Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 8.x] Add docker scan results to the RC comment #581

Merged
merged 1 commit into from
Feb 13, 2025
+132 −3
Merged

[Backport 8.x] Add docker scan results to the RC comment #581

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions resources/release/rc-details-template.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,3 +128,32 @@ _Check how to install [opensearch](https://opensearch.org/docs/latest/install-an
Thank you
</p>
</details>


<details><summary>OpenSearch Docker-Scan Results</summary>
<p>

[Workflow run](${OPENSEARCH_DOCKER_SCAN_URL})
<pre>
<code>

${OPENSEARCH_DOCKER_SCAN_RESULTS}

</code>
</pre>
</p>
</details>

<details><summary>OpenSearch-Dashboards Docker-Scan Results</summary>
<p>

[Workflow run](${OPENSEARCH_DASHBOARDS_DOCKER_SCAN_URL})
<pre>
<code>

${OPENSEARCH_DASHBOARDS_DOCKER_SCAN_RESULTS}

</code>
</pre>
</p>
</details>
17 changes: 17 additions & 0 deletions tests/jenkins/TestAddRcDetailsComment.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -221,6 +221,22 @@ class TestAddRcDetailsComment extends BuildPipelineTest {
helper.addShMock("""\n set -e\n set +x\n curl -s -XGET \"sample.url/opensearch-distribution-build-results/_search\" --aws-sigv4 \"aws:amz:us-east-1:es\" --user \"abc:xyz\" -H \"x-amz-security-token:sampleToken\" -H 'Content-Type: application/json' -d \"{\\"_source\\":\\"distribution_build_number\\",\\"sort\\":[{\\"distribution_build_number\\":{\\"order\\":\\"desc\\"}}],\\"size\\":1,\\"query\\":{\\"bool\\":{\\"filter\\":[{\\"match_phrase\\":{\\"component\\":\\"OpenSearch-Dashboards\\"}},{\\"match_phrase\\":{\\"rc\\":\\"true\\"}},{\\"match_phrase\\":{\\"version\\":\\"2.19.0\\"}},{\\"match_phrase\\":{\\"rc_number\\":\\"5\\"}}]}}}\" | jq '.'\n """) { script ->
return [stdout: osdRcDistributionNumberResponse, exitValue: 0]
}

helper.addShMock("""curl -s -XGET "https://build.ci.opensearch.org/blue/rest/organizations/jenkins/pipelines/distribution-build-opensearch/runs/10787/nodes/" | jq '.[] | select(.actions[].description? | contains("docker-scan")) | .actions[] | select(.description | contains("docker-scan")) | ._links.self.href'""") { script ->
return [stdout: '/blue/rest/organizations/jenkins/pipelines/docker-scan/runs/4439/', exitValue: 0]
}

helper.addShMock("""curl -s -XGET "https://build.ci.opensearch.org/blue/rest/organizations/jenkins/pipelines/docker-scan/runs/4439/" | jq -r '._links.artifacts.href'""") { script ->
return [stdout: '/blue/rest/organizations/jenkins/pipelines/docker-scan/runs/4439/artifacts/', exitValue: 0]
}

helper.addShMock("""curl -s -XGET "https://build.ci.opensearch.org/blue/rest/organizations/jenkins/pipelines/docker-scan/runs/4439/artifacts/" | jq -r '.[] | select(.name | endswith(".txt")) | .url'""") { script ->
return [stdout: '/job/docker-scan/4439/artifact/scan_docker_image.txt', exitValue: 0]
}

helper.addShMock('curl -s -XGET "https://build.ci.opensearch.org/job/docker-scan/4439/artifact/scan_docker_image.txt"') { script ->
return [stdout: 'Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0))', exitValue: 0]
}
}

