Merge pull request #132 from devtron-labs/release-candidate-v0.28.0

sync: Release candidate v0.28.0

Author: vikramdevtron

chart-sync/Dockerfile

@@ -1,22 +1,25 @@
 FROM golang:1.22 AS build-env
 
-RUN apt update
-RUN apt install git gcc musl-dev make -y
-RUN go install github.com/google/wire/cmd/wire@latest
+RUN apt update && \
+	apt install git gcc musl-dev make -y && \
+	go install github.com/google/wire/cmd/wire@latest
 
 WORKDIR /go/src/github.com/devtron-labs/chart-sync
+
 ADD . /go/src/github.com/devtron-labs/chart-sync
+
 RUN GOOS=linux make
 
 FROM ubuntu
-RUN apt update
-RUN apt install ca-certificates -y
-RUN apt clean autoclean
-RUN apt autoremove -y && rm -rf /var/lib/apt/lists/*
-COPY --from=build-env  /go/src/github.com/devtron-labs/chart-sync/chart-sync .
-
-RUN useradd -ms /bin/bash devtron
-RUN chown -R devtron:devtron ./chart-sync
+
+RUN apt update && \
+	apt install ca-certificates -y && \
+	apt clean autoclean && \
+	apt autoremove -y && rm -rf /var/lib/apt/lists/* && \
+	useradd -ms /bin/bash devtron
+
+COPY --chown=devtron:devtron --from=build-env  /go/src/github.com/devtron-labs/chart-sync/chart-sync .
+
 USER devtron
 
 CMD ["./chart-sync"]

chart-sync/go.mod

@@ -5,7 +5,7 @@ go 1.22.4
 toolchain go1.22.6
 
 replace (
-	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250122120743-f9dc0038c36a
+	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250127104410-85d6bfe0b45f
 	helm.sh/helm/v3 v3.14.3 => github.com/devtron-labs/helm/v3 v3.14.1-0.20240401080259-90238cf69e42
 )
 

chart-sync/go.sum

@@ -54,8 +54,8 @@ github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250122120743-f9dc0038c36a h1:KKPEVBfa4sXptJc/0ZVWcxePI/JNtzQl0ugnwTePvgk=
-github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250122120743-f9dc0038c36a/go.mod h1:1QJJLpgJSkb5Jm9xPeKAk+kXb0QgBOOOgJj0cgYhAVA=
+github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250127104410-85d6bfe0b45f h1:4wUbt+83DmpZFqYS69CJxNtBpSuCb58UwqOrWsZG82s=
+github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250127104410-85d6bfe0b45f/go.mod h1:1QJJLpgJSkb5Jm9xPeKAk+kXb0QgBOOOgJj0cgYhAVA=
 github.com/devtron-labs/helm/v3 v3.14.1-0.20240401080259-90238cf69e42 h1:pJmK44QaSztOiZe0iQHNf0sdy5KwkAeceydyhOG4RaY=
 github.com/devtron-labs/helm/v3 v3.14.1-0.20240401080259-90238cf69e42/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=

chart-sync/vendor/github.com/devtron-labs/common-lib/utils/CommonUtils.go

@@ -93,7 +93,7 @@ github.com/containerd/platforms
 # github.com/davecgh/go-spew v1.1.1
 ## explicit
 github.com/davecgh/go-spew/spew
-# github.com/devtron-labs/common-lib v0.0.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250122120743-f9dc0038c36a
+# github.com/devtron-labs/common-lib v0.0.0 => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250127104410-85d6bfe0b45f
 ## explicit; go 1.21
 github.com/devtron-labs/common-lib/fetchAllEnv
 github.com/devtron-labs/common-lib/git-manager/util
@@ -790,4 +790,4 @@ sigs.k8s.io/structured-merge-diff/v4/value
 # sigs.k8s.io/yaml v1.3.0
 ## explicit; go 1.12
 sigs.k8s.io/yaml
-# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250122120743-f9dc0038c36a
+# github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250127104410-85d6bfe0b45f

chart-sync/vendor/github.com/devtron-labs/common-lib/utils/FileUtil.go

@@ -1,38 +1,46 @@
-####--------------
 FROM golang:1.21-alpine3.18  AS build-env
 
-RUN apk add --no-cache git gcc musl-dev
-RUN apk add --update make
+RUN apk add --no-cache git gcc musl-dev && \
+    apk add --update make
 
 WORKDIR /go/src/github.com/devtron-labs/cirunner
-ADD . /go/src/github.com/devtron-labs/cirunner/
+
+# ADD . /go/src/github.com/devtron-labs/cirunner/
 COPY . .
+
 # Build the binary
 RUN CGO_ENABLED=0 GOOS=linux go build -buildvcs=false -a -installsuffix cgo -o /go/bin/cirunner
 
