Fix security scanner

2019-01-15 21:53:32 +01:00 · 2019-01-15 21:53:32 +01:00 · a8851a23d3
commit a8851a23d3
parent dba60b2917
7 changed files with 45 additions and 53 deletions
--- a/security-scanner/Dockerfile
+++ b/security-scanner/Dockerfile
@ -7,13 +7,14 @@ RUN apt-get update \
 		python3 \
 		python3-apt \
 		python3-pip \
-		python3-urllib3 \
 	&& rm -rf /var/lib/apt/lists/*

-COPY requirements.txt /tmp/requirements.txt
+COPY setup.py /code/setup.py

-RUN pip3 install -r /tmp/requirements.txt
+WORKDIR /code
+
+RUN pip3 install -e .

 ADD . /code

-RUN (cd /code && python3 setup.py install)
+RUN python3 setup.py install
--- a/security-scanner/bin/security-scanner
+++ b/security-scanner/bin/security-scanner
@ -1,8 +0,0 @@
-#!/usr/bin/env python3
-
-import sys
-
-import security_scanner.main
-
-if __name__ == '__main__':
-    security_scanner.main.main(sys.argv)
--- a/security-scanner/requirements.txt
+++ b/security-scanner/requirements.txt
@ -1,2 +0,0 @@
-python-gitlab==1.4.0
-urllib3==1.22
--- a/security-scanner/security_scanner/main.py
+++ b/security-scanner/security_scanner/main.py
@ -1,9 +1,8 @@
 #!/usr/bin/env python3

+import os
 import sys

-
-import security_scanner
 from security_scanner.debian_tracker import DebianTracker
 from security_scanner.dpkg_list import DpkgList
 from security_scanner.gitlab import GitLab
@ -28,13 +27,22 @@ def checkDebianDistro(distro):

    return result

-def main(argv):
-    gitlab = GitLab()
-    for distro in argv[1:]:
+if __name__ == '__main__':
+    gitlab_url = os.environ.get('GITLAB_URL')
+    project_id = os.environ.get('CI_PROJECT_ID')
+    api_token = os.environ.get('PRIVATE_TOKEN')
+    gitlab = GitLab(gitlab_url, project_id, api_token)
+    for distro in sys.argv[1:]:
        job = gitlab.getLastSuccessfulJob('master', 'squashfs_master')
-        gitlab.downloadArtifact(job, 'images/debian-' + distro + '.dpkg-list', 'debian-' + distro + '.dpkg-list')
-        if checkDebianDistro(distro) > 0:
-            ref = job.attributes['ref']
-            print("creating pipeline for reference {}".format(ref))
-            pprint(job.attributes)
-            gitlab.createPipeline(ref)
+        if job is not None:
+            gitlab.downloadArtifact(job, 'images/debian-' + distro + '.dpkg-list', 'debian-' + distro + '.dpkg-list')
+            if checkDebianDistro(distro) > 0:
+                ref = job.attributes['ref']
+                print("creating pipeline for reference {}".format(ref))
+                pprint(job.attributes)
+                gitlab.createPipeline(ref)
+        else:
+            print('last successful job not found')
+            sys.exit(1)
+
+
--- a/security-scanner/security_scanner/gitlab.py
+++ b/security-scanner/security_scanner/gitlab.py
@ -1,34 +1,31 @@
 #!/usr/bin/env python

 import gitlab
-import os

 from security_scanner.file_writer import FileWriter

 class GitLab:
-    def __init__(self):
-        gitlab_url = os.environ.get('GITLAB_URL')
-        api_token = os.environ.get('PRIVATE_TOKEN')
-        project_id = os.environ.get('CI_PROJECT_ID')
+    def __init__(self, gitlab_url, project_id, api_token=None):
+        if gitlab_url is None:
+            raise ValueError('must pass gitlab_url')
+        if project_id is None:
+            raise ValueError('must pass project_id')

        self._gl = gitlab.Gitlab(gitlab_url, private_token=api_token)
        self._project = self._gl.projects.get(project_id)

    def getLastSuccessfulJob(self, ref, name):
-        pipelines = self._project.pipelines.list()
+        pipelines = self._project.pipelines.list(ref=ref, status='success')

        last_successful_job = None
+        print(pipelines)
        for pipeline in pipelines:
-            jobs = pipeline.jobs.list()
+            jobs = pipeline.jobs.list(scope='success')
            for job in jobs:
-                if job.ref == ref and job.attributes['name'] == name and job.attributes['status'] == 'success':
-                    if last_successful_job is not None:
-                        if job.attributes['id'] > last_successful_job.attributes['id']:
-                            last_successful_job = job
-                    else:
-                        last_successful_job = job
+                if job.attributes['name'] == name:
+                    return job

-        return last_successful_job
+        return None

    def downloadArtifact(self, job, sourcePath, destPath):
        job_id = job.attributes['id']
--- a/security-scanner/setup.py
+++ b/security-scanner/setup.py
@ -1,15 +1,11 @@
-try:
-    from setuptools import setup
-except ImportError:
-    from distutils.core import setup
+import setuptools

-config = {
-    'name': 'security_scanner',
-    'install_requires': [],
-    'packages': [
-        'security_scanner',
+setuptools.setup(
+    name='security_scanner',
+    version='1.2.0',
+    packages=setuptools.find_packages(),
+    install_requires=[
+        'python-gitlab==1.7.0',
+        'urllib3==1.24.1',
    ],
-    'scripts': ['bin/security-scanner']
-}
-
-setup(**config)
+)