From 94e26d2d1c3d3407d9541af2304415a8216f6287 Mon Sep 17 00:00:00 2001 From: "Lushaj, Valdrin" Date: Tue, 16 May 2023 14:35:07 +0200 Subject: [PATCH 01/11] feat(CPE-14395): update Pipedawg::Job::Skopeo::Copy class to continue execution even after a login fails and provide information about which login failed --- lib/pipedawg/job/skopeo/copy.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/pipedawg/job/skopeo/copy.rb b/lib/pipedawg/job/skopeo/copy.rb index 29d36bd..9e6ba95 100644 --- a/lib/pipedawg/job/skopeo/copy.rb +++ b/lib/pipedawg/job/skopeo/copy.rb @@ -37,7 +37,13 @@ def cert_copies def login opts.fetch(:logins, {}).map do |k, v| - "echo \"#{v['password']}\" | #{opts[:command]} login --authfile \"${CONFIG}/config.json\" --username \"#{v['username']}\" --password-stdin \"#{k}\"" # rubocop:disable Layout/LineLength + begin + command = "echo \"#{v['password']}\" | #{opts[:command]} login --authfile \"${CONFIG}/config.json\" --username \"#{v['username']}\" --password-stdin \"#{k}\"" # rubocop:disable Layout/LineLength + `#{command}` + puts "Login succeeded for #{k}" + rescue RuntimeError => e + puts "Login failed for #{k}: #{e.message}" + end end end From b0c5301a026d8195a4e291426dfed77d56b3193d Mon Sep 17 00:00:00 2001 From: "Lushaj, Valdrin" Date: Tue, 16 May 2023 14:41:54 +0200 Subject: [PATCH 02/11] feat(CPE-14395): update source code uri --- README.md | 2 +- pipedawg.gemspec | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a6f519e..d4b31bf 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,7 @@ To make this behaviour a default for all gem projects, the above line can be add ## Contributing -Bug reports and pull requests are welcome on [GitHub](https://github.com/liger1978/pipedawg). +Bug reports and pull requests are welcome on [GitHub](https://github.com/ValdrinLushaj/pipedawg). ## License diff --git a/pipedawg.gemspec b/pipedawg.gemspec index 3cbe6c0..e7d8f15 100644 --- a/pipedawg.gemspec +++ b/pipedawg.gemspec @@ -10,12 +10,12 @@ Gem::Specification.new do |spec| spec.summary = 'Generate GitLab CI pipelines.' spec.description = 'Generate GitLab CI pipelines.' - spec.homepage = 'https://github.com/liger1978/pipedawg' + spec.homepage = 'https://github.com/ValdrinLushaj/pipedawg' spec.license = 'MIT' spec.metadata['homepage_uri'] = spec.homepage - spec.metadata['source_code_uri'] = 'https://github.com/liger1978/pipedawg' - spec.metadata['changelog_uri'] = 'https://github.com/liger1978/pipedawg' + spec.metadata['source_code_uri'] = 'https://github.com/ValdrinLushaj/pipedawg' + spec.metadata['changelog_uri'] = 'https://github.com/ValdrinLushaj/pipedawg' # Specify which files should be added to the gem when it is released. # The `git ls-files -z` loads the files in the RubyGem that have been added into git. From 094705db391cb312cc5e981908239155c0512250 Mon Sep 17 00:00:00 2001 From: "Lushaj, Valdrin" Date: Tue, 16 May 2023 14:48:14 +0200 Subject: [PATCH 03/11] feat(CPE-14395): update name --- pipedawg.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pipedawg.gemspec b/pipedawg.gemspec index e7d8f15..e10bc0e 100644 --- a/pipedawg.gemspec +++ b/pipedawg.gemspec @@ -3,7 +3,7 @@ require_relative 'lib/pipedawg/version' Gem::Specification.new do |spec| - spec.name = 'pipedawg' + spec.name = 'pipedawg-vl' spec.version = Pipedawg::VERSION spec.authors = ['harbottle'] spec.email = ['harbottle@room3d3.com'] From 1f266d99aa11004f48d78cc39ccb36a41188f751 Mon Sep 17 00:00:00 2001 From: "Lushaj, Valdrin" Date: Wed, 17 May 2023 10:16:42 +0200 Subject: [PATCH 04/11] CPE-14395: update gem's name specified in the spec.name --- pipedawg.