@Test
Expand All @@ -239,6 +255,7 @@ class TestAddRcDetailsComment extends BuildPipelineTest {
assertThat(fileContent, containsString("OpenSearch 10787 and OpenSearch-Dashboards 8260 is ready for your test."))
assertThat(fileContent, containsString("image: opensearchstaging/opensearch:2.19.0.1078"))
assertThat(fileContent, containsString("image: opensearchstaging/opensearch-dashboards:2.19.0.8260"))
assertThat(fileContent, containsString("Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)"))
}

def getCommands(method, text) {
Expand Down
44 changes: 44 additions & 0 deletions tests/jenkins/jobs/AddRcDetailsComment.jenkinsFile.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,17 @@
set +x
curl -s -XGET "sample.url/opensearch-distribution-build-results/_search" --aws-sigv4 "aws:amz:us-east-1:es" --user "abc:xyz" -H "x-amz-security-token:sampleToken" -H 'Content-Type: application/json' -d "{\"_source\":\"distribution_build_number\",\"sort\":[{\"distribution_build_number\":{\"order\":\"desc\"}}],\"size\":1,\"query\":{\"bool\":{\"filter\":[{\"match_phrase\":{\"component\":\"OpenSearch-Dashboards\"}},{\"match_phrase\":{\"rc\":\"true\"}},{\"match_phrase\":{\"version\":\"2.19.0\"}},{\"match_phrase\":{\"rc_number\":\"5\"}}]}}}" | jq '.'
, returnStdout=true})
addRcDetailsComment.sh({script=curl -s -XGET "https://build.ci.opensearch.org/blue/rest/organizations/jenkins/pipelines/distribution-build-opensearch/runs/10787/nodes/" | jq '.[] | select(.actions[].description? | contains("docker-scan")) | .actions[] | select(.description | contains("docker-scan")) | ._links.self.href', returnStdout=true})
addRcDetailsComment.sh({script=curl -s -XGET "https://build.ci.opensearch.org/blue/rest/organizations/jenkins/pipelines/docker-scan/runs/4439/" | jq -r '._links.artifacts.href', returnStdout=true})
addRcDetailsComment.sh({script=curl -s -XGET "https://build.ci.opensearch.org/blue/rest/organizations/jenkins/pipelines/docker-scan/runs/4439/artifacts/" | jq -r '.[] | select(.name | endswith(".txt")) | .url', returnStdout=true})
addRcDetailsComment.sh({script=curl -s -XGET "https://build.ci.opensearch.org/job/docker-scan/4439/artifact/scan_docker_image.txt", returnStdout=true})
addRcDetailsComment.sh({script=curl -s -XGET "https://build.ci.opensearch.org/blue/rest/organizations/jenkins/pipelines/distribution-build-opensearch-dashboards/runs/8260/nodes/" | jq '.[] | select(.actions[].description? | contains("docker-scan")) | .actions[] | select(.description | contains("docker-scan")) | ._links.self.href', returnStdout=true})
addRcDetailsComment.sh({script=curl -s -XGET "https://build.ci.opensearch.orgbbb
ccc" | jq -r '._links.artifacts.href', returnStdout=true})
addRcDetailsComment.sh({script=curl -s -XGET "https://build.ci.opensearch.orgbbb
ccc" | jq -r '.[] | select(.name | endswith(".txt")) | .url', returnStdout=true})
addRcDetailsComment.sh({script=curl -s -XGET "https://build.ci.opensearch.orgbbb
ccc", returnStdout=true})
addRcDetailsComment.libraryResource(release/rc-details-template.md)
addRcDetailsComment.writeFile({file=rc-details-comment-body.md, text=## See OpenSearch RC 5 and OpenSearch-Dashboards RC 5 details
<details><summary>OpenSearch 5 and OpenSearch-Dashboards 5 details</summary>
Expand Down Expand Up @@ -179,6 +190,39 @@ _Check how to install [opensearch](https://opensearch.org/docs/latest/install-an
Thank you
</p>
</details>


<details><summary>OpenSearch Docker-Scan Results</summary>
<p>

[Workflow run](https://build.ci.opensearch.org/job/docker-scan/4439/artifact/scan_docker_image.txt)
<pre>
<code>

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0))