 FROM docker:20.10.24-dind
 # All these steps will be cached
 #RUN apk add --no-cache ca-certificates
-RUN apk update && apk add --no-cache --virtual .build-deps && apk add bash && apk add make && apk add curl && apk add git && apk add zip && apk add jq
-RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime
-RUN apk -Uuv add groff less python3 py3-pip
-RUN pip3 install awscli
-RUN apk --purge -v del py-pip
-RUN rm /var/cache/apk/*
+
+RUN apk update && apk add --no-cache --virtual .build-deps && apk add bash && apk add make && apk add curl && apk add git && apk add zip && apk add jq && \
+    ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime && \
+    apk -Uuv add groff less python3 py3-pip && \
+    pip3 install awscli && \
+    apk --purge -v del py-pip && \
+    rm /var/cache/apk/*
+
 COPY --from=docker/compose:latest /usr/local/bin/docker-compose /usr/bin/docker-compose
 
-COPY ./buildpack.json /buildpack.json
-COPY ./git-ask-pass.sh /git-ask-pass.sh
-RUN chmod +x /git-ask-pass.sh
+COPY ./buildpack.json ./git-ask-pass.sh /
+# COPY ./git-ask-pass.sh /git-ask-pass.sh
 
-RUN (curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.27.0/pack-v0.27.0-linux.tgz" | tar -C /usr/local/bin/ --no-same-owner -xzv pack)
+RUN chmod +x /git-ask-pass.sh && \
+    (curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.27.0/pack-v0.27.0-linux.tgz" | tar -C /usr/local/bin/ --no-same-owner -xzv pack)
 
 COPY --from=build-env /go/bin/cirunner .
+
 COPY ./ssh-config /root/.ssh/config
-RUN chmod 644 /root/.ssh/config
-RUN mkdir -p /etc/docker
+
+RUN chmod 644 /root/.ssh/config && \
+    mkdir -p /etc/docker && \
+    mkdir -p /root/.docker/buildx
+
 COPY docker-daemon.json /etc/docker/daemon.json
-RUN mkdir -p /root/.docker/buildx
+
+
 COPY buildkitd.default.toml /root/.docker/buildx/buildkitd.default.toml
 
 # passing PARENT_MODE as argument to cirunner as default behavior

chart-sync/vendor/github.com/devtron-labs/common-lib/utils/bean/bean.go

@@ -1,11 +1,12 @@
-####--------------
 FROM golang:1.21-alpine3.18  AS build-env
 
-RUN apk add --no-cache git gcc musl-dev
-RUN apk add --update make
+RUN apk add --no-cache git gcc musl-dev && \
+    apk add --update make
 
 WORKDIR /go/src/github.com/devtron-labs/cirunner
+
 ADD . /go/src/github.com/devtron-labs/cirunner/
+
 COPY . .
 # Build the binary
 RUN CGO_ENABLED=0 GOOS=linux go build -buildvcs=false -a -installsuffix cgo -o /go/bin/cirunner
@@ -14,24 +15,26 @@ RUN CGO_ENABLED=0 GOOS=linux go build -buildvcs=false -a -installsuffix cgo -o /
 FROM docker:27.3-dind
 # All these steps will be cached
 #RUN apk add --no-cache ca-certificates
-RUN apk update && apk add --no-cache --virtual .build-deps && apk add bash && apk add make && apk add curl && apk add git && apk add zip && apk add jq
-RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime
-RUN apk -Uuv add groff less python3 py3-pip pipx
-RUN pipx ensurepath && pipx install awscli
-RUN cp /root/.local/bin/aws* /usr/local/bin
-RUN apk --purge -v del py-pip
-RUN rm /var/cache/apk/*
+
+RUN apk update && apk add --no-cache --virtual .build-deps && apk add bash && apk add make && apk add curl && apk add git && apk add zip && apk add jq && \
+    ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime && \
+    apk -Uuv add groff less python3 py3-pip pipx && \
+    pipx ensurepath && pipx install awscli && \
+    cp /root/.local/bin/aws* /usr/local/bin && \
+    apk --purge -v del py-pip && \
+    rm /var/cache/apk/*
+
 COPY --from=docker/compose:1.29.2 /usr/local/bin/docker-compose /usr/bin/docker-compose
 
-COPY ./buildpack.json /buildpack.json
-COPY ./git-ask-pass.sh /git-ask-pass.sh
-RUN chmod +x /git-ask-pass.sh
+COPY ./buildpack.json /git-ask-pass.sh /
 