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pipedawg.gemspec b/pipedawg.gemspec index e10bc0e..e7d8f15 100644 --- a/pipedawg.gemspec +++ b/pipedawg.gemspec @@ -3,7 +3,7 @@ require_relative 'lib/pipedawg/version' Gem::Specification.new do |spec| - spec.name = 'pipedawg-vl' + spec.name = 'pipedawg' spec.version = Pipedawg::VERSION spec.authors = ['harbottle'] spec.email = ['harbottle@room3d3.com'] From d8af85d2e7c9a07c1dbd36a1a689e2a475a2f0d1 Mon Sep 17 00:00:00 2001 From: "Lushaj, Valdrin" Date: Wed, 17 May 2023 10:24:09 +0200 Subject: [PATCH 05/11] CPE-14395: update Pipedawg name and version --- lib/pipedawg/version.rb | 2 +- pipedawg.gemspec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pipedawg/version.rb b/lib/pipedawg/version.rb index 53f3f6e..71561b5 100644 --- a/lib/pipedawg/version.rb +++ b/lib/pipedawg/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Pipedawg - VERSION = '1.0.1' + VERSION = '1.0.2' end diff --git a/pipedawg.gemspec b/pipedawg.gemspec index e7d8f15..e10bc0e 100644 --- a/pipedawg.gemspec +++ b/pipedawg.gemspec @@ -3,7 +3,7 @@ require_relative 'lib/pipedawg/version' Gem::Specification.new do |spec| - spec.name = 'pipedawg' + spec.name = 'pipedawg-vl' spec.version = Pipedawg::VERSION spec.authors = ['harbottle'] spec.email = ['harbottle@room3d3.com'] From 44687ba7e2479a7338756b015fdf7f75a6fa0592 Mon Sep 17 00:00:00 2001 From: "Lushaj, Valdrin" Date: Wed, 17 May 2023 17:08:16 +0200 Subject: [PATCH 06/11] CPE-14395: update echo command of login function to include a fallback command if it fails --- lib/pipedawg/job/skopeo/copy.rb | 8 +------- lib/pipedawg/version.rb | 2 +- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/lib/pipedawg/job/skopeo/copy.rb b/lib/pipedawg/job/skopeo/copy.rb index 9e6ba95..098a7bb 100644 --- a/lib/pipedawg/job/skopeo/copy.rb +++ b/lib/pipedawg/job/skopeo/copy.rb @@ -37,13 +37,7 @@ def cert_copies def login opts.fetch(:logins, {}).map do |k, v| - begin - command = "echo \"#{v['password']}\" | #{opts[:command]} login --authfile \"${CONFIG}/config.json\" --username \"#{v['username']}\" --password-stdin \"#{k}\"" # rubocop:disable Layout/LineLength - `#{command}` - puts "Login succeeded for #{k}" - rescue RuntimeError => e - puts "Login failed for #{k}: #{e.message}" - end + "echo \"#{v['password']}\" | #{opts[:command]} login --authfile \"${CONFIG}/config.json\" --username \"#{v['username']}\" --password-stdin \"#{k}\" || echo \"Failed to login\"" # rubocop:disable Layout/LineLength end end diff --git a/lib/pipedawg/version.rb b/lib/pipedawg/version.rb index 71561b5..717ec72 100644 --- a/lib/pipedawg/version.rb +++ b/lib/pipedawg/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Pipedawg - VERSION = '1.0.2' + VERSION = '1.0.3' end From ee7593f5b302c9e5f0fd7ae1d558d1514dbdb92a Mon Sep 17 00:00:00 2001 From: Ryan Scheinberg Date: Mon, 12 Jun 2023 11:22:09 -0400 Subject: [PATCH 07/11] feat(CPE-14687): update copy.rb to allow for different destination image --- lib/pipedawg/job/skopeo/copy.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/pipedawg/job/skopeo/copy.rb b/lib/pipedawg/job/skopeo/copy.rb index 098a7bb..e66bbba 100644 --- a/lib/pipedawg/job/skopeo/copy.rb +++ b/lib/pipedawg/job/skopeo/copy.rb @@ -7,7 +7,7 @@ class Skopeo class Copy < Job::Skopeo def initialize(name, opts = {}) opts = { - config: {}, copy_image: name, destinations: [{ copy_image: nil, flags: [], options: {} }], flags: [], + config: {}, copy_image: name, destinations: [{ dest_image_name: nil, copy_image: nil, flags: [], options: {} }], flags: [], logins: {}, options: {}, stage: '${CI_PROJECT_DIR}/stage', trusted_ca_cert_source_files: [], trusted_ca_cert_target_file: '/etc/docker/certs.d/ca.crt' }.merge(opts) @@ -18,7 +18,7 @@ def initialize(name, opts = {}) def update # rubocop:disable Metrics/AbcSize require 'json' opts[:script] = debug + config + cert_copies + login + mkstage + pull + ( - opts[:destinations].map { |d| push(d) } + opts[:destinations].map.with_index { |d, i| push(d, opts[:dest_image_names][i]) } ).flatten(1) end @@ -49,8 +49,8 @@ def pull copy(opts, "docker://#{opts[:copy_image]}", "\"dir://#{opts[:stage]}\"") end - def push(destination_opts) - copy(destination_opts, "\"dir://#{opts[:stage]}\"", "docker://#{destination_opts[:copy_image]}") + def push(destination_opts, dest_image_name) + copy(destination_opts, "\"dir://#{opts[:stage]}\"", "docker://#{dest_image_name || destination_opts[:copy_image]}") end def copy(copy_opts, source, destination) From f0d62f5eeaae4fc21440201e9ca42345e296acc1 Mon Sep 17 00:00:00 2001 From: "Lushaj, Valdrin" Date: Mon, 12 Jun 2023 17:42:13 +0200 Subject: [PATCH 08/11] feat(CPE-14687): update Pipedawg version --- lib/pipedawg/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pipedawg/version.rb b/lib/pipedawg/version.rb index 717ec72..3fc1522 100644 --- a/lib/pipedawg/version.rb +++ b/lib/pipedawg/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Pipedawg - VERSION = '1.0.3' + VERSION = '1.0.4' end From c7cae32392d5e7e9f6ffe0a41650ae2523e9f805 Mon Sep 17 00:00:00 2001 From: "Lushaj, Valdrin" Date: Thu, 15 Jun 2023 15:28:45 +0200 Subject: [PATCH 09/11] feat(CPE-14687): update copy.rb to revert changes for allowing for different destination image, update module version --- lib/pipedawg/job/skopeo/copy.rb | 8 ++++---- lib/pipedawg/version.rb | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/pipedawg/job/skopeo/copy.rb b/lib/pipedawg/job/skopeo/copy.rb index e66bbba..098a7bb 100644 --- a/lib/pipedawg/job/skopeo/copy.rb +++ b/lib/pipedawg/job/skopeo/copy.rb @@ -7,7 +7,7 @@ class Skopeo class Copy < Job::Skopeo def initialize(name, opts = {}) opts = { - config: {}, copy_image: name, destinations: [{ dest_image_name: nil, copy_image: nil, flags: [], options: {} }], flags: [], + config: {}, copy_image: name, destinations: [{ copy_image: nil, flags: [], options: {} }], flags: [], logins: {}, options: {}, stage: '${CI_PROJECT_DIR}/stage', trusted_ca_cert_source_files: [], trusted_ca_cert_target_file: '/etc/docker/certs.d/ca.crt' }.merge(opts) @@ -18,7 +18,7 @@ def initialize(name, opts = {}) def update # rubocop:disable Metrics/AbcSize require 'json' opts[:script] = debug + config + cert_copies + login + mkstage + pull + ( - opts[:destinations].map.with_index { |d, i| push(d, opts[:dest_image_names][i]) } + opts[:destinations].map { |d| push(d) } ).flatten(1) end @@ -49,8 +49,8 @@ def pull copy(opts, "docker://#{opts[:copy_image]}", "\"dir://#{opts[:stage]}\"") end - def push(destination_opts, dest_image_name) - copy(destination_opts, "\"dir://#{opts[:stage]}\"", "docker://#{dest_image_name || destination_opts[:copy_image]}") + def push(destination_opts) + copy(destination_opts, "\"dir://#{opts[:stage]}\"", "docker://#{destination_opts[:copy_image]}") end def copy(copy_opts, source, destination) diff --git a/lib/pipedawg/version.rb b/lib/pipedawg/version.rb index 3fc1522..c973068 100644 --- a/lib/pipedawg/version.rb +++ b/lib/pipedawg/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Pipedawg - VERSION = '1.0.4' + VERSION = '1.0.5' end From d68d661cef609baaff5440bb6f1021fd2210d092 Mon Sep 17 00:00:00 2001 From: "Lushaj, Valdrin" Date: Mon, 25 Sep 2023 09:55:55 +0200 Subject: [PATCH 10/11] feat(CPE-14951): update new qualys api call, refactor image ID extraction to remove 'sha256:' prefix --- lib/pipedawg/job/qualys/scan.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/pipedawg/job/qualys/scan.rb b/lib/pipedawg/job/qualys/scan.rb index f1b0c54..bfe3bc2 100644 --- a/lib/pipedawg/job/qualys/scan.rb +++ b/lib/pipedawg/job/qualys/scan.rb @@ -50,7 +50,7 @@ def image "image_target=\"#{opts[:scan_target_prefix]}:$(echo #{opts[:scan_image]} | sed 's/^[^/]*\\///'| sed 's/[:/]/-/g')\"", # rubocop:disable Layout/LineLength "docker --config=\"${CONFIG}\" pull \"#{opts[:scan_image]}\"", "docker image tag \"#{opts[:scan_image]}\" \"${image_target}\"", - "image_id=$(docker inspect --format=\"{{index .Id}}\" \"#{opts[:scan_image]}\" | cut -c8-19)", + "image_id=$(docker inspect --format=\"{{index .Id}}\" \"#{opts[:scan_image]}\" | sed 's/sha256://')", 'echo "Image ID: ${image_id}"' ] end @@ -69,7 +69,7 @@ def token def scan_start [ 'while true; do ' \ - "result=$(curl -s -o /dev/null -w ''%{http_code}'' --location --request GET \"https://#{opts[:gateway]}/csapi/v1.2/images/$image_id\" --header \"Authorization: Bearer $token\"); " + # rubocop:disable Layout/LineLength, Style/FormatStringToken + "result=$(curl -s -o /dev/null -w ''%{http_code}'' --location --request GET \"https://#{opts[:gateway]}/csapi/v1.3/images/$image_id\" --header \"Authorization: Bearer $token\"); " + # rubocop:disable Layout/LineLength, Style/FormatStringToken 'echo "Waiting for scan to start..."; ' \ 'echo " Result: ${result}"; ' \ 'if [ "${result}" = "200" ]; then break; fi; ' \ @@ -80,7 +80,7 @@ def scan_start def scan_complete [ 'while true; do ' \ - "result=$(curl -s --location --request GET \"https://#{opts[:gateway]}/csapi/v1.2/images/$image_id\" --header \"Authorization: Bearer $token\" | jq -r '.scanStatus'); " + # rubocop:disable Layout/LineLength + "result=$(curl -s --location --request GET \"https://#{opts[:gateway]}/csapi/v1.3/images/$image_id\" --header \"Authorization: Bearer $token\" | jq -r '.scanStatus'); " + # rubocop:disable Layout/LineLength 'echo "Waiting for scan to complete..."; ' \ 'echo " Result: ${result}"; ' \ 'if [ "${result}" = "SUCCESS" ]; then break; fi; ' \ @@ -90,14 +90,14 @@ def scan_complete def artifacts [ - "curl -s --location --request GET \"https://#{opts[:gateway]}/csapi/v1.2/images/$image_id/software\" --header \"Authorization: Bearer $token\" | jq . > software.json", # rubocop:disable Layout/LineLength - "curl -s --location --request GET \"https://#{opts[:gateway]}/csapi/v1.2/images/$image_id/vuln\" --header \"Authorization: Bearer $token\" | jq . > vulnerabilities.json" # rubocop:disable Layout/LineLength + "curl -s --location --request GET \"https://#{opts[:gateway]}/csapi/v1.3/images/$image_id/software\" --header \"Authorization: Bearer $token\" | jq . > software.json", # rubocop:disable Layout/LineLength + "curl -s --location --request GET \"https://#{opts[:gateway]}/csapi/v1.3/images/$image_id/vuln\" --header \"Authorization: Bearer $token\" | jq . > vulnerabilities.json" # rubocop:disable Layout/LineLength ] end def severities [ - "response=$(curl -s --location --request GET \"https://#{opts[:gateway]}/csapi/v1.2/images/$image_id/vuln/count\" --header \"Authorization: Bearer $token\")", # rubocop:disable Layout/LineLength + "response=$(curl -s --location --request GET \"https://#{opts[:gateway]}/csapi/v1.3/images/$image_id/vuln/count\" --header \"Authorization: Bearer $token\")", # rubocop:disable Layout/LineLength 'severity5=$(jq -r ".severity5Count" <<< "${response}")', 'severity4=$(jq -r ".severity4Count" <<< "${response}")' ] From 0c019c552b856d93d562a314ef3c830aa13f6e70 Mon Sep 17 00:00:00 2001 From: "Lushaj, Valdrin" Date: Mon, 25 Sep 2023 12:14:26 +0200 Subject: [PATCH 11/11] feat(CPE-14951): update version --- lib/pipedawg/version.rb | 2 +- pipedawg.gemspec | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/pipedawg/version.rb b/lib/pipedawg/version.rb index c973068..7de72fa 100644 --- a/lib/pipedawg/version.rb +++ b/lib/pipedawg/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Pipedawg - VERSION = '1.0.5' + VERSION = '1.0.6' end diff --git a/pipedawg.gemspec b/pipedawg.gemspec index e10bc0e..7509756 100644 --- a/pipedawg.gemspec +++ b/pipedawg.gemspec @@ -11,7 +11,6 @@ Gem::Specification.new do |spec| spec.summary = 'Generate GitLab CI pipelines.' spec.description = 'Generate GitLab CI pipelines.' spec.homepage = 'https://github.com/ValdrinLushaj/pipedawg' - spec.license = 'MIT' spec.metadata['homepage_uri'] = spec.homepage spec.metadata['source_code_uri'] = 'https://github.com/ValdrinLushaj/pipedawg'