diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f0f2c94..9fdb4ec 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -58,7 +58,7 @@ security_scanner: script: - set -x - export GITLAB_URL="$(echo "$CI_PROJECT_URL" | grep -Eo '^https?://[^/]*')" - - security-scanner $target + - python3 -m security_scanner $target only: refs: - schedules diff --git a/security-scanner/Dockerfile b/security-scanner/Dockerfile index 9b732b2..d72732c 100644 --- a/security-scanner/Dockerfile +++ b/security-scanner/Dockerfile @@ -7,13 +7,14 @@ RUN apt-get update \ python3 \ python3-apt \ python3-pip \ - python3-urllib3 \ && rm -rf /var/lib/apt/lists/* -COPY requirements.txt /tmp/requirements.txt +COPY setup.py /code/setup.py -RUN pip3 install -r /tmp/requirements.txt +WORKDIR /code + +RUN pip3 install -e . ADD . /code -RUN (cd /code && python3 setup.py install) +RUN python3 setup.py install diff --git a/security-scanner/bin/security-scanner b/security-scanner/bin/security-scanner deleted file mode 100755 index 22c4524..0000000 --- a/security-scanner/bin/security-scanner +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env python3 - -import sys - -import security_scanner.main - -if __name__ == '__main__': - security_scanner.main.main(sys.argv) diff --git a/security-scanner/requirements.txt b/security-scanner/requirements.txt deleted file mode 100644 index 3324114..0000000 --- a/security-scanner/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -python-gitlab==1.4.0 -urllib3==1.22 diff --git a/security-scanner/security_scanner/main.py b/security-scanner/security_scanner/__main__.py similarity index 56% rename from security-scanner/security_scanner/main.py rename to security-scanner/security_scanner/__main__.py index 8e1a543..c19cc64 100644 --- a/security-scanner/security_scanner/main.py +++ b/security-scanner/security_scanner/__main__.py @@ -1,9 +1,8 @@ #!/usr/bin/env python3 +import os import sys - -import security_scanner from security_scanner.debian_tracker import DebianTracker from security_scanner.dpkg_list import DpkgList from security_scanner.gitlab import GitLab @@ -28,13 +27,22 @@ def checkDebianDistro(distro): return result -def main(argv): - gitlab = GitLab() - for distro in argv[1:]: +if __name__ == '__main__': + gitlab_url = os.environ.get('GITLAB_URL') + project_id = os.environ.get('CI_PROJECT_ID') + api_token = os.environ.get('PRIVATE_TOKEN') + gitlab = GitLab(gitlab_url, project_id, api_token) + for distro in sys.argv[1:]: job = gitlab.getLastSuccessfulJob('master', 'squashfs_master') - gitlab.downloadArtifact(job, 'images/debian-' + distro + '.dpkg-list', 'debian-' + distro + '.dpkg-list') - if checkDebianDistro(distro) > 0: - ref = job.attributes['ref'] - print("creating pipeline for reference {}".format(ref)) - pprint(job.attributes) - gitlab.createPipeline(ref) + if job is not None: + gitlab.downloadArtifact(job, 'images/debian-' + distro + '.dpkg-list', 'debian-' + distro + '.dpkg-list') + if checkDebianDistro(distro) > 0: + ref = job.attributes['ref'] + print("creating pipeline for reference {}".format(ref)) + pprint(job.attributes) + gitlab.createPipeline(ref) + else: + print('last successful job not found') + sys.exit(1) + + diff --git a/security-scanner/security_scanner/gitlab.py b/security-scanner/security_scanner/gitlab.py index 71097a8..a4e5fc8 100644 --- a/security-scanner/security_scanner/gitlab.py +++ b/security-scanner/security_scanner/gitlab.py @@ -1,34 +1,31 @@ #!/usr/bin/env python import gitlab -import os from security_scanner.file_writer import FileWriter class GitLab: - def __init__(self): - gitlab_url = os.environ.get('GITLAB_URL') - api_token = os.environ.get('PRIVATE_TOKEN') - project_id = os.environ.get('CI_PROJECT_ID') + def __init__(self, gitlab_url, project_id, api_token=None): + if gitlab_url is None: + raise ValueError('must pass gitlab_url') + if project_id is None: + raise ValueError('must pass project_id') self._gl = gitlab.Gitlab(gitlab_url, private_token=api_token) self._project = self._gl.projects.get(project_id) def getLastSuccessfulJob(self, ref, name): - pipelines = self._project.pipelines.list() + pipelines = self._project.pipelines.list(ref=ref, status='success') last_successful_job = None + print(pipelines) for pipeline in pipelines: - jobs = pipeline.jobs.list() + jobs = pipeline.jobs.list(scope='success') for job in jobs: - if job.ref == ref and job.attributes['name'] == name and job.attributes['status'] == 'success': - if last_successful_job is not None: - if job.attributes['id'] > last_successful_job.attributes['id']: - last_successful_job = job - else: - last_successful_job = job + if job.attributes['name'] == name: + return job - return last_successful_job + return None def downloadArtifact(self, job, sourcePath, destPath): job_id = job.attributes['id'] diff --git a/security-scanner/setup.py b/security-scanner/setup.py index 19d4052..e092ba4 100644 --- a/security-scanner/setup.py +++ b/security-scanner/setup.py @@ -1,15 +1,11 @@ -try: - from setuptools import setup -except ImportError: - from distutils.core import setup +import setuptools -config = { - 'name': 'security_scanner', - 'install_requires': [], - 'packages': [ - 'security_scanner', +setuptools.setup( + name='security_scanner', + version='1.2.0', + packages=setuptools.find_packages(), + install_requires=[ + 'python-gitlab==1.7.0', + 'urllib3==1.24.1', ], - 'scripts': ['bin/security-scanner'] -} - -setup(**config) +)