-RUN (curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.27.0/pack-v0.27.0-linux.tgz" | tar -C /usr/local/bin/ --no-same-owner -xzv pack)
+# COPY ./git-ask-pass.sh /git-ask-pass.sh
+RUN chmod +x /git-ask-pass.sh && \
+    (curl -sSL "https://github.com/buildpacks/pack/releases/download/v0.27.0/pack-v0.27.0-linux.tgz" | tar -C /usr/local/bin/ --no-same-owner -xzv pack)
 
 COPY --from=build-env /go/bin/cirunner .
 COPY ./ssh-config /root/.ssh/config
 RUN chmod 644 /root/.ssh/config
 
 # passing PARENT_MODE as argument to cirunner as default behavior
-ENTRYPOINT ["./cirunner", "PARENT_MODE"]
+ENTRYPOINT ["./cirunner", "PARENT_MODE"]

chart-sync/vendor/modules.txt

@@ -75,7 +75,7 @@ func (impl *StageExecutorImpl) RunCiCdSteps(stepType helper.StepType, ciCdReques
 
 		if stageInfoLoggingRequired {
 			log.Println(util.DEVTRON, "stage logging required")
-			err = util.ExecuteWithStageInfoLog(step.Name, executeStep)
+			err = util.ExecuteWithStageInfoLog(helper.GetPrePostStageDisplayName(step.Name, stepType), executeStep)
 		} else {
 			log.Println(util.DEVTRON, "stage logging not required")
 			err = executeStep()
@@ -144,6 +144,9 @@ func (impl *StageExecutorImpl) RunCiCdStep(stepType helper.StepType, ciCdRequest
 	var vars []*commonBean.VariableObject
 	if stepType == helper.STEP_TYPE_REF_PLUGIN {
 		vars, err = deduceVariables(step.InputVars, scriptEnvVariables, nil, nil, stageVariable)
+	} else if stepType == helper.STEP_TYPE_SCANNING {
+		// only global variables are supported here in image scanning step
+		vars, err = deduceVariables(step.InputVars, scriptEnvVariables, nil, nil, nil)
 	} else {
 		log.Printf("running step : %s\n", step.Name)
 		if stepType == helper.STEP_TYPE_PRE {

ci-runner/Dockerfile

@@ -17,6 +17,8 @@
 package adaptor
 
 import (
+	bean2 "github.com/devtron-labs/ci-runner/executor/stage/bean"
+	util2 "github.com/devtron-labs/ci-runner/executor/util"
 	"github.com/devtron-labs/ci-runner/helper"
 	"github.com/devtron-labs/common-lib/constants"
 	"github.com/devtron-labs/common-lib/imageScan/bean"
@@ -42,3 +44,14 @@ func GetImageScanEvent(dest, digest string, commonWorkflowRequest *helper.Common
 		ImageScanRetryDelay: commonWorkflowRequest.ImageScanRetryDelay,
 	}
 }
+func GetImageScannerExecutorBean(ciCdRequest *helper.CiCdTriggerEvent, scriptEnvs *util2.ScriptEnvVariables, refStageMap map[int][]*helper.StepObject, metrics *helper.CIMetrics, artifactUploaded bool, dest string, digest string) *bean2.ImageScanningExecutorBean {
+	return &bean2.ImageScanningExecutorBean{
+		CiCdRequest:      ciCdRequest,
+		ScriptEnvs:       scriptEnvs,
+		RefStageMap:      refStageMap,
+		Metrics:          metrics,
+		ArtifactUploaded: artifactUploaded,
+		Dest:             dest,
+		Digest:           digest,
+	}
+}

ci-runner/Dockerfile-v27

@@ -0,0 +1,7 @@
+package helper
+
+import util2 "github.com/devtron-labs/ci-runner/executor/util"
+
+func SetKeyValueInGlobalSystemEnv(scriptEnvs *util2.ScriptEnvVariables, key, value string) {
+	scriptEnvs.SystemEnv[key] = value
+}

ci-runner/executor/StageExecutor.go

@@ -16,9 +16,28 @@
 
 package bean
 
+import (
+	util2 "github.com/devtron-labs/ci-runner/executor/util"
+	"github.com/devtron-labs/ci-runner/helper"
+)
+
 const (
 	ExternalCiArtifact = "externalCiArtifact"
 	ImageDigest        = "imageDigest"
 	UseAppDockerConfig = "useAppDockerConfig"
 	CiProjectDetails   = "ciProjectDetails"
 )
+const (
+	DigestGlobalEnvKey     = "DIGEST"
+	ScanToolIdGlobalEnvKey = "SCAN_TOOL_ID"
+)
+
+type ImageScanningExecutorBean struct {
+	CiCdRequest      *helper.CiCdTriggerEvent
+	ScriptEnvs       *util2.ScriptEnvVariables
+	RefStageMap      map[int][]*helper.StepObject
+	Metrics          *helper.CIMetrics
+	ArtifactUploaded bool
+	Dest             string
+	Digest           string
+}