From 89433cccc6ffdf3e92a5e73d1c21e105d9f30bec Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Tue, 6 Feb 2024 11:49:47 +0100 Subject: [PATCH 1/2] Fix bash comparison `<` does lexicographical comparision, therefore running blah.sh 0 1 2 3 4 5 6 7 8 9 10 11 resulted in error. `-lt` does arithmetic check. --- scripts/konflux/fetch-scanner-data.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/konflux/fetch-scanner-data.sh b/scripts/konflux/fetch-scanner-data.sh index 889bfdcdd..22cb094fe 100755 --- a/scripts/konflux/fetch-scanner-data.sh +++ b/scripts/konflux/fetch-scanner-data.sh @@ -4,7 +4,7 @@ set -euo pipefail -if [[ "$#" < 2 ]]; then +if [[ "$#" -lt "2" ]]; then >&2 echo "Error: please pass target directory and blob filename(s) as command line arguments." >&2 echo "For example:" >&2 echo " $(basename "${BASH_SOURCE[0]}") $(pwd) nvd-definitions.zip k8s-definitions.zip repo2cpe.zip genesis_manifests.json" From de790d8b0f4a26ae75180d5b78705e0361e2ec88 Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Tue, 6 Feb 2024 11:51:25 +0100 Subject: [PATCH 2/2] Switch from `fetch-vuln-feed-data.sh` to `fetch-scanner-data.sh` --- .tekton/scanner-db-pull-request.yaml | 4 +++- .tekton/scanner-db-push.yaml | 4 +++- .tekton/scanner-pull-request.yaml | 7 +++++- .tekton/scanner-push.yaml | 7 +++++- scripts/konflux/fetch-vuln-feed-data.sh | 30 ------------------------- 5 files changed, 18 insertions(+), 34 deletions(-) delete mode 100755 scripts/konflux/fetch-vuln-feed-data.sh diff --git a/.tekton/scanner-db-pull-request.yaml b/.tekton/scanner-db-pull-request.yaml index e2411c68a..dc0679be3 100644 --- a/.tekton/scanner-db-pull-request.yaml +++ b/.tekton/scanner-db-pull-request.yaml @@ -247,7 +247,9 @@ spec: - name: fetch-sql-definitions image: registry.access.redhat.com/ubi8/ubi-minimal:latest script: | - "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" "$(workspaces.source.path)/source" pg-definitions.sql.gz + "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" \ + "$(workspaces.source.path)/source" \ + pg-definitions.sql.gz timeout: '10m' workspaces: - name: source diff --git a/.tekton/scanner-db-push.yaml b/.tekton/scanner-db-push.yaml index 5bda1099f..7c138a395 100644 --- a/.tekton/scanner-db-push.yaml +++ b/.tekton/scanner-db-push.yaml @@ -245,7 +245,9 @@ spec: - name: fetch-sql-definitions image: registry.access.redhat.com/ubi8/ubi-minimal:latest script: | - "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" "$(workspaces.source.path)/source" pg-definitions.sql.gz + "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" \ + "$(workspaces.source.path)/source" \ + pg-definitions.sql.gz timeout: '10m' workspaces: - name: source diff --git a/.tekton/scanner-pull-request.yaml b/.tekton/scanner-pull-request.yaml index 3db74f7fb..27e8cdfd2 100644 --- a/.tekton/scanner-pull-request.yaml +++ b/.tekton/scanner-pull-request.yaml @@ -243,7 +243,12 @@ spec: image: registry.access.redhat.com/ubi8-minimal:latest script: | #!/usr/bin/env bash - "$(workspaces.source.path)/source/scripts/konflux/fetch-vuln-feed-data.sh" "$(workspaces.source.path)/source" + "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" \ + "$(workspaces.source.path)/source" \ + nvd-definitions.zip \ + k8s-definitions.zip \ + repo2cpe.zip \ + genesis_manifests.json workspaces: - name: source workspace: workspace diff --git a/.tekton/scanner-push.yaml b/.tekton/scanner-push.yaml index dd05d8543..d67e4bb53 100644 --- a/.tekton/scanner-push.yaml +++ b/.tekton/scanner-push.yaml @@ -242,7 +242,12 @@ spec: image: registry.access.redhat.com/ubi8-minimal:latest script: | #!/usr/bin/env bash - "$(workspaces.source.path)/source/scripts/konflux/fetch-vuln-feed-data.sh" "$(workspaces.source.path)/source" + "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" \ + "$(workspaces.source.path)/source" \ + nvd-definitions.zip \ + k8s-definitions.zip \ + repo2cpe.zip \ + genesis_manifests.json workspaces: - name: source workspace: workspace diff --git a/scripts/konflux/fetch-vuln-feed-data.sh b/scripts/konflux/fetch-vuln-feed-data.sh deleted file mode 100755 index 634fea7bc..000000000 --- a/scripts/konflux/fetch-vuln-feed-data.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -if [[ "$#" < 1 ]]; then - echo "Please pass target directory." - exit 1 -fi - -TARGET_DIR="$1" - -if [[ ! -d "$TARGET_DIR" ]]; then - echo "$TARGET_DIR is not a valid directory" - exit 1 -fi - -blobs=( - nvd-definitions.zip - k8s-definitions.zip - repo2cpe.zip - genesis_manifests.json -) - -for blob in "${blobs[@]}"; do - echo "Downloading https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob} > $TARGET_DIR/blob-${blob}" - # TODO(ROX-22130): Assign proper suffix for tagged commits instead of /latest/. - curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \ - --output "$TARGET_DIR/blob-${blob}" \ - "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}" -done