs[@]}"; do
-                  echo "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob} > $(workspaces.source.path)/source/blob-${blob}"
-                  curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \
-                    --output "$(workspaces.source.path)/source/${blob}" \
-                    "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}"
-                
-                  if [ "$?" != "0" ]; then
-                      echo "Failed to download"
-                      exit 1
-                  fi
-                
-                  ls -lh $(workspaces.source.path)/source
-                done
+                "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" "$(workspaces.source.path)/source" pg-definitions.sql.gz
+              timeout: '10m'
         workspaces:
           - name: source
             workspace: workspace

diff --git a/image/db/rhel/konflux.Dockerfile b/image/db/rhel/konflux.Dockerfile
@@ -37,7 +37,7 @@ RUN dnf upgrade -y --nobest && \
     mkdir /docker-entrypoint-initdb.d && \
     chmod +x /usr/local/bin/docker-entrypoint.sh
 
-COPY pg-definitions.sql.gz /docker-entrypoint-initdb.d/definitions.sql.gz
+COPY blob-pg-definitions.sql.gz /docker-entrypoint-initdb.d/definitions.sql.gz
 
 ENV PG_MAJOR=12 \
     PGDATA="/var/lib/postgresql/data/pgdata"

diff --git a/scripts/konflux/fetch-scanner-data.sh b/scripts/konflux/fetch-scanner-data.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+if [[ "$#" < 2 ]]; then
+  >&2 echo "Error: please pass target directory and blob filename(s) as command line arguments."
+  >&2 echo "For example:"
+  >&2 echo "    $(basename "${BASH_SOURCE[0]}") $(pwd) nvd-definitions.zip k8s-definitions.zip repo2cpe.zip genesis_manifests.json"
+  exit 1
+fi
+
+TARGET_DIR="$1"
+shift
+
+blobs=( "$@" )
+
+for blob in "${blobs[@]}"; do
+
+  # TODO(ROX-22130): Assign proper suffix for tagged commits instead of /latest/.
+  url="https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}"
+  dest="${TARGET_DIR}/blob-${blob}"
+
+  echo "Downloading ${url} > ${dest}"
+  curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \
+    --output "${dest}" \
+    "${url}"
+
+done