</code>
</pre>
</p>
</details>

<details><summary>OpenSearch-Dashboards Docker-Scan Results</summary>
<p>

[Workflow run](https://build.ci.opensearch.orgbbb
ccc)
<pre>
<code>


bbb
ccc


</code>
</pre>
</p>
</details>
})
addRcDetailsComment.usernamePassword({credentialsId=jenkins-github-bot-token, passwordVariable=GITHUB_TOKEN, usernameVariable=GITHUB_USER})
addRcDetailsComment.withCredentials([[GITHUB_USER, GITHUB_TOKEN]], groovy.lang.Closure)
Expand Down
45 changes: 42 additions & 3 deletions vars/addRcDetailsComment.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ void call(Map args = [:]) {
def opensearchDashboardsRcNumber
def opensearchRcBuildNumber
def opensearchDashboardsRcBuildNumber
def releaseIssueUrl
String releaseIssueUrl

if (version.isEmpty()){
error('version is required to get RC details.')
Expand All @@ -47,14 +47,20 @@ void call(Map args = [:]) {
}
}

def opensearchScanResults = getDockerScanResult('OpenSearch', opensearchRcBuildNumber)
def opensearchDashboardsScanResults = getDockerScanResult('OpenSearch-Dashboards', opensearchDashboardsRcBuildNumber)

def rcValues = [
VERSION: version,
OPENSEARCH_RC_NUMBER: opensearchRcNumber,
OPENSEARCH_DASHBOARDS_RC_NUMBER: opensearchDashboardsRcNumber,
OPENSEARCH_RC_BUILD_NUMBER: opensearchRcBuildNumber,
OPENSEARCH_DASHBOARDS_RC_BUILD_NUMBER: opensearchDashboardsRcBuildNumber
OPENSEARCH_DASHBOARDS_RC_BUILD_NUMBER: opensearchDashboardsRcBuildNumber,
OPENSEARCH_DOCKER_SCAN_RESULTS: opensearchScanResults.dockerScanResult,
OPENSEARCH_DASHBOARDS_DOCKER_SCAN_RESULTS: opensearchDashboardsScanResults.dockerScanResult,
OPENSEARCH_DOCKER_SCAN_URL: opensearchScanResults.dockerScanUrl,
OPENSEARCH_DASHBOARDS_DOCKER_SCAN_URL: opensearchDashboardsScanResults.dockerScanUrl
]
println('Retrieved values: '+ rcValues)

try {
// Check for null or empty values
Expand Down Expand Up @@ -92,3 +98,36 @@ void call(Map args = [:]) {
)
}
}

def getDockerScanResult(String component, def distributionRcBuildNumber) {
println('Getting docker scan results')
String buildJobName = ''
String JENKINS_BASE_URL = 'https://build.ci.opensearch.org'
String BLUE_OCEAN_URL = 'blue/rest/organizations/jenkins/pipelines'
if(component == 'OpenSearch') {
buildJobName = 'distribution-build-opensearch'
} else if(component == 'OpenSearch-Dashboards') {
buildJobName = 'distribution-build-opensearch-dashboards'
} else {
error("Invalid component name: ${component}. Valid values: OpenSearch, OpenSearch-Dashboards")
}
String dockerScanUrl = sh (
script: "curl -s -XGET \"${JENKINS_BASE_URL}/${BLUE_OCEAN_URL}/${buildJobName}/runs/${distributionRcBuildNumber}/nodes/\" | jq '.[] | select(.actions[].description? | contains(\"docker-scan\")) | .actions[] | select(.description | contains(\"docker-scan\")) | ._links.self.href'",
returnStdout: true
).trim()
String artifactsUrl = sh(
script: "curl -s -XGET \"${JENKINS_BASE_URL}${dockerScanUrl}\" | jq -r '._links.artifacts.href'",
returnStdout: true
).trim()
String dockerTxtScanUrl = sh(
script: "curl -s -XGET \"${JENKINS_BASE_URL}${artifactsUrl}\" | jq -r '.[] | select(.name | endswith(\".txt\")) | .url'",
returnStdout: true
).trim()
String fullDockerTxtScanUrl = "${JENKINS_BASE_URL}${dockerTxtScanUrl}"
// Do not trim as it messes the text table.
String dockerScanResult = sh(
script: "curl -s -XGET \"${fullDockerTxtScanUrl}\"",
returnStdout: true
)
return [dockerScanUrl: fullDockerTxtScanUrl, dockerScanResult: dockerScanResult]
}
Loading