From e0328b0235e980633b33d3093912354aface4f66 Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 1 Feb 2024 18:40:13 +0100 Subject: [PATCH] Introduce script for downloading Scanner blobs It's actually stolen from https://github.com/stackrox/scanner/pull/1334 with small modifications. --- .tekton/scanner-db-pull-request.yaml | 22 +++------------------- .tekton/scanner-db-push.yaml | 22 +++------------------- scripts/konflux/fetch-scanner-data.sh | 27 +++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 38 deletions(-) create mode 100755 scripts/konflux/fetch-scanner-data.sh diff --git a/.tekton/scanner-db-pull-request.yaml b/.tekton/scanner-db-pull-request.yaml index b042741f1..02f5d767b 100644 --- a/.tekton/scanner-db-pull-request.yaml +++ b/.tekton/scanner-db-pull-request.yaml @@ -240,26 +240,10 @@ spec: taskSpec: steps: - name: fetch-sql-definitions - image: registry.access.redhat.com/ubi8/ubi + image: registry.access.redhat.com/ubi8/ubi-minimal:latest script: | - #!/usr/bin/env bash - mkdir -p "$(workspaces.source.path)/source" - blobs=( - pg-definitions.sql.gz - ) - for blob in "${blobs[@]}"; do - echo "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob} > $(workspaces.source.path)/source/blob-${blob}" - curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \ - --output "$(workspaces.source.path)/source/${blob}" \ - "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}" - - if [ "$?" != "0" ]; then - echo "Failed to download" - exit 1 - fi - - ls -lh $(workspaces.source.path)/source - done + "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" pg-definitions.sql.gz + timeout: '10m' workspaces: - name: source workspace: workspace diff --git a/.tekton/scanner-db-push.yaml b/.tekton/scanner-db-push.yaml index 03e1fb97b..3c7754726 100644 --- a/.tekton/scanner-db-push.yaml +++ b/.tekton/scanner-db-push.yaml @@ -238,26 +238,10 @@ spec: taskSpec: steps: - name: fetch-sql-definitions - image: registry.access.redhat.com/ubi8/ubi + image: registry.access.redhat.com/ubi8/ubi-minimal:latest script: | - #!/usr/bin/env bash - mkdir -p "$(workspaces.source.path)/source" - blobs=( - pg-definitions.sql.gz - ) - for blob in "${blobs[@]}"; do - echo "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob} > $(workspaces.source.path)/source/blob-${blob}" - curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \ - --output "$(workspaces.source.path)/source/${blob}" \ - "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}" - - if [ "$?" != "0" ]; then - echo "Failed to download" - exit 1 - fi - - ls -lh $(workspaces.source.path)/source - done + "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" pg-definitions.sql.gz + timeout: '10m' workspaces: - name: source workspace: workspace diff --git a/scripts/konflux/fetch-scanner-data.sh b/scripts/konflux/fetch-scanner-data.sh new file mode 100755 index 000000000..9f6be6702 --- /dev/null +++ b/scripts/konflux/fetch-scanner-data.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +set -euo pipefail + +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")"/../.. && pwd)" + +if [[ "$#" < 1 ]]; then + >&2 echo "Error: please pass blob filenames as command line arguments." + >&2 echo "For example:" + >&2 echo " $(basename "${BASH_SOURCE[0]}") nvd-definitions.zip k8s-definitions.zip repo2cpe.zip genesis_manifests.json" + exit 1 +fi + +blobs=( "$@" ) + +for blob in "${blobs[@]}"; do + + # TODO(ROX-22130): Assign proper suffix for tagged commits instead of /latest/. + url="https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}" + dest="${REPO_ROOT}/blob-${blob}" + + echo "Downloading ${url} > ${dest}" + curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \ + --output "${dest}" \ + "${url}" + +done